To address privacy risks and regulatory compliance challenges arising from the tight coupling of data storage and access control in Electronic Health Record (EHR) systems, this paper proposes a patient-centric on-chain/off-chain hybrid architecture. Sensitive clinical data—standardized and encrypted via FHIR—are stored off-chain (e.g., in AWS S3 or IPFS), while only cryptographic commitments, time-bound authorization signatures, and permission events are recorded on Ethereum (L1/L2). We innovatively leverage EIP-712 for auditable, fine-grained consent management and employ per-patient smart contracts to ensure cryptographically verifiable, immutable audit trails for permission changes. The design satisfies HIPAA/GDPR requirements for confidentiality, integrity, and auditability. Evaluation shows an average on-chain cost of 78,000 gas—reduced by 10–13× when deployed on L2—and end-to-end access latency of 0.7–1.4 seconds for 1 MB records, achieving both strong security guarantees and practical usability.

We present a patient-centric architecture for electronic health record (EHR) sharing that separates content storage from authorization and audit. Encrypted FHIR resources are stored off-chain; a public blockchain records only cryptographic commitments and patient-signed, time-bounded permissions using EIP-712. Keys are distributed via public-key wrapping, enabling storage providers to remain honest-but-curious without risking confidentiality. We formalize security goals (confidentiality, integrity, cryptographically attributable authorization, and auditability of authorization events) and provide a Solidity reference implementation deployed as single-patient contracts. On-chain costs for permission grants average 78,000 gas (L1), and end-to-end access latency for 1 MB records is 0.7--1.4s (mean values for S3 and IPFS respectively), dominated by storage retrieval. Layer-2 deployment reduces gas usage by 10--13x, though data availability charges dominate actual costs. We discuss metadata privacy, key registry requirements, and regulatory considerations (HIPAA/GDPR), demonstrating a practical route to restoring patient control while preserving security properties required for sensitive clinical data.