Exportar Publicação

A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.

Exportar Referência (APA)
Phuyal, S., Bhandari, M., Bista, R. & Ferreira, J. C. (2026). Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation. IEEE Access. 14, 20309-20327
Exportar Referência (IEEE)
S. Phuyal et al.,  "Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation", in IEEE Access, vol. 14, pp. 20309-20327, 2026
Exportar BibTeX
@article{phuyal2026_1784186093130,
	author = "Phuyal, S. and Bhandari, M. and Bista, R. and Ferreira, J. C.",
	title = "Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation",
	journal = "IEEE Access",
	year = "2026",
	volume = "14",
	number = "",
	doi = "10.1109/ACCESS.2026.3661642",
	pages = "20309-20327",
	url = "https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639"
}
Exportar RIS
TY  - JOUR
TI  - Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation
T2  - IEEE Access
VL  - 14
AU  - Phuyal, S.
AU  - Bhandari, M.
AU  - Bista, R.
AU  - Ferreira, J. C.
PY  - 2026
SP  - 20309-20327
SN  - 2169-3536
DO  - 10.1109/ACCESS.2026.3661642
UR  - https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639
AB  - The cross-border use of health data is still limited by fragmented data models, weak guarantees around who is requesting access, and inconsistent mechanisms for obtaining and revoking patient consent. The European Health Data Space (EHDS) and the European Digital Identity (EUDI) framework aim to address these issues by giving citizens a portable digital identity and legally valid, auditable control over secondary use of their clinical data, but concrete, national-scale implementations are still missing. We present and evaluate a digital health wallet architecture for Norway that: 1) issues verifiable credentials to both patients and healthcare professionals; 2) records, enforces, and revokes patient consent on a permissioned distributed ledger; 3) verifies access rights using zero-knowledge proofs; and 4) bridges open Electronic Health Record (openEHR) repositories to EHDS-compliant Fast Healthcare Interoperability Resources (FHIR) bundles. The system is built on Hyperledger Besu, uses Groth16 proof circuits with Poseidon hashing for selective disclosure of consent, and encodes General Data Protection Regulation (GDPR) obligations directly into smart contract logic. The architecture was validated in a simulated hospital environment using synthetic ICU-style data. Professional onboarding and role verification completed in approximately 1.2 s (mean, std. 0.2 s). End-to-end consent issuance, verification, and on-ledger recording completed in under 3 s. On-chain verification of zero-knowledge proofs averaged 0.42 s (std. 0.09 s), supporting near real-time authorization without exposing patient identity. The FHIR–openEHR bridge achieved 98.5% mapping success between openEHR compositions and EHDS-mandated FHIR bundles. We further mapped each component to GDPR Articles 5, 7, 25, and 30, demonstrating explicit, revocable, and auditable consent with privacy by design. These results show that an EUDI-compatible digital health wallet can deliver verifiable identity, revocable consent, privacy-preserving auditability, and semantic interoperability fast enough for clinical use. Unlike prior blockchain proposals for consent management, this work demonstrates not only conceptual alignment with EHDS, but an implemented, measured architecture with national deployment potential.
ER  -