Modern authenticated encryption adopts the authenticated encryption with associated data approach. National Institute of Standards and Technology recommends standard algorithms such as AES-GCM, AES-CBC+HMAC, and ChaCha20-Poly1305, which ensure both data confidentiality and message integrity [22]. However, these methods require additional overhead, including a 16-byte authentication tag and 8/12/24-byte Nonce or IV fields. AES-CBC further requires 16-byte block alignment, leading to significant message expansion that limits transmission efficiency in space-constrained QR codes.

This work adopts a symmetric authenticated encryption with associated data scheme, where both encoder (sender) and decoder (receiver) share a 256-bit secret key. ChaCha20 is used for encryption and BLAKE3 for authentication, resulting in only 2 bytes of overhead. ChaCha20 is an IETF-standardized stream cipher that uses a 256-bit key and 64-bit nonce, producing a keystream via 20 rounds of permutation. It does not require alignment, keeps the same ciphertext size, and works fast in software even without special hardware, making it suitable for mobile and low-latency scenarios. BLAKE3 is an advanced cryptographic hash function with higher performance than Secure Hash Algorithm 256 bit and Secure Hash Algorithm 512-bit. It supports variable output lengths, allowing flexible adaptation to different application requirements [23].

Compared with other transmission methods, QR codes printed on paper are harder to steal and are difficult to brute-force due to their low propagation efficiency. In our proposed algorithm, BLAKE3 is configured to produce a 2-byte hash, resulting in a brute-force probability of 1/(2^16), which is acceptable for practical authentication. ChaCha20 encryption, with a 256-bit key, offers a brute-force resistance of 1/(2^256), meeting the National Institute of Standards and Technology Level 3 security standard.

During the algorithm development phase, this study constructed a “Chinese Medical Text Dataset” for training a proprietary tokenizer. The dataset was sourced from the EHRs of approximately 80,000 historical patients from a hospital. The extracted fields included department names, surgical procedures, medication names, disease diagnoses, indicator names, and imaging examinations, among others, and were saved in text. The access control layer integrates time-based one-time password using a 6-digit random code, reducing the probability of unauthorized access to below $10^{-6}$.format.

In the algorithm validation phase, the study built a “Performance Benchmark Dataset” to verify the overall compression performance of the algorithm. This dataset was derived from the EHRs of 300 inpatients with VTE at the Sixth Medical Center of the Chinese PLA General Hospital between January and October 2024 and was saved in JSON format. These medical records comprehensively documented the patients’ basic information, surgical history, diseases, radiological examination results, laboratory test data, risk assessments, and medication upon discharge. Specifically, the basic information included the patient’s age, gender, height, weight, department, and length of hospital stay; surgical details recorded the name and timing of the surgery; disease classification encompassed the name and category of the diseases; radiological examination results detailed the date of the examination, the name of the procedure, the body part examined, and the conclusions; laboratory test data listed the name of the indicator, its value, unit, risk indication, and the normal range; medication upon discharge recorded the name of the medication, the daily dosage, and the frequency of administration; and the risk assessment section included the assessment scale, risk level, and risk factors.

The compression ratio in this study is defined by the formula: CompressionRate=OrigDataBytes/CompressedDataBytes.

In terms of algorithm design, we strive not only to optimize overall performance but also to ensure compatibility with various worst-case scenarios. Therefore, when analyzing the byte size of JSON files and the number of fields in the “Performance Benchmark Dataset,” we used statistical methods for calculating the mean, as well as the minimum and maximum extreme values.

We compared the efficiency of our compression algorithm with the traditional Gzip compression algorithm. In addition, we compared the efficiency of the 2 most effective JSON serialization technologies in real patient datasets, as well as the compression efficiency of 2 mainstream tokenization algorithms on specific datasets. All of the above comparisons used mean statistical methods and used t tests to calculate P values.

Furthermore, we used cumulative distribution function graphs to analyze the distribution of the number of QR codes scanned by patients and tested the time required for creating patient records via QR codes using various models of mobile phones.

This cohort study was approved by the Medical Ethics Committee of the Sixth Medical Center of Chinese People’s Liberation Army General Hospital (approval number: HZKY-PJ-2022-21). A waiver of informed consent was granted because this was a retrospective, data-only study, and all data were fully deidentified in accordance with institutional and national guidelines. Patients using the home rehabilitation service app provided informed consent at registration. QR code information constitutes a deidentified limited dataset with no personally identifiable information included; personally identifiable information is used only locally for authentication and is never transmitted. Encrypted QR codes are accessible only by authorized patients, ensuring data security and access control. All procedures complied with institutional policies, the Declaration of Helsinki, and relevant data protection regulations.

We conducted a detailed statistical analysis of the fields and their storage sizes in the JSON files of the “Performance Benchmark Dataset,” which is summarized in Table 4. The average number of fields in the raw JSON files was 240.1, ranging from 89 to 623, with an average storage byte size of 7095, varying from 2748 to 17,425. In terms of the number of fields, laboratory test data constituted the highest proportion at 67.5%, followed by risk assessment data at 9.6%. Regarding storage byte size, laboratory test data also represented the largest proportion at 61.4%, with radiological examination result data following at 14.4%.

The average size of the original JSON data was 7095 bytes. After compression using the traditional Gzip algorithm, the average size was reduced to 1907 bytes, with an average compression ratio of 3.66. By applying our developed BPE+Avro+Gzip combined compression algorithm, the average size was further reduced to 1048 bytes, improving the average compression ratio to 6.67. The compression efficiency of our algorithm was 1.82 times that of the traditional Gzip algorithm (P<.001). The scatter plot distribution in Figure 4 shows that the larger the original JSON file, the more significant the compression effect.

According to previous research, ASN.1 and Avro demonstrated the best compression performance among JSON serialization technologies. For our “Performance Benchmark Dataset,” Avro achieved a compression ratio of 2.59, while ASN.1 had a compression ratio of 2.57, with no significant difference (P=.30). However, Avro significantly outperformed ASN.1 when combined with BPE or Gzip methods (Table 5 and Figure 5). Specifically, the compression ratio for Avro+Gzip reached 4.72, compared with 4.12 for ASN.1+ Gzip (P<.001). Further, when the BPE method was introduced, the compression ratio for Avro+BPE+Gzip was 6.67, while for ASN.1+BPE+Gzip it was 5.21 (P<.001).

Our constructed dataset consisted of a total of 1,146,532 records, with a total size of 122.5 MB and an average sentence length of 38.3 Chinese characters, corresponding to an average byte length of 106.8. We divided this dataset into a training set and a test set at a ratio of 9:1.

Using Google’s open-source project SentencePiece for tokenizer training, we trained and validated 2 tokenization methods: unigram and BPE171819, with a vocab_size of 65,535, allowing each token to be represented by a 2-byte unit. In terms of training duration, unigram took 65.91 seconds, while BPE took 360.2 seconds, with unigram being faster. In terms of compression ratio, on the training set, unigram and BPE achieved compression ratios of 4.7 and 4.83, respectively (P<.001); on the test set, they achieved 4.55 and 4.68, respectively (P<.001), showing that BPE is more efficient than unigram (Table 6).

Based on previous research, when each module size is set to 4×4 pixels, 100% readability can be achieved on A4 white paper [24]. For the largest QR code size, the number of modules contained is 177×177 [25]. With a border width of 4 and an estimated resolution of 200 dots per inch for a standard printer, even the largest QR code would occupy a space of 3.7 inches (9.39 cm) in both length and width on A4 paper.

Considering the response speed of mobile phone scanning and the redundancy requirements of QR codes, we selected the version 25 QR code with 117×117 modules, which has a theoretical size of 2.5 inches (6.35 cm). Taking into account the differences in dots per inch, ink density, and default print margins across different hospital printers, we reserved a 20% redundancy, resulting in a designed QR code size of 7.62 cm × 7.62 cm (approximately 3×3 inches), with 2 QR codes per row. The specific layout is shown in Figure 6.

We used version 25 QR codes with an error correction level set to L, each supporting a maximum binary capacity of 1273 bytes [25]. As shown in Figure 7, following a cumulative distribution function [26] analysis of the compressed file sizes for 300 patients, we found that 84.7% of the patients needed to scan only one QR code, while 5.3% of the patients required scanning 2 QR codes. Only an extremely small number of patients may need to scan more than 3 QR codes.

Based on the size of the compressed files, we selected 3 patients for a scanning test, corresponding to 1, 2, and 3 QR codes, respectively. The test timing started when the patient clicked the scan button and ended when the record creation was completed. Testing with different models of mobile phones showed that, on average, scanning 1 QR code took 3.1 seconds, scanning 2 QR codes took 7.30 seconds, and scanning 3 QR codes took 8.73 seconds. ANOVA was used to test the differences, with a P value <.001.

Based on the size of the compressed files, we selected 3 patients for a QR code scanning test, corresponding to 1, 2, and 3 QR codes, respectively. The timing started when the patient clicked the scan button and ended when the registration was completed. Different smartphone models were used for the tests, and the results showed that, on average, scanning one QR code took 3.1 seconds, scanning 2 QR codes took 7.30 seconds, and scanning 3 QR codes took 8.73 seconds (Table 7). ANOVA was used to test the differences, with a P value <.001.

We developed a QRST-AB, which assists patients in creating home rehabilitation records after discharge while ensuring the privacy, security, and efficiency of medical data transmission. The primary outcomes of our study are as follows. (1) We proposed a QR code authentication and encryption mechanism that leverages ChaCha20 encryption and the BLAKE3 hash function, reducing message inflation to as low as 2 bytes and enabling noninteractive cross-domain verification and data security in a zero-trust environment. (2) We developed an efficient combined data compression method, where the BPE+Avro+Gzip compression approach is 1.9 times more efficient than traditional Gzip compression, allowing a single patient’s medical record to be compressed into 1‐3 QR codes, thus improving the practicality and efficiency of QR code transmission in medical data scenarios. (3) The algorithm is provided in software development kit form, making it easy to deploy and use, which facilitates broader adoption.

In previous research, there have been instances of embedding medical data, as opposed to URL information, into QR codes for transmission. Specifically, Lin et al [8] encoded patients’ prescription information into QR codes, facilitating the use of these codes by patients at different pharmacies. The QR code encompassed information across 17 fields, including the patient’s name, identification, age, type of disease, name of medication, and date, among other critical data. Additionally, Nakayama from Japan [9] and Mathivanan from India [10,11] have successfully embedded electrocardiogram data into QR codes. Lauriot [12] adopted the approach of directly embedding the data results of imaging reports into a single QR code. Mao et al [13], on the other hand, used a different strategy; they segmented a file containing medical data and embedded the segmented data into consecutive QR codes, which were dynamically and continuously displayed in a streaming video. Users could capture this video stream with a smartphone and subsequently recover the relevant medical data from the QR codes.

However, in previous practices, despite the use of signal sampling and private encryption algorithms to enhance security when embedding electrocardiogram data into QR codes, medical texts are still embedded in plaintext, which may expose the data to interception by unauthorized third parties, leading to potential leakage of patient privacy information. Moreover, these cases generally lack user authentication mechanisms and exhibit low compression efficiency.

Prior to this work, several studies have proposed solutions for securing data transmission in untrusted environments. For example, [27] introduces authentication and encryption measures for military communication protocols to prevent man-in-the-middle and replay attacks. In [28], blockchain technology is used to establish a decentralized trust mechanism—for instance, similar to the framework described in [29], one can refer to its on-chain authentication and consensus processes to enhance data integrity and immutability when transmitting QR-embedded information. In the health care domain, [30] emphasizes the need to balance data security and privacy protection in telemedicine interoperability, which informs our design of QR code data encryption and client authentication. Moreover, [31] addresses deepfake disinformation strategies from a holistic cybersecurity perspective, offering guidance on ensuring the integrity and trustworthiness of data embedded in QR codes. Finally, [32] presents a hesitant fuzzy decision-making approach for usable-security assessment, which can be applied to optimize the usability of our underlying authentication workflow.

To address these security risks and efficiency issues, we have taken the following improvement measures. First, we have proposed a complete solution and an end-to-end communication mechanism, defined the protocol specifications, and added authentication information to the protocol header. We use cryptographic hash algorithms to verify the identity of the scanning user, preventing unauthorized users from scanning the QR code. Additionally, we use encrypted transmission, which remains secure even if a third party understands the principles of our algorithm, as they do not possess the ChaCha20 secret key, the Avro encoding schema, and the BPE tokenizer, and thus cannot decipher the contents of the QR code.

Second, we have proposed an efficient compression algorithm for patient medical record data, organically integrating JSON serialization technology, tokenization techniques based on large language models (including subword tokenization methods like BPE), and binary data compression technology. The combination of BPE+Avro+Gzip has achieved optimal compression performance. To date, there is no precedent for compressing electronic medical records using this combination. Although the transmission efficiency of QR codes is inherently limited and slow, our effective compression algorithm can significantly reduce the size of medical record data, thus greatly enhancing the practicality of QR codes in the transmission of medical information. Furthermore, our solution supports the transmission of multiple QR codes in a single transaction, thereby enabling the carriage of larger volumes of medical records and information.

Through our improvements and real-world data validation, the QRST-AB possesses the characteristics of encryption, authentication, efficiency, robustness, and scalability. This makes it well-suited for home rehabilitation registration scenarios and other situations requiring the transmission of patient privacy data.

There were some limitations to this study. First, due to the limited project timeline, validation was conducted using single-center data only. However, the algorithm was designed with flexibility for multicenter deployment and support for diverse disease types, which will be further validated in future studies. Second, when patient records are large and QR codes contain substantial data, poor network conditions may lead to delays in the decoder’s real-time response. Thirdly, the solution relies on manual scanning, and the patient’s digital health literacy may affect the user experience; however, most users are capable of performing scanning operations, which helps mitigate this issue.

We plan to conduct multicenter validation and extend support to other disease types, as well as optimize the algorithm to reduce response delays caused by large patient data volumes.

The QRST-AB algorithm efficiently compresses and transmits data in an encrypted manner and authenticates the identity of the scanning users, ensuring the privacy and security of medical data. Delivered as a software development kit, the algorithm offers straightforward implementation and usability, supporting its broad adoption across various applications. All code is publicly available through the QRST-AB GitHub repository.