Scientific journal paper
A blockchain-based architecture for dynamic and auditable patient consent in secondary use of health data
Sudip Phuyal (Phuyal, S.); Manila Bhandari (Bhandari, M.); Rabindra Bista (Bista, R.); Joao C Ferreira or Joao Ferreira (Ferreira, J. C.);
Journal Title
Blockchain in Healthcare Today
Year (definitive publication)
2026
Language
English
Country
United States of America
More Information
Web of Science®

This publication is not indexed in Web of Science®

Scopus

This publication is not indexed in Scopus

Google Scholar

This publication is not indexed in Google Scholar

This publication is not indexed in Overton

Abstract
Background: The secondary use of patient health data is critical for advancing clinical research, public health, and digital health innovation. However, traditional consent mechanisms are often static, complex, and insufficiently transparent, limiting patient control and trust. In response to regulatory requirements introduced by the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS), this article paper aims to design a secure, transparent, and revocable blockchain-based architecture for managing patient consent for the secondary use of health data, aligned with European legal frameworks and interoperability standards. Methods: A multilayered consent management architecture was designed by integrating blockchain smart contracts, decentralized identifiers, verifiable credentials, and Health Level Seven—Fast Healthcare Interoperability Resources. The system incorporates a patient-controlled digital wallet, off-chain health data storage, and on-chain enforcement of consent policies through smart contracts. Regulatory and technical requirements were systematically derived from GDPR and European Health EHDS provisions. The study follows a design science research methodology and includes threat modeling and a theoretical performance and scalability analysis. The design is guided by four core objectives: dynamic consent management, auditable governance, interoperability with healthcare standards, and compliance-by-design with European regulatory frameworks. Results: The proposed architecture enables secure creation, delegation, and revocation of patient consent through immutable blockchain-based logging and Fast Healthcare Interoperability Resources-compliant data exchange. Consent records are tamper-evident, while sensitive health data remain off-chain, ensuring data minimization and privacy protection. Consent attributes such as purpose limitation, duration, and data scope are explicitly modeled to comply with GDPR and EHDS requirements. Theoretical evaluation indicates that the architecture can scale to large healthcare data ecosystems when deployed on Ethereum-compatible blockchains combined with external storage solutions. Conclusions: This study presents a modular, standards-based consent management framework that enhances patient autonomy, supports regulatory compliance, and strengthens governance for the secondary use of health data. By combining blockchain, digital identity, and healthcare interoperability standards, the architecture addresses key legal and technical challenges of dynamic consent. Future work will focus on developing a user-centered prototype and conducting empirical validation in real-world secondary-use health data ecosystems.
Acknowledgements
--
Keywords
Blockchain,Consent management,Digital health,Health data,Interoperability,Reuse,Patient empowerment
Funding Records
Funding Reference Funding Entity
PRR-RE-C05-i01.02 Blockchain.PT
UID/PRR/06486/2025 Fundação para a Ciência e a Tecnologia
UID/06486/2025 Fundação para a Ciência e a Tecnologia