Ciência_Iscte
Publications
Publication Detailed Description
Enabling cross-institution health data sharing in Norway: EUDI wallets, on-chain consent, and openEHR↔FHIR translation
Journal Title
IEEE Access
Year (definitive publication)
2026
Language
English
Country
United States of America
More Information
Web of Science®
Scopus
Google Scholar
This publication is not indexed in Overton
Abstract
The cross-border use of health data is still limited by fragmented data models, weak guarantees around who is requesting access, and inconsistent mechanisms for obtaining and revoking patient consent. The European Health Data Space (EHDS) and the European Digital Identity (EUDI) framework aim to address these issues by giving citizens a portable digital identity and legally valid, auditable control over secondary use of their clinical data, but concrete, national-scale implementations are still missing. We present and evaluate a digital health wallet architecture for Norway that: 1) issues verifiable credentials to both patients and healthcare professionals; 2) records, enforces, and revokes patient consent on a permissioned distributed ledger; 3) verifies access rights using zero-knowledge proofs; and 4) bridges open Electronic Health Record (openEHR) repositories to EHDS-compliant Fast Healthcare Interoperability Resources (FHIR) bundles. The system is built on Hyperledger Besu, uses Groth16 proof circuits with Poseidon hashing for selective disclosure of consent, and encodes General Data Protection Regulation (GDPR) obligations directly into smart contract logic. The architecture was validated in a simulated hospital environment using synthetic ICU-style data. Professional onboarding and role verification completed in approximately 1.2 s (mean, std. 0.2 s). End-to-end consent issuance, verification, and on-ledger recording completed in under 3 s. On-chain verification of zero-knowledge proofs averaged 0.42 s (std. 0.09 s), supporting near real-time authorization without exposing patient identity. The FHIR–openEHR bridge achieved 98.5% mapping success between openEHR compositions and EHDS-mandated FHIR bundles. We further mapped each component to GDPR Articles 5, 7, 25, and 30, demonstrating explicit, revocable, and auditable consent with privacy by design. These results show that an EUDI-compatible digital health wallet can deliver verifiable identity, revocable consent, privacy-preserving auditability, and semantic interoperability fast enough for clinical use. Unlike prior blockchain proposals for consent management, this work demonstrates not only conceptual alignment with EHDS, but an implemented, measured architecture with national deployment potential.
Acknowledgements
--
Keywords
Consent management,Digital health wallet,Distributed ledger technology,FHIR,Healthcare professional authentication,Interoperable EHR,openEHR,Patient data management
Fields of Science and Technology Classification
- Computer and Information Sciences - Natural Sciences
- Health Sciences - Medical and Health Sciences
Funding Records
| Funding Reference | Funding Entity |
|---|---|
| UID/06486/2025 | Fundação para a Ciência e a Tecnologia |
| UID/PRR/06486/2025 | Fundação para a Ciência e a Tecnologia |
Português