Artigo em revista científica
A blockchain-based architecture for dynamic and auditable patient consent in secondary use of health data
Sudip Phuyal (Phuyal, S.); Manila Bhandari (Bhandari, M.); Rabindra Bista (Bista, R.); Joao C Ferreira or Joao Ferreira (Ferreira, J. C.);
Título Revista
Blockchain in Healthcare Today
Ano (publicação definitiva)
2026
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®

Esta publicação não está indexada na Web of Science®

Scopus

Esta publicação não está indexada na Scopus

Google Scholar

Esta publicação não está indexada no Google Scholar

Esta publicação não está indexada no Overton

Abstract/Resumo
Background: The secondary use of patient health data is critical for advancing clinical research, public health, and digital health innovation. However, traditional consent mechanisms are often static, complex, and insufficiently transparent, limiting patient control and trust. In response to regulatory requirements introduced by the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS), this article paper aims to design a secure, transparent, and revocable blockchain-based architecture for managing patient consent for the secondary use of health data, aligned with European legal frameworks and interoperability standards. Methods: A multilayered consent management architecture was designed by integrating blockchain smart contracts, decentralized identifiers, verifiable credentials, and Health Level Seven—Fast Healthcare Interoperability Resources. The system incorporates a patient-controlled digital wallet, off-chain health data storage, and on-chain enforcement of consent policies through smart contracts. Regulatory and technical requirements were systematically derived from GDPR and European Health EHDS provisions. The study follows a design science research methodology and includes threat modeling and a theoretical performance and scalability analysis. The design is guided by four core objectives: dynamic consent management, auditable governance, interoperability with healthcare standards, and compliance-by-design with European regulatory frameworks. Results: The proposed architecture enables secure creation, delegation, and revocation of patient consent through immutable blockchain-based logging and Fast Healthcare Interoperability Resources-compliant data exchange. Consent records are tamper-evident, while sensitive health data remain off-chain, ensuring data minimization and privacy protection. Consent attributes such as purpose limitation, duration, and data scope are explicitly modeled to comply with GDPR and EHDS requirements. Theoretical evaluation indicates that the architecture can scale to large healthcare data ecosystems when deployed on Ethereum-compatible blockchains combined with external storage solutions. Conclusions: This study presents a modular, standards-based consent management framework that enhances patient autonomy, supports regulatory compliance, and strengthens governance for the secondary use of health data. By combining blockchain, digital identity, and healthcare interoperability standards, the architecture addresses key legal and technical challenges of dynamic consent. Future work will focus on developing a user-centered prototype and conducting empirical validation in real-world secondary-use health data ecosystems.
Agradecimentos/Acknowledgements
--
Palavras-chave
Blockchain,Consent management,Digital health,Health data,Interoperability,Reuse,Patient empowerment
Registos de financiamentos
Referência de financiamento Entidade Financiadora
PRR-RE-C05-i01.02 Blockchain.PT
UID/PRR/06486/2025 Fundação para a Ciência e a Tecnologia
UID/06486/2025 Fundação para a Ciência e a Tecnologia