electronic medical records

How to Build a Blockchain for Medical Records Application?

Estimated read time: 10 minutes

I will now take you through the steps to develop an EMR system secured by blockchain. These steps are as follows:

1. Define your project scope

My recommendation is that you target the following two broad scope areas:

  • Secure EMRs with blockchain;
  • Facilitate authorized access by healthcare providers and patients to these secure EMRs.

Within these broader scope areas, you will obviously need to incorporate common EMR system features like user interface (UI), EMR workflow, etc.

2. Formulate a project approach

Considering the need to protect PHIs from prying eyes, yet facilitating seamless access to authorize stakeholders, I recommend the following approach:

  • Use Hyperledger Fabric with its access control and data privacy to secure EMRs.
  • Implement an Ethereum “Decentralized app” (DApp) to facilitate seamless transactions. DApps are open-source web apps with the following characteristics:
    • The front-end can be coded in any language, however, the backend must consist of smart contracts.
    • DApps have their user communities. These apps require cryptographic tokens, run on decentralized blockchains, and store data on that blockchain.
    • User community must reach consensus before a DApps undergoes changes, and no user can control the majority of tokens. We have covered DApps in “How to convert web app Into a Dapp”.

3. Form a project team

Your project team should have the following roles:

  • Business analysts (BAs);
  • UI designers;
  • Web front-end developers;
  • Hyperledger Fabric developers;
  • Ethereum developers with Solidity skills;
  • Testers;
  • A project manager (PM).

4. Study a similar blockchain EMR project

Studying a blockchain EMR project will help with your development efforts. Let’s review Medicalchain, which secures EMRs with the help of blockchain. The following quick facts are relevant here:

  • In addition to securing EMRs using blockchain, Medicalchain allows healthcare providers to access EMRs based on permissions.
  • Patients and healthcare providers like doctors, hospitals, laboratories, etc. can view EMRs. They can record their various transactions concerning EMRs on the blockchain.
  • Medicalchain uses two blockchains. One is built on Hyperledger Fabric, and this one secures EMRs.
  • The other is an Ethereum-based network, which allows seamless access to authorized stakeholders. MedicalChain uses their MedTokens (MTNs) to facilitate transactions on this blockchain.

Read more about Medicalchain in “Medicalchain — the future of healthcare.”. You can view their smart contracts and their APIs in the Medicalchain GitHub repository.

5. Sign-up for a Hyperledger Fabric “Blockchain as a Service”

You will use Hyperledger Fabric, or Fabric as it’s commonly called, to secure EMRs. Fabric has many advantages, e.g.:

  • Fabric allows access control since it’s a permissioned blockchain framework.
  • It enables developers to write “chaincodes”, i.e., smart contracts in Fabric parlance.
  • This framework uses pluggable components like consensus algorithms.
  • Fabric uses channels for confidential information.
  • It offers high scalability.
  • It has hardware security features for digital signatures, which is useful for applications that require higher security.
  • I have explained the advantages of Fabric in “Pros and cons of Hyperledger Fabric for blockchain networks”.

Keep in mind that Fabric is an open-source framework for enterprise blockchain, and you still need to build a blockchain network using it. That can be tricky, since you need to manage the hardware infrastructure, networking, etc. The good news is that you can use “Blockchain as a Service” (BaaS) to expedite this.


Get a complimentary discovery call and a free ballpark estimate for your project

Trusted by 100x of startups and companies like

BaaS providers manage the infrastructure, networking, etc., therefore, you can focus on development. Here, I recommend that you use “IBM Blockchain Platform”, the BaaS offering from IBM. There are several advantages to it, e.g.:

  • It’s a fully managed solution, with guaranteed uptime and 24×365 support.
  • IBM blockchain platform provides you with the required development tools.
  • All Fabric features like channels, pluggable consensus algorithm, etc. are available to you.
  • This platform uses Kubernetes for orchestration, therefore, deploying your app is easy.

Your UI design team can go ahead with the front-end design and development just as they would do for any web app development project. We suggest you use JavaScript and JavaScript-based frameworks/libraries to develop the front-end. Many developers know JavaScript, therefore, you can find programmers easily. The blockchain development team will need to work on the two blockchain apps. Let’s start with the app on Fabric.

6. Use the right “Software Development Kit” (SDK)

Fabric and IBM blockchain platform let you develop your app using Node.js, the popular open-source runtime environment. Many developers know it, therefore, I recommend that you use it in this project. Fabric has a Node.js SDK, offering the following advantages:

  • There is an API solution to communicate with the Fabric blockchain network.
  • The SDK enables user registration, user revocation, monitoring events, chaincode installation, transaction submission, network configuration, channel creation, etc.
  • There is excellent documentation for the SDK.
  • Programmers can access comprehensive guides to develop Hyperledger Fabric applications.

7. Develop the app to secure EMRs on Fabric

Now that you have studied the Medicalchain project, you can proceed with creating your app to secure EMRs on Fabric. This involves the following steps:

  • Deploy IBM blockchain platform following instructions in “Getting started with IBM Blockchain Platform”.
  • Use cURL to download Fabric sample code, using this guide.
  • You need to install Node.js runtime environment and NPM. Your team can find the required instructions here.
  • Fabric provides a rich repository of sample projects, and here’s the instruction to download them.
  • Find projects relevant to you. Review the chaincodes for those projects by following the “getting started” guide mentioned above.
  • You can now develop the app using the Node.js SDK.
  • Adding network API endpoints to the app is the next step.
  • Enroll your app, which generates a client-side certificate. Use that to register your app.

Read “Creating Applications”, a guide provided by the IBM Blockchain Platform for more information.

You have just developed the app to secure EMRs on Fabric, and now it’s time to start the Ethereum DApp development.

8. Create an Ethereum account, and buy Ether

You will need Ether, the native cryptocurrency of Ethereum to deploy the DApp. This involves the following steps:

  • Use MetaMask, a crypto wallet. It’s available as a browser extension and mobile app. Download MetaMask. You can create a new account by following the instructions on the MetaMask website.
  • Buy Ether: Buy Ether from Coinbase, a popular crypto exchange.

9. Install Ethereum development tools

The next step is to install the following Ethereum development tools:

  • Ganache: This is a blockchain client. Ganache is part of the Truffle suite of tools. Ethereum blockchain developers use Ganache to execute commands and run tests. Programmers can refer to the extensive Ganache documentation for guidance.

  • Truffle suite: The Truffle suite is a popular set of tools for Ethereum blockchain development. Ethereum developers use the development environment and testing framework offered by Truffle. They use this to deploy Ethereum smart contracts. A key advantage of the Truffle suite is the comprehensive Truffle documentation that can be accessed via its website. Simply create a password, and secure the 12-word private seed.

  • Web3.js: Web3.js is an Ethereum JavaScript API, furthermore, it’s also a collection of important libraries. Software engineers use it for communicating with a local or remote Ethereum node. The extensive Web3.js documentation helps to install and configure it.

10. Configure the Ethereum development tools

You need to complete the following configuration actions:

  • Open Ganache and start an instance.
  • Configure the “aconfig.js” so that you can use Webs.js.
  • Modify your “config.js” file with the private and public keys from your eth-lightwallet account. You can get instructions for these configuration actions in “Getting started as an Ethereum web developer”. Let’s refer to this as the “reference article 1”.
  • You will need to test Ethereum smart contracts, by using Ropsten, an Ethereum test network. You need to connect MetaMask to Ropsten. MetaMask points to Ethereum mainnet by default, therefore, you need to point it to Ropsten instead. Read “Ultimate guide to convert a web app to a decentralized app Dapp” for detailed guidance. We will refer to this in the future as the “reference article 2”.

11. Code Ethereum smart contracts

Now that you have studied Medicalchain, you, no doubt, have refined and added to your great ideas. Code your smart contracts as follows:

  • Use Solidity, the popular Ethereum smart contract development language.
  • Code smart contracts in Remix, an “Integrated Development Environment” (IDE) for smart contract development.

12. Test and deploy smart contracts

Test and deploy smart contracts as follows:

  • Get dummy Ether from MetaMask Ether Faucet.
  • Ensure that the MetaMask connection to Ropsten is still open.
  • Navigate the menu options on the Remix IDE. Deploy your smart contract to Ropsten. Confirm this action in MetaMask. Check out the “reference article 2” for guidance.
  • Test smart contracts.
  • Ensure that the testrpc instance is still active.
  • Navigate to your Truffle directory, and use the “truffle deploy” command to deploy the smart contract. Use the real Ether to pay the “gas price”.

Read “Blockchain software development using the Ethereum network” for more guidance.

Hire expert developers for your next project

62 Expert dev teams,
1,200 top developers
350+ Businesses trusted
us since 2016

13. Create crypto tokens for your DApp

You need to code, test, and deploy more smart contracts for creating a crypto token for the DApp. This involves the following steps:

  • Use the ERC20 token standard. Most wallets are compatible with this, and most DApps use this standard. Read “ERC20 token standard” to learn more about it.
  • Use the Ethereum DeFi development guide to create your crypto token.
  • Test and deploy these smart contracts.

14. Connect the smart contracts to the front-end of your DApp

Do the following to connect your smart contracts to the front-end of the DApp:

  • Open the front-end project in an IDE.
  • Create an empty file named “web3.min.js” within this project. This file will help you to connect the smart contracts with the front-end by using Web3.js.
  • Copy the “Web3 min code” from the Web3.js ChainSafe repository on GitHub.
  • Paste the code in the “web3.min.js” file and save it.
  • Import the file into your main project.

Check the “reference article 2” for more guidance with this.

15. Initialize the smart contracts

Initialize the smart contracts. You need to do the following for this:

15a. Obtain the contract ABI (Application Binary Interface)

ABI (Application Binary Interface) is a data encoding scheme. It’s used in Ethereum to communicate with smart contracts. Take the next steps to obtain the ABIs:

  • Go to the “compile” tab of the Remix IDE. View the ABI section. Copy the ABI information in a text file.
  • Note that ABI information is in the JSON format, and it has spaces. You need to remove these spaces. Use JSON minify to remove the spaces. Copy the output data.
  • Paste this data in the “const contractABI” variable in your code.

You can read the “reference article 2” if you need further guidance with this.

15b. Find the contract address

Go to the “Run” tab of the Remix IDE. View the contract address. Enter that in the variable named the “const contractAddress” in the code.

15c. Update the different functions of the app to use the corresponding smart contracts

The front-end of your DApp enables users to access different functions. Now, you need to connect those functions with the corresponding smart contracts. Connect them by taking the following steps:

  • Create contract instances for your smart contracts.
  • Update them with the corresponding “const contractABI” and “const contractAddress” variables.
  • Open the JavaScript file for a function that you want to update.
  • Modify the file to reflect the contract instance with the corresponding function.
  • You need to repeat this process for all the functions in your app.

Consult the “reference article 2” for more guidance.

This completes the Ethereum DApp development. Integrate it with the Fabric app, by using the Fabric app API endpoints.

Key considerations while using blockchain technology to secure medical data

Keep the following considerations in mind when developing a blockchain-based solution to secure medical information like EMR:

1. You need to keep abreast with the relevant research and developments

Plenty of research and development takes place on how to use blockchain for securing healthcare data. Securing personal health records is emerging as one of the key blockchain use cases along with supply chain assurance, cross-border payments, etc.

Check out the following examples:

Hire expert developers for your next project

Trusted by
  • A team of researchers consisting of Jin Sun, Lili Ren, Shangping Wang, and Xiaomin Yao described a blockchain-based framework for sharing EMRs. The DOI Foundation published this open-access and peer-reviewed research paper for all to read.
  • IEEE has published a research paper on a blockchain-based EMR for healthcare systems. A team of researchers contributed to this research.
  • Another research paper published on IEEE describes MedRec. It’s a blockchain-based system to manage access to personal health data. The researchers have explained how this system can provide big data to researchers. They described how patients and providers will be involved in this data-sharing process. Furthermore, they described how patients will have the choice to release metadata when providing datasets.     
  • Springer has published an open-access research paper describing the use of Hyperledger Fabric to ensure data security when it comes to patients’ records.  
  • There’s also another Springer publication that describes how blockchain can secure healthcare records in healthcare systems.
  • A research paper by a group of researchers explains how blockchain and IoT (Internet of Things) can improve patient care and public health information technology systems.

2. Think about the best blockchain solution to secure patient privacy

We can clearly see the value blockchain brings to the healthcare sector, e.g.:

  • Blockchain can bypass third parties thanks to decentralization.
  • Prominent blockchain networks like Bitcoin and Ethereum require users to digitally sign their transactions, which offers robust user authentication.
  • Blockchain makes data management easier.
  • Healthcare professionals and patients can have confidence in personal data stored on blockchain due to immutability.
  • The distributed data storage mechanism of blockchain makes it easier to share data.
  • The transaction validation process involves consensus algorithms like POW (Proof of Work). These algorithms keep hackers at bay. All transaction records have timestamps, and they are transparent. Manipulating such an open and decentralized network would be prohibitively expensive.

However, questions exist whether public blockchain networks like Bitcoin and Ethereum can fully comply with privacy requirements of key regulations like GDPR. Ironically, the strengths of blockchain might make compliance with GDPR hard! Consider the following:

  • GDPR mandates the confidentiality of sensitive information. However, Bitcoin and Ethereum are open to everyone.
  • You need to be able to delete data from the system to comply with the “right to erasure” mandated by GDPR. However, you can’t delete data on a blockchain.
  • GDPR mandates a “right to rectification”, which requires modification of data. Blockchain doesn’t allow that.

You need to choose the right kind of blockchain. Analyze thoroughly how to meet key privacy requirements.

3. Plan to address the complexities of a blockchain project

Blockchain projects can be complex due to the following reasons:

  • You need to work hard to ensure interoperability between different blockchain networks.
  • Blockchain application development can be hard. A growing ecosystem of development tools will make it easier in the future, however, this will take a while.
  • You might find it hard to hire skilled and experienced blockchain developers.
  • Public blockchain networks like Bitcoin and Ethereum face scalability issues.

Plan the project well. Start the hiring process early. Proactively look for scalability solutions like sidechain, off-chain transactions, etc.

Planning for an app to secure electronic medical records with blockchain?

As we have shown, securing EMRs with blockchain and facilitating seamless access to authorized stakeholders requires both enterprise and public blockchains. Such projects tend to be complex. Blockchain development skills are niche, and you need a really competent project manager with blockchain experience to manage such projects.

Consider getting help from a development partner. Read our guide “How to find the best software development company?” before you engage one.

If you find yourself without the expertise in your organization that you need to create your application then why not briefly descibe your project specifications to us at DevTeam.Space. A dedicated account manager will get in touch to answer any questions you might have and to show you how we can help.

Frequently Asked Questions

How is data secured in a Blockchain?

Blockchain data is secured by cryptography. All the data on a blockchain requires a unique keycode to access it.

How do I protect my electronic medical records?

A solution that is likely to change the game when it comes to EMRs is blockchain. It will allow decentralized storage of medical records so that they can be accessed anywhere and at any time. Records will be encrypted and won’t be under the control of any one authority.

What is the acronym given to the electronic medical health record?

EMR is the abbreviation for electronic medical records.


Alexey Semeney

Founder of DevTeam.Space

gsma fi band

Hire Alexey and His Team To Build a Great Product

Alexey is the founder of DevTeam.Space. He is award nominee among TOP 26 mentors of FI's 'Global Startup Mentor Awards'.

Alexey is Expert Startup Review Panel member and advices the oldest angel investment group in Silicon Valley on products investment deals.

Hire Expert Developers

Some of our projects

NewWave AI



United States

All backend All frontend Design WordPress

A website to publish AI research papers with members-only access and a newsletter.




FL, United States

Android iOS Java Mobile PHP Web Website

A complete rebuild and further extension of our client's web and mobile shipping system to allow it to serve 28 countries.

Keep It Simple Storage


Public Storage

United States

All backend Devops IoT Mobile Web

A B2B2C solution with Web, Mobile, and IoT-connected applications that aim to revolutionize the public storage industry.


Read about DevTeam.Space:


New Internet Unicorns Will Be Built Remotely


DevTeam.Space’s goal is to be the most well-organized solution for outsourcing


The Tricks To Hiring and Managing a Virtual Work Force

Business Insider

DevTeam.Space Explains How to Structure Remote Team Management

With love from Florida 🌴

Tell Us About Your Challenge & Get a Free Strategy Session

Hire Expert Developers
Get a complimentary discovery call and a free ballpark estimate for your project

Hundreds of startups and companies like Samsung, Airbus, NEC, and Disney rely on us to build great software products. We can help you too, by enabling you to hire and effortlessly manage expert developers.