A highly secure, cryptographically enforced Medical Record & Hospital Management System.
Designed to ensure patient privacy, robust role-based access control, and differential privacy for statistical analysis.
🔐 Symmetric Data Encryption
AES-256 (CBC Mode): All medical records and prescriptions are encrypted at rest using a unique Data Encryption Key (DEK) derived via PBKDF2 from a Master Key. AES ensures the bulk string storage of medical records remains entirely protected against disk-level breaches.
✍️ Digital Signatures
RSA 2048-bit (PKCS#1 v1.5): Guarantees non-repudiation. Doctors cryptographically sign prescription payloads with their local private keys; pharmacists rely on the backend verification to dispense drugs securely without doubt of origin or tampering.
🧮 Partially Homomorphic Encryption (PHE)
Paillier Cryptosystem: Numeric vitals (like age, heart rate, weight) are encrypted at the field level. The Flask backend utilizes additive homomorphism to sum up encrypted patient data directly from SQLite without decrypting the contents first, preserving ultimate privacy during hospital-wide analytics generation.
🔍 Searchable Symmetric Encryption (SSE)
HMAC-SHA256: Deterministic tokens represent diagnoses and physical conditions in a reverse search_index table, enabling secure database queries without exposing plaintext search keys.
📊 Differential Privacy (DP)
Laplace Mechanism: Integrates diffprivlib to add mathematically calibrated statistical noise to the final decrypted aggregates. This protects the aggregated models from Linkage and Inference attacks that could single out an individual's data points.
⛓️ Immutable Audit Ledger
Blockchain-Inspired Approach: Tracks every login and critical administrative action. Each log entry is bound to the previous via chained SHA-256 hashing. Modifying a historical log instantaneously invalidates the whole chain block tree.
🔐 Authentication
Secure Key-Based Authentication.
🧑💼 Admin View
At-a-glance system status, tile navigation.
Immutable blockchain audit logs for deep system tracking.
Differentially private aggregate statistics logic natively calculating encrypted metrics.
🩺 Doctor Interface
Primary clinical dashboard.
Prescribing interface with underlying RSA signature generation.
Encrypted record viewing securely accessed from search indexes.
🛏️ Patient View
Read-only dashboard of a patient's historical medical records.
💊 Pharmacist Access
Overview of un-dispensed physical prescriptions.
Dispensing interface forcing live cryptographic RSA signature verification.
| Layer | Technology |
|---|---|
| Backend Framework | Python 3 |
| Web API / Router | Flask |
| Database Engine | SQLite3 |
| Authentication | Custom session-based auth with bcrypt / RSA |
| Cryptography | pycryptodome, phe (Paillier), diffprivlib |
| Frontend Styling | HTML5, CSS3, Jinja2 Templates |
MediCrypt/
├── app.py # Main Flask entrypoint & app configuration
├── auth.py # Registration, bcrypt login, and RSA key verification
├── crypto.py # AES, RSA, Paillier PHE, and SSE logic
├── database.py # SQLite connection and role schema seeding
├── blockchain.py # Immutable audit ledger logic
├── routes/ # Modular Flask blueprints
│ ├── admin/
│ │ ├── logs.py # Blockchain log viewer
│ │ ├── stats.py # Differential privacy analytics
│ │ └── user_management.py # Secure admin user creation
│ ├── doctor.py # Doctor dashboard and prescriptions
│ ├── patient.py # Patient view
│ └── pharmacist.py # Pharmacist verification dashboard
├── templates/ # Jinja2 HTML templates
└── dummy_keys/ # Generated test RSA private keys (GitIgnored)
erDiagram
USERS ||--o{ PATIENT_PROFILE : has
USERS ||--o{ DOCTOR_PROFILE : has
USERS ||--o{ PHARMACIST_PROFILE : has
USERS ||--o{ ADMIN_PROFILE : has
USERS ||--o{ MEDICAL_RECORDS : "creates / owns"
ROLES ||--o{ USERS : "assigned to"
MEDICAL_RECORDS ||--o{ SEARCH_INDEX : "indexed by"
PATIENT_PROFILE ||--o{ PATIENT_PROFILE_INDEX : "indexed by"
USERS ||--o{ BLOCKCHAIN_AUDIT_LOG : "performs"
ROLES {
integer role_id PK
string role_name
}
USERS {
string user_id PK
string username
string password_hash
integer role_id FK
string public_key
}
PATIENT_PROFILE {
string user_id PK
string full_name
blob phe_age
string smoking_status
}
MEDICAL_RECORDS {
string record_id PK
string patient_user_id FK
blob encrypted_data
string policy_str
string created_by_user_id FK
blob phe_heart_rate
}
SEARCH_INDEX {
string keyword_token PK
string record_id PK
}
BLOCKCHAIN_AUDIT_LOG {
integer log_id PK
string block_hash
string previous_hash
string action
string details
}
- Python 3.12+
# 1. Clone the repository & enter it
# 2. Setup Virtual Environment
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
# 3. Seed the Database
python database.py
python reset_database.py
python seed_users.py
python seed_medicines.py
# 4. Run the Server
python app.pyThen open http://localhost:5000 in your browser.
Upon running seed_users.py, RSA private keys are generated in the local dummy_keys/ directory. You must supply both the password and the matching .pem file during the secure web login handshake.
| Role | Username | Password |
|---|---|---|
| Admin | mihir@admin.kmc.edu |
Admin@1234 |
| Doctor | omkar@doctor.kmc.edu |
Doctor@123 |
| Patient | harsh@patient.kmc.edu |
Patient@123 |
| Pharmacist | sushmita@pharmacist.kmc.edu |
Pharm@1NET |
| Name | GitHub |
|---|---|
| Mihir Sahay | @sahaymihir |
| Rishi Khandelwal | @RishiK1706 |
| Omkar Nayak B | @omkar3599 |