International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

MedSec: Secure Health Data Exchange

Gaurav Kumar SinghSr. Assistant Professor, School of Computer Science Engineering and Applications, D.Y. Patil International University, Pune, IndiaSaqib Nasir KhanStudent, School of Computer Science Engineering and Applications, D.Y. Patil International University, Pune, IndiaNayan Rajesh MishraStudent, School of Computer Science Engineering and Applications, D.Y. Patil International University, Pune, India

Vol 10 No 5 (2026): Volume 10, Issue 5, May 2026 | Pages: 598-602

International Research Journal of Innovations in Engineering and Technology

OPEN ACCESS | Research Article | Published Date: 29-05-2026

doi Logo doi.org/10.47001/IRJIET/2026.105080

pdf iconFull Text PDF
Abstract

Health cloud infrastructure used in rural and semi-rural areas faces significant cybersecurity problems. These challenges are made worse by fragmented electronic health records (EHRs) and poor security practices. EHR systems also have limited resources, which can cause significant difficulties in accessing medical care and creating secure records for those who need care. Current healthcare security architectures using computationally intensive methods, such as homomorphic encryption, blockchain EHR systems and multi-party ABAC frameworks, are not practical for environments without adequate resources. We are proposing MedSec Cloud: a lightweight and compliance-aware multi-tenant healthcare security framework that is able to be practically deployed on rural healthcare infrastructures. The architecture combines FastAPI-based cloud services with hybrid role-based access control (RBAC) and ABAC, AES-256 encrypted storage, JSON web token (JWT) authentication, behavioural anomaly detection, structured logging audits, and isolation between healthcare tenants. An experimental evaluation using synthetic workloads based on 15 healthcare institutions, 240 healthcare professionals, and 12,000 encrypted patient records yielded key findings: authentication latency 45 ms; encrypted retrieval latency 110 ms; anomaly detection with an F1-score of 0.93; throughput of 1,800 requests/min. A comparative analysis demonstrated lower operational overhead with similar levels of confidentiality and authorization than either OpenEMR or blockchain EHR frameworks, while also incorporating compliance with HIPAA, GDPR, and the Indian Data Protection and Digital Privacy (2023) Act.

Keywords

Healthcare Cybersecurity, Cloud Security, Electronic Health Records, RBAC, ABAC, AES-256, JWT Authentication, Healthcare Compliance, HIPAA, GDPR, DPDP Act, Anomaly Detection.


Citation of this Article

Gaurav Kumar Singh, Saqib Nasir Khan, & Nayan Rajesh Mishra. (2026). MedSec: Secure Health Data Exchange. International Research Journal of Innovations in Engineering and Technology - IRJIET, 10(5), 598-602. Article DOI https://doi.org/10.47001/IRJIET/2026.105080

Licence Copyright (c) 2026 International Research Journal of Innovations in Engineering and Technology creative common licence This work is licensed under Creative common Attribution Non Commercial 4.0 Internation Licence
References
M. Alshahrani, I. Traore, and I. Woungang, “Blockchain-based healthcare security frameworks for EHR integrity and access control,” IEEE Access, vol. 9, pp. 87,612–87,630, 2021.

T. Zhang, Y. He, and F. Chen, “Federated learning for privacy-preserving healthcare analytics,” Future Generation Computer Systems, vol. 128, pp. 362–374, Mar. 2022.

R. Kumar, P. Sharma, and A. Jain, “FHIR-based interoperable healthcare security systems: a systematic review,” Journal of Medical Systems, vol. 47, no. 1, pp. 1–18, Jan. 2023.

S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero trust architecture,” NIST Special Publication 800-207, National Institute of Standards and Technology, Gaithersburg, MD, 2020. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-207

U.S. Department of Health and Human Services, HIPAA Security Rule Guidance Material, Washington, DC, 2023. [Online]. Available: https://www.hhs.gov/hipaa/for-professionals/security

European Commission, GDPR Compliance Guide-lines for Healthcare Systems, Brussels, 2022. [Online]. Available: https://ec.europa.eu/info/law/law-topic/data-protection

Government of India, Digital Personal Data Protection Act 2023, Ministry of Electronics and Information Technology, New Delhi, 2023. [Online]. Available: https://meity.gov.in/writereaddata/files/Digital%20Personal%20Data% 20Protection%20Act%202023.pdf

OpenEMR Community, OpenEMR Documentation and Security Architecture Overview, version 7.0.2, 2024. [On-line]. Available: https://www.open-emr.org/ wiki/index.php/OpenEMR_Documentation

OWASP Foundation, OWASP API Security Top 10, 2023. [Online]. Available: https://owasp.org/ API-Security/

H. Takabi, J. B. D. Joshi, and G. Ahn, “Security and privacy challenges in cloud computing environments,” IEEE Security & Privacy, vol. 8, no. 6, pp. 24–31, Nov.–Dec. 2010.

Copyright @ 2026 IRJIET. All Right Reserved.

Licensed underCreative Commons Attribution 4.0 International License.