The digitization trend in healthcare has led to Electronic Health Records (EHRs) largely replacing traditional handwritten medical charts, granting physicians easy access to patients' past medical histories to aid diagnosis and vastly improving efficiency. However, medical records contain highly sensitive private information, and current EHR systems often compromise information security in their pursuit of efficiency. Although numerous proposals for secure EHR access control systems exist, many overlook the critical need for flexibility and real-time access inherent in the clinical healthcare environment.
To address this challenge, this study proposes a novel EHR access control system that integrates Blockchain, Hierarchical Attribute-Based Encryption (FH-CPABE), Trusted Execution Environment (TEE), and the InterPlanetary File System (IPFS). We introduce a Dual-Mode Masking Authorization Mechanism (Normal and Emergency) designed to ensure data security while specifically accommodating the demand for immediate access and system flexibility necessary during critical clinical rescue processes. Furthermore, the system utilizes Proxy Re-encryption technology to offload complex decryption computations, significantly reducing the burden on user devices and improving operational efficiency. All authorization decisions and operational histories are securely recorded on the Blockchain, thus achieving a vital balance among data protection, operational auditability and efficiency.