Scientific journal paper Q1
HL7 FHIR consent for healthcare data sharing: Challenges, opportunities and integrity implications
Sudip Phuyal (Phuyal, S.); Manila Bhandari (Bhandari, M.); Rabindra Bista (Bista, R.); Joao C Ferreira or Joao Ferreira (Ferreira, J. C.);
Journal Title
International Journal of Medical Informatics
Year (definitive publication)
2026
Language
English
Country
United States of America
More Information
Web of Science®

Times Cited: 0

(Last checked: 2026-07-15 09:00)

View record in Web of Science®

Scopus

Times Cited: 0

(Last checked: 2026-07-02 22:20)

View record in Scopus

Google Scholar

Times Cited: 1

(Last checked: 2026-07-14 17:10)

View record in Google Scholar

This publication is not indexed in Overton

Abstract
Objective To assess whether HL7 FHIR Consent, as currently specified and deployed, is sufficient to support verifiable, regulation-aligned consent governance in distributed and cross-organisational health data sharing. Methods We conducted a qualitative critical analysis of FHIR Consent informed by (i) peer-reviewed implementation literature, (ii) national-scale consent exchange initiatives, and (iii) accountability requirements under GDPR and the European Health Data Space (EHDS). The analysis is organized into four dimensions: semantic interpretability, consent lifecycle management, runtime enforcement, and cross-organisational trust/auditability. Results FHIR Consent provides an interoperable representation of authorisation intent, but large-scale deployments remain limited by (1) non-canonical semantics across implementations, (2) lack of standardized lifecycle versioning and cross-organisational revocation propagation, (3) heterogeneous translation of declarative consent into enforceable access control, and (4) limited capability for independent verification of consent provenance and historical integrity across institutional boundaries. Conclusion We derive an architecture pattern that separates (a) standards-based consent representation (FHIR Consent), (b) local policy interpretation/enforcement, and (c) cross-organisational integrity verification. Cryptographic integrity anchoring is discussed as a complementary mechanism for tamper-evident verification of off-chain consent artifacts and lifecycle events, without externalizing consent semantics or personal data.
Acknowledgements
--
Keywords
HL7 FHIR,Consent management,Healthcare data sharing,Interoperability,European Health Data Space,GDPR,Auditability,Governance,Blockchain,Integrity anchoring
  • Computer and Information Sciences - Natural Sciences
  • Health Sciences - Medical and Health Sciences
Funding Records
Funding Reference Funding Entity
UID/06486/2025 Fundação para a Ciência e a Tecnologia
UID/PRR/06486/2025 Fundação para a Ciência e a Tecnologia