Exportar Publicação
A publicação pode ser exportada nos seguintes formatos: referência da APA (American Psychological Association), referência do IEEE (Institute of Electrical and Electronics Engineers), BibTeX e RIS.
Phuyal, S., Bhandari, M., Bista, R. & Ferreira, J. C. (2026). HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications. International Journal of Medical Informatics. 214
S. Phuyal et al., "HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications", in Int. Journal of Medical Informatics, vol. 214, 2026
@article{phuyal2026_1784186093250,
author = "Phuyal, S. and Bhandari, M. and Bista, R. and Ferreira, J. C.",
title = "HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications",
journal = "International Journal of Medical Informatics",
year = "2026",
volume = "214",
number = "",
doi = "10.1016/j.ijmedinf.2026.106405",
url = "https://www.sciencedirect.com/journal/international-journal-of-medical-informatics"
}
TY - JOUR TI - HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications T2 - International Journal of Medical Informatics VL - 214 AU - Phuyal, S. AU - Bhandari, M. AU - Bista, R. AU - Ferreira, J. C. PY - 2026 SN - 1386-5056 DO - 10.1016/j.ijmedinf.2026.106405 UR - https://www.sciencedirect.com/journal/international-journal-of-medical-informatics AB - Objective To assess whether HL7 FHIR Consent, as currently specified and deployed, is sufficient to support verifiable, regulation-aligned consent governance in distributed and cross-organisational health data sharing. Methods We conducted a qualitative critical analysis of FHIR Consent informed by (i) peer-reviewed implementation literature, (ii) national-scale consent exchange initiatives, and (iii) accountability requirements under GDPR and the European Health Data Space (EHDS). The analysis is organized into four dimensions: semantic interpretability, consent lifecycle management, runtime enforcement, and cross-organisational trust/auditability. Results FHIR Consent provides an interoperable representation of authorisation intent, but large-scale deployments remain limited by (1) non-canonical semantics across implementations, (2) lack of standardized lifecycle versioning and cross-organisational revocation propagation, (3) heterogeneous translation of declarative consent into enforceable access control, and (4) limited capability for independent verification of consent provenance and historical integrity across institutional boundaries. Conclusion We derive an architecture pattern that separates (a) standards-based consent representation (FHIR Consent), (b) local policy interpretation/enforcement, and (c) cross-organisational integrity verification. Cryptographic integrity anchoring is discussed as a complementary mechanism for tamper-evident verification of off-chain consent artifacts and lifecycle events, without externalizing consent semantics or personal data. ER -
English