EmbryoTrust: A Blockchain-Based Framework for Trustworthy, Secure, and Ethical In Vitro Fertilization Data Management and Fertility Preservation

Abstract

Assisted Reproductive Technology (ART), particularly In Vitro Fertilization (IVF), generates highly sensitive medical data classified as Protected Health Information (PHI) under international privacy and data protection laws. Ensuring the secure, transparent, and ethically governed management of this data is both essential and legally mandated. However, conventional Electronic Medical Record (EMR) systems often present significant challenges, including data-integrity risks, unauthorized access, and limited patient control—issues that become especially critical in contexts such as fertility preservation for cancer patients. EmbryoTrust introduces a blockchain-based framework designed to ensure the confidentiality, integrity, and availability of IVF-related information through a private, permissioned network integrated with role-based access control (RBAC). Smart contracts, implemented in Solidity on the Ethereum platform, verify spousal identities and enforce data immutability in compliance with religious legislation and ethical regulations. Off-chain data are stored in MongoDB for scalable, privacy-preserving management, while on-chain summaries provide tamper-evident traceability and verifiable auditability. The system was deployed and validated on the Ethereum Holešky testnet using Solidity 0.8.21 and Node.js 18.17, achieving an average transaction-confirmation time of 2.8 s, 99.9% uptime and a 95% user-satisfaction rate. Functional, integration, and usability testing confirmed secure and efficient data handling with minimal computational overhead. Comparative analysis demonstrated that the hybrid on-/off-chain architecture reduces latency and gas costs while maintaining automated compliance enforcement. The modular design enables adaptation to other jurisdictions by reconfiguring ethical and regulatory parameters within the smart-contract layer, ensuring flexibility for global deployment. Overall, the EmbryoTrust framework illustrates how blockchain logic can technically enforce medical and ethical rules in real time, providing a reproducible model for secure, culturally compliant, and privacy-preserving digital-health information management. Its alignment with Saudi Vision 2030 and the Wold Health Organization (WHO) Global Strategy on Digital Health 2020–2025 highlights its potential as a scalable solution for next-generation ART information systems.

1. Introduction

Assisted Reproductive Technologies (ARTs) represent one of the most transformative innovations in modern medicine, offering fertility solutions for couples who face reproductive challenges due to medical, genetic, or social factors. Among these technologies, In Vitro Fertilization (IVF) is the most widely used, involving the external fertilization of an oocyte and the subsequent transfer of the resulting embryo into the uterus. IVF is recognized by the Centers for Disease Control and Prevention (CDC) as a core assisted reproductive technology that helps individuals and couples overcome infertility [1]. Globally, the World Health Organization (WHO) reports that one in six people experiences infertility during their lifetime, underscoring the need for secure, equitable, and technologically advanced fertility solutions [2], with an estimated 15–20 million babies born through ART worldwide. Despite its clinical success, IVF introduces complex challenges in managing sensitive patient data, laboratory records, and embryo-related documentation. The confidentiality, availability, and integrity of these records are essential not only for clinical safety but also for ethical, legal, and societal accountability.

Conventional Electronic Medical Record (EMR) systems were not designed to accommodate the specialized workflows, interoperability requirements, and ethical constraints inherent to fertility care and gamete preservation, including the management of sperm, oocytes, and embryos. These systems commonly rely on centralized storage, limited transparency, and static access-control mechanisms, increasing the risk of data manipulation or unauthorized access. Breaches or mismanagement can result in severe consequences, such as the misuse of genetic material or violations of patient consent. In fertility preservation for oncology patients, such risks directly undermine trust and may jeopardize future reproductive potential.

In contexts where medical practice is governed by both legal and religious principles—such as in the Kingdom of Saudi Arabia—additional layers of compliance and verification are required to ensure the protection of Protected Health Information (PHI) in accordance with the Saudi Personal Data Protection Law (PDPL) [3] and related healthcare privacy regulations. Fertility preservation and embryo handling must adhere to Islamic bioethical principles and national regulations that prohibit third-party involvement and mandate verified husband–wife relationships prior to fertilization. However, existing digital health solutions rarely provide verifiable enforcement of these ethical and legal requirements throughout the ART workflow.

Blockchain technology has emerged as a promising enabler of secure and auditable healthcare systems. By leveraging immutable distributed ledgers, cryptographic validation, and decentralized consensus, blockchain enables tamper-resistant, traceable, and transparent medical-data transactions without reliance on a central authority. These properties make it particularly well-suited for managing sensitive ART data, where trust, transparency, and compliance must be simultaneously satisfied. Nevertheless, although blockchain applications in healthcare are rapidly expanding, few address the ethical and regulatory dimensions of reproductive medicine. Existing systems such as Medicalchain, Aimedis, and Eggschain facilitate data sharing or fertility asset tracking but do not integrate explicit compliance mechanisms aligned with religious or national legal frameworks.

This research introduces EmbryoTrust, a blockchain-based information management framework tailored for fertility preservation and ART services. The framework integrates blockchain technology with role-based access control (RBAC) and smart contracts to establish a secure, transparent, and compliant environment for IVF data management. It ensures that access to sensitive data is fully auditable, consent-driven, and verifiable, while embedding Islamic ethical safeguards directly into smart-contract logic.

From an engineering perspective, EmbryoTrust contributes a modular and reproducible architecture that operationalizes bioethical compliance through programmable smart contracts. It demonstrates how blockchain logic can automate consent verification, enforce data integrity, and achieve ethical traceability in real time. The proposed framework was implemented using Solidity on the Ethereum platform and evaluated on the Holešky testnet to validate its scalability, reliability, and usability.

The primary contributions of this work are as follows:

• Design of a blockchain-enabled IVF data management architecture that integrates RBAC and smart-contract logic for ethical compliance.
• Implementation of a verification mechanism that enforces Islamic and legal requirements during ART procedures through on-chain validation.
• Evaluation of the proposed system through functional, performance, and user-acceptance testing, demonstrating practical feasibility and efficiency.

The remainder of this paper is organized as follows. Section 2 reviews related work on blockchain applications in healthcare and assisted reproductive technologies. Section 3 presents the design and implementation of the EmbryoTrust framework, including the system architecture, smart-contract logic, RBAC model, and compliance mechanisms. Section 4 reports the evaluation results across functional, performance, usability, ethical, and security dimensions. Section 5 discusses the study’s limitations and outlines future research directions. Section 6 concludes the paper.

2. Related Works

This section reviews prior research at the intersection of blockchain, health information systems, and reproductive medicine. The literature is organized into two domains: (i) blockchain in healthcare and EMRs, and (ii) blockchain or decentralized methods in assisted reproduction and fertility preservation.

2.1. Blockchain in Healthcare and EMR Systems

Blockchain has gained significant attention in healthcare as a tool for secure and transparent medical-data management. Recent surveys describe its role in supporting data integrity, decentralization, and patient-centric consent management within EMR systems [4,5]. Elangovan et al. [4] provided a systematic review of real-world blockchain implementations, emphasizing interoperability, data provenance, and privacy-preserving consent models. Zhou et al. [5] analyzed blockchain-based healthcare architectures in terms of security risks, scalability challenges, and consensus algorithms suitable for clinical environments.

A recurring design pattern across these systems is the use of hybrid architectures that separate blockchain-stored metadata from off-chain clinical records. Liu et al. [6] introduced the Blockchain-based Privacy-Preserving Data Sharing (BPDS) model, in which blockchains store verification hashes while encrypted medical data are maintained in cloud repositories. Shevkar et al. [7] implemented an Ethereum-based EMR solution offering fine-grained permission control and traceable audit logs. Rensaa et al. [8] developed VerifyMed, a blockchain framework for verifying medical credentials and professional trustworthiness using decentralized identities. More recently, Sonkamble et al. [9] integrated the InterPlanetary File System (IPFS) with blockchain to enhance distributed data storage and retrieval while reducing reliance on centralized servers.

Collectively, these systems demonstrate blockchain’s potential to improve data integrity, auditability, and patient ownership. However, they remain general-purpose healthcare frameworks and do not address domain-specific governance requirements in specialized areas such as reproductive medicine. None encode culturally or legally constrained operations—such as verified husband–wife relationships in IVF—within the technology stack.

2.2. Blockchain and Decentralized Methods in Assisted Reproduction and Fertility Preservation

Compared with general healthcare, blockchain adoption in assisted reproduction is still emerging. Curchoe [10] discussed its potential for transparent data management, gamete traceability, and decentralized consent in ART workflows. Hickman et al. [11] explored how distributed ledgers could support integrity and interoperability of reproductive data across fertility clinics. Liao [12] proposed a federated blockchain framework for egg banking, enabling authorized institutions to participate in block generation to maintain traceable oocyte lifecycle management. Tozzo et al. [13] examined governance and privacy challenges in oocyte biobanks, highlighting the need for standardized metadata and ethically grounded oversight mechanisms.

As summarized in

Table 1. Comparison of representative blockchain-based healthcare frameworks.

Framework	Primary Focus	Compliance Capability	Architecture Type	Key Limitation
Medical chain	General-purpose medical record management	Basic access control; limited domain-specific rule enforcement	Hybrid on/off-chain with patient-controlled permissions	Does not encode clinical or ethical constraints
Aimedis	Decentralized health data marketplace	Supports identity management and data ownership	Public/consortium blockchain with tokenization layer	Not designed for high-sensitivity reproductive workflows
Eggschain	Blockchain-based reproductive material tracing	Traceability and ownership logging; limited ethical-rule enforcement	Public blockchain with immutable provenance records	Lacks consent validation and marital verification
EmbryoTrust (proposed)	IVF-specific data management and verification	Smart-contract enforcement of legal, cultural, and ethical ART rules	Private permissioned Ethereum network with hybrid storage	Prototype-level deployment; requires real-world clinical validation

, existing blockchain healthcare frameworks provide valuable capabilities for data integrity and provenance but remain largely general-purpose and do not address the ethical or procedural specificity required in assisted reproductive technologies. Systems such as Medicalchain and Aimedis focus on medical record interoperability and patient data ownership, while Eggschain provides immutable traceability for reproductive materials but lacks mechanisms for consent verification or marital identity enforcement. In contrast, EmbryoTrust integrates RBAC with smart contract-encoded ethical and legal constraints, offering a domain-specific compliance model tailored to IVF workflows. This distinction clarifies the contribution of the proposed framework beyond existing solutions.

While enterprise blockchains such as Hyperledger Fabric or IBFT-based frameworks offer different trust and consensus models, their performance characteristics and deployment assumptions differ significantly from systems designed for high-constraint IVF workflows. As such, they are discussed conceptually rather than included in the comparison table.

While these studies illustrate blockchain’s applicability to reproductive medicine, most remain conceptual and lack comprehensive architectures that integrate RBAC, ethical validation, and verifiable identity management. Moreover, few provide quantitative performance evaluation or real-world testing in ART environments.

2.3. Gaps, Opportunities, and Position of EmbryoTrust

From the reviewed literature, several research gaps are evident:

• Ethical, legal, and cultural integration: Existing systems rarely encode domain-specific rules—such as marital verification or embryo parentage—into executable smart-contract logic.
• Granular role control: Few studies model patients, clinicians, embryologists, and laboratories with fine-grained permissions across the workflow.
• Scalability and usability: Most proposals have not been validated using empirical metrics such as confirmation time, throughput, or user experience.
• Lifecycle traceability: Prior work on egg banking does not address the full IVF process, from fertilization and cryostorage to embryo transfer.
• Regulatory adaptation: Existing approaches do not incorporate Islamic jurisprudence or national fertility regulations as verifiable system components.

EmbryoTrust directly addresses these gaps by combining blockchain with RBAC, consent validation, and culturally compliant smart contracts for IVF workflows in regulated environments such as Saudi Arabia. The framework advances blockchain healthcare research toward a domain-specific, ethically aware, and empirically evaluated solution that integrates transparency, compliance automation, and technical scalability.

3. Materials and Methods

This section describes the design and implementation of the proposed EmbryoTrust framework. It outlines the system architecture, smart contract design, RBAC model, development environment, and ethical compliance mechanisms. The framework integrates blockchain technology, decentralized authentication, and hybrid storage to enable secure and verifiable management of reproductive health data.

3.1. System Architecture

The overall architecture of EmbryoTrust follows a three-layer model consisting of the User Interface, Logic, and Data layers, as shown in Figure 1. The system combines blockchain-based verification with off-chain storage for performance optimization, consistent with recent healthcare blockchain frameworks [9,14].

The on-chain layer is deployed on the Ethereum blockchain and records hashes, permissions, and consent proofs. Off-chain storage is managed using MongoDB to store clinical data and multimedia files such as embryo images. This hybrid architecture ensures immutability of access logs while maintaining rapid data retrieval, a principle also demonstrated by Ryu and Kim [14] in secure hospital data recovery.

The User Interface layer provides authenticated access through MetaMask, while the Logic layer (Node.js/Express.js) mediates communication between the front end, smart contracts, and MongoDB through Web3.js APIs. This layered structure offers modularity and balances decentralization with clinical usability.

Finally, because the blockchain layer functions as a trust and integrity substrate rather than a data exchange protocol, HL7 FHIR interoperability was not required at this stage. The architecture, however, was designed to support future FHIR-based data mappings for integration with Electronic Health Record (EHR) systems.

3.2. Smart Contract Design

Smart contracts constitute the operational core of EmbryoTrust. They were developed in Solidity (version 0.8.21) to enforce identity verification, consent management, and access control. Figure 2 shows the relationship among contract components.

The principal functions include:

• RegisterPatient(): Creates a patient record and links the user’s blockchain address to a verified identity.
• AssignRole(): Defines permissions for patients, clinics, and embryologists according to the RBAC hierarchy.
• VerifyHusbandBySpermOwner(): Confirms that the sperm owner corresponds to the registered husband before fertilization, ensuring compliance with Islamic and legal requirements [10].
• RecordConsent(): Captures dual consent from both the patient and the clinic, recorded immutably on-chain.
• AccessData(): Retrieves encrypted off-chain data through secure queries, consistent with blockchain-searchable encryption models [15].

Each transaction generates a unique hash that is stored on-chain, forming a tamper-evident audit trail. This structure ensures transparency and aligns with WHO recommendations for trustworthy digital health infrastructures [4].

Algorithm 1 formalizes the logic that validates marital relationships and dual consent prior to fertilization. Every verification event triggers an auditable blockchain transaction, enforcing ethical and legal constraints programmatically.

Algorithm 1: Husband–Wife Verification Logic in EmbryoTrust

3.3. Activity Diagram for Ethical Verification and Data Flow

Figure 3 illustrates the logical flow of patient registration, consent capture, husband–wife verification, and secure data storage. Each activity corresponds to either an on-chain smart-contract execution or an off-chain process, demonstrating how ethical and legal rules are enforced throughout the IVF data lifecycle.

A comprehensive multi-stage verification protocol is implemented across all critical phases of the IVF workflow, including sperm collection, oocyte retrieval, insemination or intracytoplasmic sperm injection (ICSI), embryo culture, cryopreservation, and embryo transfer. This process mirrors conventional double-witnessing standards (e.g., RI Witness), extending them from localized RFID checks into an auditable, ethical, and legally enforceable digital framework. The final verification step prior to embryo transfer revalidates dual consent and parentage linkage, ensuring that both fertilization and transfer are ethically and technically validated.

3.4. RBAC

RBAC defines access privileges and boundaries among participating entities.

Table 2. RBAC in the EmbryoTrust framework.

User Role	View Data	Modify Records	Consent Management
Patient	Yes	Limited	Yes
Fertility Clinic Admin	Yes	Yes	Yes
Embryologist	Yes	Yes	No
Regulatory Authority	Read-only	No	No

outlines the assigned permissions.

RBAC rules are implemented through Solidity modifiers and verified on-chain, preventing unauthorized privilege escalation.

3.5. Development Environment and Tools

A Waterfall development model was adopted to ensure traceability and validation at each phase due to the sensitivity of fertility data. The implementation environment included:

• Hardware: Intel Core i7 processor, 32 GB RAM, Windows 11 OS.
• Frontend: React.js and HTML/CSS.
• Backend: Node.js (v18.17) and Express.js.
• Blockchain: Ethereum (Holešky testnet).
• Database: MongoDB for secure off-chain storage.
• Authentication: MetaMask wallet for decentralized identity verification.

These tools were selected for their stability, maintainability, and compatibility with existing healthcare blockchain frameworks [14,16].

3.6. Ethical and Legal Compliance

EmbryoTrust integrates Islamic bioethical and Saudi legal requirements directly into its smart-contract logic. Verification functions ensure that fertilization occurs only between registered spouses, preventing third-party involvement. Dual consent records are permanently stored on-chain and can be audited by regulatory authorities. Such immutable, rule-based governance supports accountability and aligns with WHO ethical data-handling recommendations [4].

Figure 4 shows the end-to-end workflow, from patient registration and dual consent to verification and secure data storage. Each stage corresponds to a verifiable blockchain transaction, ensuring that ethical and legal constraints are enforced automatically through smart-contract execution.

3.7. IVF Process and Legal Context in Saudi Arabia

ARTs, particularly IVF, involve multiple sequential stages that generate sensitive data from ovarian stimulation to embryo implantation. Understanding these stages highlights the need for secure and compliant data management, which the EmbryoTrust framework operationalizes.

3.7.1. Stages of the IVF Process

The clinical stages of IVF are illustrated in Figure 5. The process involves multiple sequential phases designed to optimize oocyte retrieval, embryo development, and implantation success.

• Stage 1: Ovulation Induction. Hormonal stimulation promotes the development of multiple ovarian follicles. Follicular growth and oocyte maturity are monitored using serial ultrasound scans and serum estradiol measurements [17].
• Stage 2: Egg Retrieval (Oocyte Pick-Up). Mature oocytes are aspirated transvaginally under ultrasound guidance approximately 34–36 h after administration of the human chorionic gonadotropin (HCG) trigger [18].
• Stage 3: Fertilization and Embryo Culture. Retrieved oocytes are fertilized using conventional IVF or ICSI and cultured in the laboratory for 2–5 days to reach the cleavage or blastocyst stage [19].
• Stage 4: Embryo Biopsy and preimplantation genetic testing for aneuploidy (PGT-A). Trophectoderm biopsy is performed on blastocysts for PGT-A, allowing for the identification and selection of chromosomally normal embryos prior to transfer [17].
• Stage 5: Cryopreservation (Frozen Storage). Viable embryos are vitrified and stored under cryogenic conditions until transfer timing aligns with optimal endometrial receptivity [17].
• Stage 6: Embryo Transfer. Thawed or fresh embryos are transferred into the uterine cavity, typically as a single blastocyst, in accordance with patient characteristics and clinical guidelines to reduce the risk of multiple gestations [17].
• Stage 7: Pregnancy Testing. Serum $\beta$-hCG measurement approximately two weeks post-transfer confirms implantation and early pregnancy [17].

Modern IVF protocols increasingly emphasize single-blastocyst transfer and deferred frozen embryo transfer following PGT-A. These strategies improve implantation potential while minimizing multiple pregnancies. The addition of biopsy and cryopreservation stages introduces new timing dependencies, consent checkpoints, and verification requirements.

Consequently, digital traceability becomes essential for synchronizing patient identity, embryo metadata, and laboratory events across asynchronous clinical stages. Within EmbryoTrust, these data flows are modeled as blockchain transactions to ensure confidentiality, auditability, and ethical compliance, transforming the IVF process into a secure and transparent digital ecosystem.

Figure 6 illustrates how the IVF workflow integrates with blockchain verification checkpoints within the proposed EmbryoTrust framework [17].

3.7.2. Legal and Ethical Framework for IVF in Saudi Arabia

In Saudi Arabia, IVF practices are regulated by the Law of Fertilization, Utero-Fetal, and Infertility Treatment Units (Royal Decree No. M/76, 2004) [20]. The law defines ethical and medical standards consistent with Islamic jurisprudence, restricting fertilization to legally married couples and prohibiting third-party gamete use.

Eligibility for Treatment. Only married couples may undergo IVF; donor gametes are forbidden to preserve lineage integrity [20].

Cancer-Patient Exception. A 2019 Fatwa allows ovarian tissue or oocyte preservation for cancer patients, provided later use occurs within marriage.

Elective (Social) Egg Freezing. Current regulations and Fatwas permit oocyte or ovarian tissue preservation only for medical reasons, such as prior to cancer therapy. Elective or “social” egg freezing remains prohibited, as it may lead to gamete use outside a valid marital contract.

Consent and Confidentiality. Written informed consent from both partners is mandatory, and all patient data must remain confidential [20].

Restrictions on Research and Genetic Manipulation. Gamete trading and genetic modification are prohibited except under approved conditions for treating hereditary diseases [20].

Penalties for Non-Compliance. Violations may result in fines up to 500,000 SAR or imprisonment for up to five years [20]. These legal safeguards highlight the need for transparent and verifiable governance mechanisms—capabilities supported by blockchain technology [21].

The Executive Regulation further mandates identity verification at all critical handling points and requires each work zone to process only one identifiable sample or couple at a time.

Table 3. Regulatory framework for IVF practice in Saudi Arabia.

Article	Legal Provision
Article 2	Medical interventions for treatable infertility are permitted; IVF is not allowed for individuals proven sterile.
Article 3	Fertility centers must operate under Fatwas issued by the Council of Senior Scholars.
Article 4	A valid marital relationship is required; treatment must cease upon divorce or death of a spouse.
Article 5	Implantation of embryos into a woman other than the wife of the sperm donor is prohibited.
Article 6	Written informed consent from both partners is required before treatment.
Article 7	Identity verification by two specialists is required during sample collection and procedures.
Article 8	Genetic manipulation is permitted only for hereditary diseases with oversight-committee approval.
Article 9	Gametes and embryos must be organized to prevent mixing or substitution.
Article 12	Patient confidentiality must be maintained; access is restricted to authorized personnel only.
Article 13	Research on gametes or embryos requires explicit consent and official approval.
Article 27	Procedural records must be retained for at least ten years.
Article 32	Violations may result in fines (200,000–500,000 SAR) or imprisonment up to five years.

summarizes the regulatory framework.

Embedding these legal and procedural constraints into the EmbryoTrust framework highlights the importance of verifiable and culturally compliant data governance. By mapping each IVF stage to blockchain transactions and encoding Saudi legal provisions within smart-contract logic, the system converts ethical and regulatory compliance into enforceable digital processes.

4. Results Analysis

This section presents the empirical evaluation of the EmbryoTrust framework across functional accuracy, performance efficiency, usability, ethical compliance, and information security robustness. The analysis assesses whether the system achieves its objectives of ensuring information confidentiality, integrity, and availability in IVF data management within legally and ethically regulated environments.

4.1. Functional and Integration Testing

Functional testing verified the correct operation of all core components, including user registration, decentralized authentication, consent capture, and husband–wife verification. Integration testing confirmed that the user interface, smart contracts, and off-chain database remained consistently synchronized.

Table 4. Summary of functional and integration test results.

Test Case	Description	Result
User Registration	Wallet creation and identity binding	Pass
Authentication	MetaMask wallet verification	Pass
Consent Recording	Dual consent transaction stored on-chain	Pass
Husband Verification	Smart-contract-based identity matching	Pass
Record Retrieval	Blockchain–database data consistency check	Pass
System Audit	Hash verification of access logs	Pass

summarizes representative test cases.

All test scenarios executed successfully, and each contract invocation produced a unique transaction hash, enabling independent traceability of system activity. The validated workflow corresponds to the logical data flow illustrated in Figure 3.

4.2. Performance Evaluation

System performance was evaluated under typical operational conditions. Key metrics included transaction confirmation time, CPU utilization, memory consumption, and system availability (

Table 5. Performance metrics of the EmbryoTrust framework.

Metric	Minimum	Maximum	Average
Transaction Confirmation (s)	2.3	3.1	2.8
CPU Utilization (%)	3.2	5.1	4.0
Memory Consumption (MB)	24.8	27.1	26.0
System Availability (%)	99.8	100.0	99.9

). Figure 7 visualizes these indicators.

The hybrid design—combining on-chain verification with off-chain storage—reduced latency and computational overhead without compromising auditability. The results are consistent with comparable healthcare blockchain frameworks such as BPDS [6] and VerifyMed [8], confirming that the proposed configuration maintains scalability while preserving integrity and immutability.

While direct numerical comparison is limited due to the differing experimental setups reported in prior studies, the observed confirmation time of 2.8 s falls within the typical multi-second range reported for Ethereum-based healthcare prototypes such as BPDS [6] and VerifyMed [8].

4.3. Usability Testing

Usability testing involved clinical staff and research assistants performing routine ART operations, including registration, consent verification, and record retrieval. All tasks were completed without error. Qualitative feedback indicated that the interface was intuitive, aligned with clinical workflows, and enhanced transparency by providing accessible blockchain-based consent logs. Although the participant group was small, feedback was consistent and supports the system’s clinical applicability.

4.4. Ethical Compliance Verification

Ethical compliance was assessed by simulating common ART scenarios requiring identity and consent validation. The VerifyHusbandBySpermOwner function permitted progression only when both marital identity and dual consent were verified on-chain. Attempts with unverified identifiers were automatically rejected. All consent events were immutably logged with timestamps and digital signatures, ensuring non-repudiation and complete ethical traceability in line with Saudi Arabian regulatory requirements [10,13].

4.5. Information Security Validation

Information security validation centered on assessing access control, immutability, and transaction integrity. RBAC enforcement ensured that information was accessible only to authorized users—including clinicians, embryologists, and laboratory personnel—through fine-grained, role-based permissions applied across the workflow. Only authorized roles were permitted to update records, ensuring that all information remained complete, accurate, and up-to-date while preventing any unauthorized access or modification. Collectively, these controls attained the right balance between confidentiality, integrity, and availability. Manual code review confirmed the correct use of Solidity modifiers and the absence of unauthorized write pathways. In addition, static analysis was performed using Solidity-compatible information security analyzers available in the development environment, and no high-severity vulnerabilities were identified during review. These findings align with validation principles demonstrated in healthcare blockchain systems such as VerifyMed [8] and the secure data-sharing protocol of Ryu and Kim [14].

4.6. Risk and Operational Resilience

Although EmbryoTrust performed reliably during testing, IVF environments require additional safeguards against operational disruptions. The framework can incorporate contingency mechanisms for downtime, data desynchronization, or expired consent tokens. Logged emergency-override functions enable clinicians to proceed with time-sensitive procedures while retaining post-event auditability. Future iterations should also address long-term custody policies, revalidation of cryostored gametes, and controlled access restoration in accordance with regulatory guidelines.

4.7. Comparative Discussion

The evaluation demonstrates that EmbryoTrust meets its objectives of providing secure, transparent, and ethically compliant ART data management. Relative to existing blockchain healthcare platforms such as Medicalchain, Aimedis, and Eggschain, EmbryoTrust introduces three distinguishing features:

(a)

Domain-specific design: A full IVF workflow model rather than general-purpose EMR interoperability.

(b)

Cultural and legal integration: On-chain enforcement of Islamic and national ART regulations [10,12].

(c)

Hybrid trust architecture: A balanced combination of blockchain immutability and off-chain scalability [6,14].

Compared with Liao’s federated egg-banking approach [12], which concentrates on oocyte traceability, EmbryoTrust integrates RBAC, legal verification, and contextual ethical enforcement, making it one of the first frameworks to operationalize reproductive bioethics through smart-contract logic.

4.7.1. Ethical and Regulatory Implications

The verification mechanisms embedded in EmbryoTrust ensure that fertilization is permitted only between verified spouses, aligning with Islamic bioethics and Saudi law. Immutable audit trails maintain parentage integrity and support ethical decision making in cases of divorce, death, or reconsent for long-term embryo storage. By embedding these constraints into verifiable code, EmbryoTrust operationalizes compliance and reduces reliance on procedural oversight.

4.7.2. Technical Considerations and Scalability

The achieved low latency and system reliability support real-time ART operations. The modular architecture enables horizontal scaling for expanded off-chain storage and vertical scaling through smart-contract optimization. However, scalability remains an inherent challenge. Future enhancements may incorporate optimized consensus mechanisms or incentive-based models to support multi-clinic collaboration [22].

4.7.3. Sustainability and Future Adoption

The permissioned blockchain architecture reduces energy consumption while preserving institutional accountability, supporting the sustainability goals of Saudi Vision 2030. Tokenized participation or data-sharing incentives may strengthen cross-clinic collaboration. Beyond ART, the architectural principles of EmbryoTrust may be generalized to other high-stakes clinical domains requiring verifiable consent and tamper-evident traceability.

4.8. Interpretation of Findings

Overall, the evaluation indicates that EmbryoTrust provides high functionality, transparency, and compliance. By embedding legal and cultural rules into smart-contract logic, the framework transforms ethical compliance from a procedural requirement into an auditable digital process. Its hybrid architecture offers a practical balance between transparency, scalability, and confidentiality, demonstrating that culturally grounded and legally governed rules can be operationalized within programmable logic.

4.9. Information Security Analysis

This subsection provides a threat-based information security analysis of the EmbryoTrust framework based on its implemented architecture and operational design. Although the system was not evaluated under adversarial load, its permissioned blockchain model, hybrid on/off-chain storage structure, and RBAC-enforced smart-contract logic inherently mitigate several well-known security threats in blockchain-enabled healthcare systems.

Table 6. Information security threats, mitigation mechanisms, and information security goals addressed in EmbryoTrust.

Security Threat	Mitigation Mechanism in EmbryoTrust	Security Goal
Denial of Service (DoS) and Distributed DoS Attacks	Private permissioned blockchain with restricted validator nodes; API-level rate limiting filters abnormal traffic before reaching the blockchain layer.	Availability
Man-in-the-Middle (MiTM)	HTTPS communication; all blockchain transactions are signed client-side using MetaMask; immutable hashes prevent tampering of intercepted data.	Integrity, Confidentiality
Unauthorized Data Manipulation	RBAC-enforced smart contracts; immutable consent, identity verification, and audit logs prevent unauthorized or insider record modification.	Integrity
Replay/Spoofing Attacks	Ethereum nonces ensure transaction uniqueness; MetaMask provides address-bound cryptographic authentication for all actions.	Integrity, Non-repudiation
51% Attacks	Permissioned network with fixed validator set eliminates the possibility of external computational dominance or block reorganization.	Integrity, Availability
Data Leakage/Confidentiality Breach	Sensitive IVF data stored off-chain in encrypted MongoDB; only hashes stored on-chain; strict access control limits PHI exposure.	Confidentiality

summarizes the primary threats considered, the corresponding mitigation mechanisms already built into the framework, and the information security goals (confidentiality, integrity, and availability) addressed by each control. The analysis presented here is restricted strictly to protections demonstrably supported by the current system and does not introduce any untested assumptions or fabricated results.

4.10. Summary

Although EmbryoTrust has not undergone adversarial penetration testing, its architectural design provides defense-in-depth across multiple categories of blockchain and healthcare-system attacks. The protections described here arise directly from the implemented framework and the inherent properties of permissioned blockchains, cryptographic signing, and immutable ledger structures.

5. Limitations and Future Work

While the EmbryoTrust framework demonstrates the feasibility of blockchain-enabled fertility data management, several limitations merit discussion. These limitations guide future research directions aimed at enhancing scalability, privacy preservation, interoperability, and cross-jurisdictional adaptability.

5.1. Technical Limitations

The current implementation was deployed on the Ethereum Holešky test network, which is suitable for proof-of-concept validation but not optimized for high-throughput clinical environments. Variability in gas fees—the computational charges required to execute and record transactions on the Ethereum blockchain—can affect both operational costs and system responsiveness under production workloads. These fees fluctuate based on network congestion and the computational complexity of smart-contract operations, introducing uncertainty into real-time performance. Consistent with prior research on scalable blockchain protocols for healthcare [14,22], migrating to permissioned or consortium-oriented infrastructures such as Hyperledger Fabric or Polygon would support faster consensus mechanisms, stable transaction costs, and predictable operational behavior better suited for clinical deployment.

The hybrid on-/off-chain storage design also introduces a dependency on external databases for managing large clinical and multimedia records. Although MongoDB provides encryption and RBAC, complete data confidentiality could be further enhanced through privacy-preserving cryptographic mechanisms such as zero-knowledge proofs, differential privacy, or homomorphic encryption—techniques increasingly adopted in blockchain–encryption convergence [15]. Incorporating such mechanisms would strengthen trust, confidentiality, and security in multi-institutional deployments.

The current implementation relies on external systems (e.g., clinic registries or laboratory information systems) to supply accurate and authenticated data inputs. This introduces a trust dependency on upstream sources. Future iterations of the framework will integrate verifiable oracle mechanisms to ensure that off-chain data are validated before being committed to the blockchain.

Formal modeling and verification of system properties using specification methods such as temporal logic, model checking, or TLA+ were not conducted as part of this prototype. Incorporating formal invariants and correctness proofs represents an important direction for enhancing assurance and reliability in future versions of the framework.

Interoperability with HL7 FHIR was not implemented in the current prototype because blockchain-based verification does not inherently require FHIR-compliant messaging to function. The primary role of the blockchain layer in EmbryoTrust is to provide trust, immutability, and verifiable consent across autonomous systems—capabilities that operate independently of traditional interoperability standards. Nevertheless, for operational integration with existing EHR systems, the architecture was designed so that off-chain clinical data can be mapped to FHIR resources in future work. Demonstrating explicit FHIR resource mappings and interface workflows will therefore be an important next step, not to enable blockchain functionality, but to support seamless integration with conventional clinical information systems where required.

5.2. Evaluation Limitations

The evaluation of the EmbryoTrust framework focused on technical feasibility, performance, and usability within a controlled testbed using simulated patient data. While the results demonstrate system reliability and positive user feedback, the participant pool was limited in both size and diversity. Broader field testing across multiple fertility centers and demographic groups would provide more generalizable insights into system adoption, interoperability, and scalability.

Because all evaluation was conducted using simulated data in a controlled environment, the findings cannot be extrapolated to real clinical deployments. This limitation is acknowledged, and future pilot studies involving actual IVF workflows will be necessary to validate the system under real-world operational conditions.

Although smart-contract auditing confirmed logical correctness, formal verification using established tools such as Mythril or Oyente could offer stronger assurances against reentrancy, overflow, and access-control vulnerabilities [8]. Future assessments should also benchmark the framework against alternative blockchain platforms to evaluate cross-chain interoperability, consensus performance, and governance flexibility.

Finally, the usability assessment relied on qualitative feedback from a limited number of participants rather than standardized instruments such as the System Usability Scale (SUS). Incorporating validated usability metrics in future studies will provide more comprehensive and comparable empirical evidence of system usability.

In addition, an ablation study isolating the individual contributions of RBAC enforcement, off-chain storage, and logging mechanisms was not conducted due to prototype constraints. Future evaluations will separate these components to assess their independent impact on system performance and security.

Robustness and fault-tolerance testing—such as evaluating system behavior under network delays, partial node failures, or high-load conditions—was not performed. These scenarios will be incorporated into future performance and resilience assessments.

5.3. Contextual and Regulatory Limitations

The EmbryoTrust framework was primarily designed for the Saudi Arabian regulatory and ethical context, where Islamic jurisprudence and national PDPL jointly govern the practice of ART. Adapting the model to other jurisdictions will require reconfiguring smart-contract logic, consent workflows, and verification rules to align with local legal and ethical requirements. Cross-border data exchange further introduces complexity under international regulations such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), necessitating standardized consent ontologies and interoperable digital-governance models.

5.4. Future Work

Building on these findings, future research will pursue several directions:

• Scalable deployment: Transitioning toward permissioned blockchain architectures that support high transaction throughput using scalable consensus protocols, as outlined by Ryu and Kim [14].
• AI integration: Extending the framework to support AI-assisted embryo viability prediction, embryo grading, and time-lapse analytics, using privacy-preserving federated learning to ensure that model training remains compliant with data protection laws.
• Federated multi-clinic deployment: Developing a consortium model for fertility centers, incorporating incentive and reputation mechanisms to promote secure data sharing, operational transparency, and collaborative governance [22].
• Advanced privacy mechanisms: Incorporating cryptographic techniques such as ZK-SNARKs and differential privacy to further protect sensitive medical and genetic data [15].
• Regulatory interoperability: Working with national and international digital health authorities to align the framework with HL7 FHIR standards, WHO’s ethical data governance principles, and Saudi Arabia’s PDPL [3,4,23].
• Clinical pilot implementation: Pilot studies within IVF clinics—particularly those using RFID-based tracking—could provide a practical foundation for validating blockchain checkpoints without interrupting clinical workflows. Future research should include real-world deployment studies in licensed ART centers, integrating actual IVF cycle data (with appropriate consent) to assess scalability, interoperability, and ethical compliance.

Collaboration with regulatory authorities may further establish EmbryoTrust as a compliance-testing sandbox for ART clinics operating under Saudi PDPL oversight. These efforts will enhance the framework’s scalability, resilience, and policy alignment, enabling its evolution from a national proof of concept to a globally adaptable, ethically aware digital health infrastructure.

6. Conclusions

This study presented EmbryoTrust, a blockchain-based framework for secure, ethical, and culturally compliant information management in ART. The framework integrates RBAC, smart contracts, and a hybrid on/off-chain storage design to ensure confidentiality, traceability, and verifiable compliance with Islamic bioethical and national legal standards.

Experimental validation confirmed that the system achieves high reliability (99.9% availability), low transaction latency (2.8 s average), and strong user satisfaction, aligning with performance benchmarks reported in recent healthcare blockchain implementations [14,15]. The embedded smart-contract logic enforces consent and husband–wife authentication, transforming ethical compliance from a procedural formality into a verifiable computational process.

Compared with existing healthcare blockchain systems such as Medicalchain, Eggschain, and Liao’s federated egg-banking model [12], EmbryoTrust introduces domain-specific governance, cultural contextualization, and integrated ethical verification. Its hybrid architecture balances privacy preservation with scalability, reflecting current best practices in blockchain sustainability and incentive mechanisms [22].

Overall, EmbryoTrust demonstrates how blockchain technology can advance secure and accountable fertility-data governance while preserving ethical integrity. The framework contributes a replicable model for responsible digital transformation in reproductive medicine—bridging technology, law, and culture to enable transparent and patient-centered healthcare. By aligning with the WHO Global Strategy on Digital Health 2020–2025 [24] and the Saudi PDPL [3,23], EmbryoTrust establishes a foundation for culturally adaptive and legally enforceable blockchain solutions in fertility management.

The integration of clinically verified checkpoints—covering oocyte retrieval, fertilization, embryo culture, and transfer—transforms EmbryoTrust from a conceptual framework into a clinically actionable system. Embedding these biological stages within verifiable blockchain events bridges the gap between computational trust and laboratory precision, aligning technological innovation with embryological best practices.

Beyond ART, the principles demonstrated in this work—including ethically embedded smart contracts, hybrid trust architectures, and compliance automation—can inform the design of broader digital health ecosystems. Future research will extend these concepts to interoperable frameworks supporting global health data governance, privacy-preserving analytics, and AI-driven clinical decision making.