Artigo em revista científica Q1
HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications
Sudip Phuyal (Phuyal, S.); Manila Bhandari (Bhandari, M.); Rabindra Bista (Bista, R.); Joao C Ferreira or Joao Ferreira (Ferreira, J. C.);
Título Revista
International Journal of Medical Informatics
Ano (publicação definitiva)
2026
Língua
Inglês
País
Estados Unidos da América
Mais Informação
Web of Science®

N.º de citações: 0

(Última verificação: 2026-07-15 09:00)

Ver o registo na Web of Science®

Scopus

N.º de citações: 0

(Última verificação: 2026-07-02 22:20)

Ver o registo na Scopus

Google Scholar

N.º de citações: 1

(Última verificação: 2026-07-14 17:10)

Ver o registo no Google Scholar

Esta publicação não está indexada no Overton

Abstract/Resumo
Objective To assess whether HL7 FHIR Consent, as currently specified and deployed, is sufficient to support verifiable, regulation-aligned consent governance in distributed and cross-organisational health data sharing. Methods We conducted a qualitative critical analysis of FHIR Consent informed by (i) peer-reviewed implementation literature, (ii) national-scale consent exchange initiatives, and (iii) accountability requirements under GDPR and the European Health Data Space (EHDS). The analysis is organized into four dimensions: semantic interpretability, consent lifecycle management, runtime enforcement, and cross-organisational trust/auditability. Results FHIR Consent provides an interoperable representation of authorisation intent, but large-scale deployments remain limited by (1) non-canonical semantics across implementations, (2) lack of standardized lifecycle versioning and cross-organisational revocation propagation, (3) heterogeneous translation of declarative consent into enforceable access control, and (4) limited capability for independent verification of consent provenance and historical integrity across institutional boundaries. Conclusion We derive an architecture pattern that separates (a) standards-based consent representation (FHIR Consent), (b) local policy interpretation/enforcement, and (c) cross-organisational integrity verification. Cryptographic integrity anchoring is discussed as a complementary mechanism for tamper-evident verification of off-chain consent artifacts and lifecycle events, without externalizing consent semantics or personal data.
Agradecimentos/Acknowledgements
--
Palavras-chave
HL7 FHIR,Consent management,Healthcare data sharing,Interoperability,European Health Data Space,GDPR,Auditability,Governance,Blockchain,Integrity anchoring
  • Ciências da Computação e da Informação - Ciências Naturais
  • Ciências da Saúde - Ciências Médicas
Registos de financiamentos
Referência de financiamento Entidade Financiadora
UID/06486/2025 Fundação para a Ciência e a Tecnologia
UID/PRR/06486/2025 Fundação para a Ciência e a Tecnologia