Abstract—The digitization of health records has enhanced clinical efficiency, but amplified risks related to data privacy, integrity, and auditability. While permissioned blockchains offer immutability and traceability, they often fail to reconcile transparency with confidentiality—either exposing sensitive data or obscuring it beyond regulatory scrutiny. To address this gap, this paper presents an integrated framework that combines Zero-Knowledge Proofs (ZKPs) with a permissioned blockchain to enable verifiable yet private healthcare transactions. A visit centric Electronic Health Record (EHR) model supports three real-world use cases: medication validity, procedure confirmation, and demographic verification. A four-layer architecture decouples data, application logic, cryptographic trust, and audit logging, allowing end-to-end validation without raw data disclosure. Experimental evaluation across three ZKP libraries (snarkJS, ZoKrates, and gnark) on a synthetic dataset of 1,000 patient visits demonstrates sub-500 ms verification latency, with snarkJS selected for its ecosystem compatibility despite slower raw performance. End-to-end pipeline latency averages 1.35 s, confirming feasibility for batch workflows such as insurance claims. The system further includes a web-based auditor interface that validates tamper-evidence under off-chain attacks, bridging cryptographic guarantees with operational compliance.
 
Keywords—privacy-preserving, zero-knowledge proof, auditability, permissioned blockchain, electronic health records


Copyright © 2026 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).