Electronic health record integrity verification and tamper-proof traceability system and method
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHENGDU WEIERKANG TECHNOLOGY CO LTD
- Filing Date
- 2026-04-15
- Publication Date
- 2026-06-19
AI Technical Summary
Existing technologies suffer from high computational overhead, lack fine-grained anti-tampering and traceability capabilities, and pose a high risk of privacy leakage in mobile electronic health record verification, thus failing to meet the security needs of resource-constrained terminals.
By employing a hierarchical multi-branch hash tree (HMHT) combined with zero-knowledge proof (zk-SNARK/STARK) algorithms, lightweight verification credentials are generated and fine-grained traceability is performed. Through collaborative verification by edge nodes and mobile devices, fast and privacy-preserving integrity proofs are achieved.
Significantly reduces mobile computing and power consumption, enables fine-grained tamper-proof traceability, improves user experience, and ensures selective disclosure of medical data and system robustness.
Smart Images

Figure CN122241776A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of medical and health information security and blockchain technology, and more specifically, to an electronic health record integrity verification and tamper-proof traceability system and method. Background Technology
[0002] With the rapid advancement of healthcare informatization, electronic health records (EHRs) have become the core carrier for recording patients' health information throughout their entire life cycle. In recent years, to facilitate patients' access to their personal medical records, test reports, and prescription information, major medical institutions have launched mobile applications (such as official hospital apps and WeChat mini-programs). However, the display and transfer of electronic health records on mobile devices face serious security challenges.
[0003] On the one hand, medical data is highly sensitive and privacy-sensitive, and its integrity is directly related to the accuracy of medical diagnoses and the safety of patients. In the event of a medical dispute, the electronic medical records displayed on the patient's mobile device are often required as electronic evidence. However, most existing medical information systems use centralized databases for storage, which are at risk of being maliciously tampered with by insiders or hackers, making it difficult for patients to prove the authenticity and integrity of their mobile medical records.
[0004] On the other hand, although academia and industry have proposed solutions for applying blockchain technology to prevent tampering of electronic health records in recent years, such as storing the hash value of medical records on the blockchain, these existing technological solutions have the following significant drawbacks when practically applied to patients' mobile devices: Mobile verification incurs significant computational overhead: Existing solutions typically require the verification device to download relevant medical record data blocks and recalculate hash values, or construct a massive Merkle tree for path verification. For resource-constrained mobile devices (such as smartphones), this full hash calculation leads to severe computational latency and power consumption when dealing with EHRs containing massive amounts of test data and high-resolution medical image reports.
[0005] Lack of fine-grained tamper-proofing and traceability capabilities: Existing blockchain-based tamper-proofing solutions mostly perform "file-level" or "block-level" integrity checks. Once a hash value mismatch is detected, the system can only indicate "the file has been tampered with," but it cannot pinpoint which specific record (such as blood test results from a specific date) was tampered with, nor can it trace the entity and time of the last legitimate modification of that field, leading to a break in the traceability chain of electronic evidence.
[0006] High risk of privacy breach: When sharing data across institutions or presenting proof of integrity to third parties (such as insurance claims agencies), traditional hash comparison schemes often require the provision of complete plaintext data for verification, which cannot achieve "selective disclosure" and can easily lead to the leakage of patient-irrelevant privacy data.
[0007] Therefore, designing an electronic health record integrity verification system that can adapt to the resource-constrained nature of mobile devices, provide fine-grained anti-tampering and precise location and traceability, and take into account privacy protection is a technical challenge that urgently needs to be solved in the field of medical information security. Summary of the Invention
[0008] The purpose of this invention is to overcome the shortcomings of the prior art and provide an electronic health record integrity verification and anti-tampering traceability system and method.
[0009] To achieve its objectives, the present invention employs the following technical solution: The first aspect of this invention provides a method for generating proof of the integrity of electronic health records, applied to edge nodes of medical institutions, comprising: Collect and integrate electronic health record data, construct a hierarchical multi-branch hash tree based on business logic, generate a root hash value, and send the root hash value to the blockchain for storage; Receive data requests from mobile devices to view specific medical records and retrieve the corresponding plaintext data; By calling a preset zero-knowledge proof algorithm model based on zk-SNARK or zk-STARK through the edge node processor, the hash value of the plaintext data and the latest root hash value recorded on the blockchain are used as common inputs, and the intermediate node path of the plaintext data in the hierarchical multi-branch hash tree is used as private witness input to calculate and generate a verification credential to characterize the integrity of the plaintext data. The plaintext data and the verification credential are sent to the mobile device for lightweight verification.
[0010] Preferably, the leaf node layer of the hierarchical multi-branch hash tree uses the underlying basic data fields of the electronic health record (i.e., the smallest business semantic unit in the electronic health record that cannot be further subdivided, including but not limited to a single test indicator value, a single drug name and dosage, a single diagnostic conclusion, etc.) and the concatenated hash value of its timestamp and operator signature as leaf nodes; the intermediate node layer is hierarchically aggregated from bottom to top according to the business logic dimension of medical data, in the following order: record layer, department or event layer, and time layer; the root hash value represents the complete electronic health record status hash of the patient up to the current time point.
[0011] Preferably, the specific construction and incremental update mechanism of the hierarchical multi-branch hash tree (HMHT) is as follows: During construction, the hashes of the underlying basic data fields constitute leaf nodes (L0 layer); the record layer (L1 layer) concatenates the hashes of multiple leaf nodes belonging to the same test report or prescription and performs a hash operation; the department or event layer (L2 layer) aggregates the hashes of multiple record layers from the same patient visit or the same department; the time layer (L3 layer) aggregates the hashes of different visit events into the final root node according to the time sequence. When an incremental update occurs, the system first determines the business semantic dimension to which the new data belongs and locates its corresponding insertion position in the HMHT. Subsequently, the system recalculates the affected parent node hash values of the L1, L2, and L3 layers sequentially along a single vertical path from the new leaf node to the root node. Since the data of other branch nodes has not changed, their hash values can be directly reused, thereby reducing the computational complexity of the update operation from O(N) of full reconstruction to O(log N).
[0012] Preferably, the specific construction logic of the arithmetic circuit is as follows: the arithmetic circuit is designed as a directed acyclic graph (DAG), where nodes represent arithmetic operations (such as addition, multiplication, or nonlinear operations within a hash function), and edges represent data flow. Under the zk-SNARK / STARK protocol, the circuit input is strictly divided into public input and private witness. In this invention, the public input includes the latest root hash value (Root_Hash) recorded on the blockchain and the hash value (Leaf_Hash) of the target plaintext data requested by the mobile terminal; the private witness contains the intermediate node hash path (Auth_Path) from the target leaf node to the root node.
[0013] Preferably, the core constraints of the arithmetic circuit are set as follows: the circuit receives Leaf_Hash and Auth_Path, performs layer-by-layer hash concatenation and calculation according to the topology of the hash tree (such as using the SNARK-friendly Poseidon hash function), and finally outputs a calculated root hash value (Computed_Root). The circuit enforces that Computed_Root must be strictly equal to Root_Hash in the public input (i.e., Computed_Root == Root_Hash). Since Auth_Path serves as a private witness input, the verifier (mobile device) cannot obtain the specific content of Auth_Path during the generation and verification of zero-knowledge proofs, thereby ensuring that other unrequested private medical record data in the hash tree will not be leaked, achieving selective disclosure of medical data.
[0014] Preferably, when the edge node receives a large number of data requests to generate proofs, the built-in load balancer distributes the proof generation task to the distributed computing cluster for parallel processing.
[0015] A second aspect of the present invention provides a method for verifying the integrity of electronic health records and preventing tampering and tracing their origin, applied to a patient's mobile device, comprising: Send a data request to the edge node of the medical institution to view specific medical records; Receive plaintext data and corresponding verification credentials returned by the edge node; The latest root hash value is read from the blockchain, and a local pre-built lightweight verification model is called to parse and compare the verification certificate according to the latest root hash value. The verification computation complexity performed by the lightweight verification model is constant level O(1). If the verification passes, the plaintext data will be displayed. If verification fails, the anti-tampering and traceability mechanism of end-chain collaboration is triggered. The edge node is requested to obtain the hash set of the intermediate nodes of the current hash tree, and the blockchain traceability smart contract is requested to obtain the legal hash path of historical evidence. The hash set of intermediate nodes and the legal hash path are compared layer by layer from top to bottom. A binary search algorithm is executed to accurately locate the tampered leaf node and generate a traceability report.
[0016] Preferably, the specific execution logic of the binary search algorithm for accurately locating the tampered leaf node is as follows: Step 1: Initialize the search range and set the current comparison node as the root node; Step 2: Obtain the set of child nodes (Children_Current) of the current node and the set of child node hashes (Children_Legal) in the corresponding historical legal path on the chain; Step 3: Traverse Children_Current and Children_Legal and compare the hash values at the corresponding positions; Step 4: If a child node hash is found to be inconsistent (Hash_Current[i] != Hash_Legal[i]), determine whether the child node is a leaf node; Step 5: If it is a leaf node, accurately locate the specific data field that has been tampered with, the algorithm ends and returns the index of the field; Step 6: If it is not a leaf node, set the inconsistent child node as the new current comparison node and recursively return to execute Step 2. Its time complexity is O(log N), where N is the total number of leaf nodes.
[0017] Preferably, the generation of the traceability report includes: invoking the traceability smart contract, querying the metadata record of the last legitimate update of the tampered leaf node, including the operation timestamp and the operator's signature, and combining the metadata record with the tampered field information to solidify it into electronic evidence. The electronic evidence includes the current value of the tampered field, the legitimate historical value on the chain, the timestamp of the last legitimate operation, and the operator's signature information, and supports exporting it as a solidifiable evidence file.
[0018] Preferably, when the mobile device is unable to directly connect to the blockchain to read the latest root hash value due to network abnormalities, it switches to gateway caching mode and requests a cached root hash value with an authoritative digital signature from a preset trusted third-party gateway for verification.
[0019] A third aspect of the present invention provides an electronic health record integrity verification and tamper-proof traceability system and method, comprising: The edge node of the medical institution is used to execute the above generation method; The patient's mobile device is used to perform the aforementioned verification and tamper-proof traceability methods; The blockchain network is equipped with a notarization smart contract and a traceability smart contract. The notarization smart contract is used to record the root hash value, notarization timestamp, operation subject signature and data path index. The traceability smart contract is used to respond to traceability query requests and return the historical valid hash value of the specified leaf node and the corresponding metadata record.
[0020] A fourth aspect of the present invention provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the program to implement the above-described generation method or verification and tamper-proof traceability method.
[0021] In a fifth aspect, the present invention provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the above-described generation method or verification and tamper-proof traceability method.
[0022] Compared with the prior art, the present invention has the following significant advantages: By innovatively introducing verifiable computation (zk-SNARK / STARK) into the mobile electronic medical record verification scenario, the mobile device does not need to download the full medical record data or the huge Merkle tree path for hash recalculation. It only needs to execute a lightweight proof verification algorithm with a complexity of O(1), which reduces the verification time from the traditional seconds to the milliseconds, greatly saving the computing power, memory and power of the mobile device and significantly improving the user experience.
[0023] To address the limitation of existing solutions that can only perform coarse-grained file-level tampering detection, this invention designs a hierarchical multi-branch hash tree (HMHT) based on business logic. When verification fails, a binary search algorithm with end-to-end collaboration can accurately locate the specific tampered medical record field (such as a specific test indicator) and trace the time of its last legitimate modification and the responsible party. Quantitative data shows that traditional linear tracing requires 100,000 comparisons when dealing with 100,000 medical records, while the business-layered binary search tracing of this invention requires only about 17 comparisons (O(log N) complexity), improving tracing efficiency by thousands of times and providing a complete, accurate, and extremely fast chain of evidence for medical disputes.
[0024] Thanks to the characteristics of zero-knowledge proofs, this invention allows patients to present proof of the integrity of specific medical records to third parties (such as insurance company claims) without exposing other irrelevant leaf nodes (i.e., other private medical record data) in the HMHT. The verification credential itself does not contain any additional information, perfectly realizing the "usable but not visible" and selective disclosure of medical data.
[0025] Hierarchical Multi-way Hash Tree (HMHT) supports incremental updates. When a medical institution adds new medical records, the edge nodes only need to recalculate the hash value of the affected path and generate incremental proofs, without having to fully reconstruct the hash tree. This significantly reduces the computational load on the medical institution's servers and meets the high-concurrency data writing needs of large tertiary hospitals.
[0026] This invention designs a gateway caching mode to deal with scenarios of blockchain network latency or interruption, and a distributed computing cluster load balancing mechanism to deal with scenarios of high-concurrency computing load on edge nodes, ensuring the robustness and high availability of the system in extreme environments. Attached Figure Description
[0027] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the accompanying drawings used in the description of the embodiments or the prior art will be briefly introduced below.
[0028] Figure 1 This is a system architecture diagram of the present invention.
[0029] Figure 2 This is a schematic diagram of a hierarchical multi-way hash tree (HMHT) structure.
[0030] Figure 3 This is a flowchart of integrity proof and verification based on verifiable computation.
[0031] Figure 4 Flowchart of a fine-grained, tamper-proof, precise location and traceability algorithm. Detailed Implementation
[0032] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0033] Example 1: System Initialization and Data Uplink Patient Zhang San received treatment at Hospital A, which generated an electronic health record containing a "complete blood test report" and an "outpatient prescription".
[0034] Hospital A's edge node system first extracts data fields such as white blood cell count, red blood cell count, and amoxicillin capsules. The system then concatenates the current timestamp and the digital signature of the attending physician, Li Si, for each field, and calculates the SHA-256 hash value to create a leaf node.
[0035] Subsequently, the system aggregates upwards according to business logic: all blood routine indicators are hashed and aggregated into "test record node", prescription information is aggregated into "prescription record node", the two are then aggregated into "current visit node", and finally aggregated with Zhang San's historical medical record node to form the latest root hash value.
[0036] The edge node sends the latest root hash value and operation metadata to the medical consortium blockchain. The notarization smart contract records the transaction, generates a block, and returns a transaction receipt. The underlying plaintext data is encrypted and stored in Hospital A's local database.
[0037] Example 2: Lightweight Authentication and Privacy Protection on Mobile Devices Zhang San needs to apply for compensation from Insurance Company B, requiring only the record and proof of the completeness of the "outpatient prescription".
[0038] Zhang San initiates a request via a mobile app. Hospital A's edge node retrieves the plaintext "outpatient prescription" and runs the zk-SNARK's Prove algorithm. In the construction of the arithmetic circuit, the edge node uses the latest root hash and the target data hash as common inputs, and the intermediate hash path from the leaf node containing the target data to the root node in the HMHT as a privacy witness. The constraint of the arithmetic circuit is set as follows: based on the hash path provided by the privacy witness, a layer-by-layer hash concatenation operation is performed on the target data hash, and the final calculation result must be strictly equal to the common input. The edge node generates a zero-knowledge proof as a verification credential by executing this arithmetic circuit.
[0039] The edge node sends the plaintext prescription and verification certificate to Zhang San's mobile phone. Zhang San's mobile app reads the latest root hash from the consortium blockchain and runs the Verify algorithm. Due to the characteristics of zk-SNARK, the verification process only requires a small number of elliptic curve pairing operations, which takes very little time. After successful verification, the app interface displays the prescription data and a green "Passed Blockchain Anti-Tampering Authentication" icon. Zhang San then forwards the plaintext and verification certificate to Insurance Company B. The insurance company also runs the Verify algorithm to confirm the authenticity of the data, and throughout the entire process, the insurance company cannot know the contents of Zhang San's "blood routine test report," thus achieving privacy protection.
[0040] Example 3: Precise location and traceability when data is tampered with Suppose that a system administrator at Hospital A is hacked and maliciously modifies the "white blood cell count" value in Zhang San's database.
[0041] When Zhang San requests to view his blood test report again via the mobile app, the edge node sends a verification credential generated based on the tampered plaintext data to his mobile phone.
[0042] The mobile app runs the Verify algorithm. Due to changes in the underlying data, the hash path cannot match the latest valid root hash on the blockchain, causing the verification algorithm to fail. The app immediately displays a warning: "Data anomaly detected, initiating the source tracing process."
[0043] The app automatically sends a request to the consortium blockchain traceability smart contract to obtain the historical hash path. The app first compares the hash of the "current medical visit node" and finds that they are inconsistent; it then compares the "examination record node" and the "prescription record node" and finds that the hash of the "examination record node" is inconsistent but the hash of the prescription node is consistent; it continues to perform a binary search downwards and finally finds that the hash value of the "white blood cell count" leaf node does not match the historical valid hash on the chain.
[0044] The app invokes the traceability smart contract to extract the evidence record corresponding to the legitimate hash and generates a traceability report: "Your white blood cell count has been illegally tampered with. The last legitimate record of this indicator was signed and confirmed by Dr. Li Si on a certain date." This report is automatically archived and can be exported as electronic evidence for Zhang Sanwei's use.
[0045] Example 4: Exception Handling and High-Concurrency Fault Tolerance Mechanism To ensure the robustness of the system under extreme environments, this invention designs a comprehensive exception handling mechanism.
[0046] Scenario A (Blockchain Network Delay or Interruption): When Zhang San's mobile device is unable to directly connect to the consortium blockchain to read the latest root hash due to network issues, the APP will automatically switch to "gateway cache mode" and request a cached root hash with a digital signature from a national authoritative institution from a trusted third-party gateway deployed by the medical institution to ensure that the verification process is not interrupted.
[0047] Scenario B (High Computational Load on Edge Nodes): In a high-concurrency scenario, Hospital A's edge nodes receive a large number of requests to generate proofs. At this time, the edge node system, through its built-in load balancer, distributes the proof generation tasks to the distributed computing cluster. Simultaneously, thanks to HMHT's incremental update feature, the system only needs to recalculate the hash values of the affected paths and generate incremental proofs, without requiring a full reconstruction of the hash tree, ensuring high system availability.
[0048] Example 5: Performance Comparison and Quantitative Analysis To verify the technical effectiveness of this invention, a performance comparison test was conducted in a simulated medical environment. The test dataset contained 100,000 records of underlying test indicators from a chronic disease patient over 10 years.
[0049] Regarding mobile verification overhead: using the traditional Merkle tree full hash recalculation scheme, the mobile device needs to download about 15MB of hash path data and perform 100,000 SHA-256 hash operations, with an average verification time of about 3.5 seconds and high memory usage; while using the lightweight verification scheme based on zk-SNARK of this invention, the mobile device only needs to download about 300 bytes of verification credentials (Proof) and perform 3 elliptic curve pairing operations, reducing the average verification time to about 12 milliseconds (O(1) complexity), reducing the verification time by two orders of magnitude and greatly saving the computing resources of the mobile device.
[0050] Regarding the efficiency of anti-tampering and traceability: When one of the verification indicators is randomly tampered with, the traditional linear traceability mechanism requires comparison of each record, averaging 50,000 hash comparisons to locate the tampered record. In contrast, this invention employs an end-chain collaborative HMHT binary search algorithm, comparing layer by layer from top to bottom, requiring only about 17 comparisons (log2(100000) ≈ 16.6) to accurately locate the specific tampered field, improving traceability efficiency by nearly 3000 times. This quantitative data fully demonstrates the significant progress of this invention in fine-grained anti-tampering and traceability.
[0051] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such process, method, article, or apparatus.
[0052] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.
Claims
1. A method for generating an electronic health record integrity proof, applied to a medical institution edge node, characterized by the steps of include: Collect and integrate electronic health record data, construct a hierarchical multi-branch hash tree based on business logic. The leaf node layer of the hierarchical multi-branch hash tree uses the underlying basic data fields of the electronic health record, its timestamp, and the concatenated hash value of the operator's signature as leaf nodes. The intermediate node layer performs hierarchical aggregation from bottom to top according to the business logic dimension of medical data, namely the record layer, department or event layer, and time layer. Generate a root hash value representing the complete electronic health record status of the patient, and send the root hash value to the blockchain for storage. Receive data requests from mobile devices to view specific medical records and retrieve the corresponding plaintext data; By calling a preset zero-knowledge proof algorithm model based on zk-SNARK or zk-STARK through the edge node processor, an arithmetic circuit is constructed. The hash value of the plaintext data and the latest root hash value recorded on the blockchain are used as common inputs, and the intermediate node path of the plaintext data in the hierarchical multi-branch hash tree is used as private witness input. A verification credential for characterizing the integrity of the plaintext data is calculated and generated. The plaintext data and the verification credential are sent to the mobile device for lightweight verification.
2. The method according to claim 1, characterized in that, The constraints of the arithmetic circuit are set as follows: the calculation result of the layer-by-layer concatenation operation of the target data hash based on the hash path in the private witness input must be strictly equal to the latest root hash value in the public input; the private witness input avoids the external disclosure of other private medical record data contained in the intermediate node path, thereby achieving selective disclosure of data.
3. The method according to claim 1, characterized in that, It also includes an incremental update mechanism: when a medical institution adds new electronic health record data, the edge node only recalculates the node hash value of the affected path, generates a new root hash value and stores it on the chain, without having to fully reconstruct the hierarchical multi-branch hash tree.
4. A method for verifying the integrity of electronic health records and preventing tampering and tracing their origin, applied to a patient's mobile device, characterized by the following steps: include: Send a data request to the edge node of the medical institution to view specific medical records; The edge node receives plaintext data and corresponding verification credentials returned by the edge node. The verification credentials are generated by the edge node by calling a preset zero-knowledge proof algorithm model based on the plaintext data and the intermediate node path of the hierarchical multi-way hash tree. The latest root hash value is read from the blockchain, and a local pre-built lightweight verification model is called to parse and compare the verification certificate according to the latest root hash value. The verification computation complexity performed by the lightweight verification model is constant level O(1). If the verification passes, the plaintext data will be displayed. If verification fails, the anti-tampering and traceability mechanism of end-chain collaboration is triggered. The edge node is requested to obtain the hash set of the intermediate nodes of the current hash tree, and the blockchain traceability smart contract is requested to obtain the legal hash path of historical evidence. The hash set of intermediate nodes and the legal hash path are compared layer by layer from top to bottom. A binary search algorithm is executed to accurately locate the tampered leaf node and generate a traceability report.
5. The method according to claim 4, characterized in that, The process of executing the binary search algorithm to accurately locate the tampered leaf node specifically includes: initializing the search range; comparing the hash of the node in the current hash tree with the corresponding valid hash in the valid hash path from top to bottom; if a node with inconsistent hash is found at the current level, determining whether the node is a leaf node; if it is a leaf node, accurately locating the specific data field that has been tampered with; if it is not a leaf node, continuing the binary search comparison in the child nodes of the inconsistent node until the leaf node is located; wherein, the time complexity of the binary search algorithm is O(log N), where N is the total number of leaf nodes in the hash tree.
6. The method according to claim 4, characterized in that, The generation of the traceability report includes: calling the traceability smart contract to query the metadata record of the last legitimate update of the tampered leaf node. The metadata record includes the operation timestamp and the signature of the operation subject. The metadata record is combined with the tampered field information and solidified into electronic evidence. The electronic evidence includes the current value of the tampered field, the legitimate historical value on the chain, the timestamp of the last legitimate operation and the signature information of the operation subject. The electronic evidence can be exported as a solidifiable evidence file.
7. The method according to claim 4, characterized in that, When the mobile device is unable to directly connect to the blockchain to read the latest root hash value due to network abnormalities, it switches to gateway caching mode and requests a cached root hash value with an authoritative digital signature from a preset trusted third-party gateway for verification.
8. A system and method for verifying the integrity of electronic health records and preventing tampering, characterized in that, include: Medical institution edge nodes, used to execute the generation method as described in any one of claims 1 to 3; The patient's mobile device is used to execute the verification and tamper-proof traceability method as described in any one of claims 4 to 7; The blockchain network is equipped with a notarization smart contract and a traceability smart contract. The notarization smart contract is used to record the root hash value, notarization timestamp, operation subject signature and data path index. The traceability smart contract is used to respond to traceability query requests and return the historical valid hash value of the specified leaf node and the corresponding metadata record.
9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the method as described in any one of claims 1 to 3, or the method as described in any one of claims 4 to 7.
10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the program is executed by the processor, it implements the method as described in any one of claims 1 to 3, or the method as described in any one of claims 4 to 7.