Ciência_Iscte
Publicações
Descrição Detalhada da Publicação
Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation
Título Revista
IEEE Access
Ano (publicação definitiva)
2026
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®
Scopus
Google Scholar
Esta publicação não está indexada no Overton
Abstract/Resumo
The cross-border use of health data is still limited by fragmented data models, weak guarantees around who is requesting access, and inconsistent mechanisms for obtaining and revoking patient consent. The European Health Data Space (EHDS) and the European Digital Identity (EUDI) framework aim to address these issues by giving citizens a portable digital identity and legally valid, auditable control over secondary use of their clinical data, but concrete, national-scale implementations are still missing. We present and evaluate a digital health wallet architecture for Norway that: 1) issues verifiable credentials to both patients and healthcare professionals; 2) records, enforces, and revokes patient consent on a permissioned distributed ledger; 3) verifies access rights using zero-knowledge proofs; and 4) bridges open Electronic Health Record (openEHR) repositories to EHDS-compliant Fast Healthcare Interoperability Resources (FHIR) bundles. The system is built on Hyperledger Besu, uses Groth16 proof circuits with Poseidon hashing for selective disclosure of consent, and encodes General Data Protection Regulation (GDPR) obligations directly into smart contract logic. The architecture was validated in a simulated hospital environment using synthetic ICU-style data. Professional onboarding and role verification completed in approximately 1.2 s (mean, std. 0.2 s). End-to-end consent issuance, verification, and on-ledger recording completed in under 3 s. On-chain verification of zero-knowledge proofs averaged 0.42 s (std. 0.09 s), supporting near real-time authorization without exposing patient identity. The FHIR–openEHR bridge achieved 98.5% mapping success between openEHR compositions and EHDS-mandated FHIR bundles. We further mapped each component to GDPR Articles 5, 7, 25, and 30, demonstrating explicit, revocable, and auditable consent with privacy by design. These results show that an EUDI-compatible digital health wallet can deliver verifiable identity, revocable consent, privacy-preserving auditability, and semantic interoperability fast enough for clinical use. Unlike prior blockchain proposals for consent management, this work demonstrates not only conceptual alignment with EHDS, but an implemented, measured architecture with national deployment potential.
Agradecimentos/Acknowledgements
--
Palavras-chave
Consent management,Digital health wallet,Distributed ledger technology,FHIR,Healthcare professional authentication,Interoperable EHR,openEHR,Patient data management
Classificação Fields of Science and Technology
- Ciências da Computação e da Informação - Ciências Naturais
- Ciências da Saúde - Ciências Médicas
Registos de financiamentos
| Referência de financiamento | Entidade Financiadora |
|---|---|
| UID/06486/2025 | Fundação para a Ciência e a Tecnologia |
| UID/PRR/06486/2025 | Fundação para a Ciência e a Tecnologia |
English