Kysil, VolodymyrKysil, Tetiana2026-01-232026-01-232025Kysil V. Approach to a decentralized, physician-oriented ehr architecture with cryptographic protection / V. Kysil, T. Kysil // Computer Systems and Information Technologies. – 2025. – № 4. – P. 18-26.https://elar.khmnu.edu.ua/handle/123456789/20493In modern Electronic Health Record (EHR) systems, electronic records play a primary role in storing examination data; however, classic centralized storage systems face challenges regarding security, privacy, and data availability. Centralized databases are vulnerable to cyberattacks, data leaks, and interoperability issues with other systems, threatening patient confidentiality as well as the efficiency and transparency of medical institutions. In the specific case of a distributed network architecture where servers may operate autonomously without constant internet connectivity, decentralized solutions are required that combine cryptographic protection with ease of use for medical personnel. Physician-centric systems allow for workflow optimization in institutions where doctors collaborate within a trusted environment, while adhering to ethical standards of transparency for patients. The objective is to create a flexible, autonomous platform that ensures cryptographic data protection through envelope encryption with combined Data Encryption Keys (DEK), server key rotation, and hash chains for modification detection. The system supports profile migration between nodes, the exchange of signed data between physicians, and resource optimization by offloading completed records to a registry node. The primary focus is on patient transparency: any data decryption must be accompanied by a notification to the patient via an active notification system; if the notification system is unavailable, the decryption operation is not performed. Consequently, data decryption is logged (identifying the entity performing the decryption) for future reference. The system workflow begins with the creation of a patient profile on the physician’s local node, where data is encrypted using a combined DEK (static user key + daily node key). Hash chains ensure file integrity, preventing undetected changes, while two differently encrypted copies of the key allow for access recovery by an administrator. This makes the system resilient to failures, with minimal requirements for users, maintaining a balance between efficiency for medical personnel and patient rights regarding access information, data access, and data portability. Performance evaluation of the proposed architecture demonstrates that the storage overhead for cryptographic metadata is approximately 248 bytes per user profile (server-encrypted key, user-encrypted key, key-encrypted identifier, creation time; the size of encrypted data depends on the algorithm) and 40 bytes (SHA-256 standard + timestamp) per record to ensure cryptographic linkage. This is a negligible amount (<0.001%) compared to the volume of medical data (up to 32 MB per record with images). The absence of a need for global consensus (unlike blockchain solutions) ensures simple O(1) write operations, guaranteeing high performance even on resource-constrained hardware. Efficiency assessment indicates that the architecture adds minimal overhead: only a slight increase in size and access time within the constraints. Thanks to the local consensus model, the system does not require network synchronization, ensuring O(1) write complexity and high speed even on personal devices without dedicated server hardware.enEHRdecentralized systemcryptographic protectionhash chainspatient data transparencyСтаття004.9