Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

【Author】 Roman-Martinez, Isabel; Calvillo-Arbizu, Jorge; Mayor-Gallego, Vicente J. J.; Madinabeitia-Luque, German; Estepa-Alonso, Antonio J. J.; Estepa-Alonso, Rafael M. M.

【Source】IEEE ACCESS

【影响因子】3.476

【Abstract】Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a service-oriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.

【Keywords】Blockchains; Service-oriented architecture; Access control; Medical services; Health information management; General Data Protection Regulation; Blockchain; consent management; fast healthcare information resources (FHIR); general data protection regulation (GDPR); service-oriented architecture (SOA); business process management (BPM)

【发表时间】2023

【收录时间】2023-03-23

【文献类型】理论模型

【主题类别】

区块链应用-实体经济-医疗领域