Electronic　health　record　transmission　and　storage　involve　sensitive　information,　requiring　robust　security　measures　to　ensure　access　is　limited　to　authorized　personnel.　In　the　existing　state　of　the　art,　there　is　a　growing　need　for　efficient　access　control　approaches　for　the　secure　accessibility　of　patient　health　data　by　sustainable　electronic　health　records.　Locking　medical　data　in　a　healthcare　center　forms　information　isolation;　thus,　setting　up　healthcare　data　exchange　platforms　is　a　driving　force　behind　electronic　healthcare　centers.　The　healthcare　entities　access　rights　like　subject,　controller,　and　requester　are　defined　and　regulated　by　access　control　policies　as　defined　by　the　General　Data　Protection　Regulation　(GDPR).　In　this　work,　we　have　introduced　a　blend　of　policy-based　access　control　(PBAC)　system　backed　by　blockchain　technology,　where　smart　contracts　govern　the　intrinsic　part　of　security　and　privacy.　As　a　result,　any　Subject　can　know　at　any　time　who　currently　has　the　right　to　access　his　data.　The　PBAC　grants　access　to　electronic　health　records　based　on　predefined　policies.　Our　proposed　PBAC　approach　employs　policies　in　which　the　subject,　controller,　and　requester　can　grant　access,　revoke　access,　and　check　logs　and　actions　made　in　a　particular　healthcare　system.　Smart　contracts　dynamically　enforce　access　control　policies　and　manage　access　permissions,　ensuring　that　sensitive　data　is　available　only　to　authorized　users.　Delineating　the　proposed　access　control　system　and　comparing　it　to　other　systems　demonstrates　that　our　approach　is　more　adaptable　to　various　healthcare　data　protection　scenarios　where　there　is　a　need　to　share　sensitive　data　simultaneously　and　a　robust　need　to　safeguard　the　rights　of　the　involved　entities.　©　2025　Yaqub　et　al.