A Blockchain-Based Architecture for Dynamic and Auditable Patient Consent in the Secondary Use of Health Data

Authors

  • Sudip Phuyal, MSc Information Sciences, Technology and Architecture Research Center (ISTAR-ISCTE), University Institute of Lisbon, Lisbon, Portugal https://orcid.org/0000-0001-7524-1843
  • Manila Bhandari, MSc Department of Computer Science and Engineering, Kathmandu University, Nepal https://orcid.org/0000-0002-8354-581X
  • Rabindra Bista, PhD Department of Computer Science and Engineering, Kathmandu University, Nepal
  • João Carlos Ferreira, PhD Department of Logistics, Molde University College, Molde, Norway https://orcid.org/0000-0002-6662-0806

DOI:

https://doi.org/10.30953/bhty.v9.491

Keywords:

blockchain, digital health, interoperability, patient empowerment, health data reuse, consent management

Abstract

Purpose: The secondary use of patient health data is critical for advancing clinical research, public health, and digital health innovation. However, traditional consent mechanisms are often static, complex, and insufficiently transparent, limiting patient control and trust. In response to regulatory requirements introduced by the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS), this paper aims to design a secure, transparent, and revocable blockchain-based architecture for managing patient consent for the secondary use of health data, aligned with European legal and interoperability standards.

Methods: A multi-layered consent management architecture was designed by integrating blockchain smart contracts, Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and HL7 FHIR resources. The system incorporates a patient-controlled digital wallet, off-chain health data storage, and on-chain enforcement of consent policies through smart contracts. Regulatory and technical requirements were systematically derived from GDPR and EHDS provisions. The study follows a Design Science Research methodology and includes threat modeling and a theoretical performance and scalability analysis.

Results: The proposed architecture enables secure creation, delegation, and revocation of patient consent through immutable blockchain-based logging and FHIR-compliant data exchange. Consent records are tamper-evident while sensitive health data remain off-chain, ensuring data minimization and privacy protection. Consent attributes such as purpose limitation, duration, and data scope are explicitly modeled to comply with GDPR and EHDS requirements. Theoretical evaluation indicates that the architecture can scale to large healthcare data ecosystems when deployed on Ethereum-compatible blockchains combined with external storage solutions.

Conclusions: This study presents a modular, standards-based consent management framework that enhances patient autonomy, supports regulatory compliance, and strengthens governance for the secondary use of health data. By combining blockchain, digital identity, and healthcare interoperability standards, the architecture addresses key legal and technical challenges of dynamic consent. Future work will focus on developing a user-centered prototype and conducting empirical validation in real-world secondary-use healthcare scenarios.

Downloads

Download data is not yet available.
TrendMD Widget
This plugin is active but no journal identifier has been configured. Please enter your TrendMD UUID in the plugin settings, or disable the plugin.

References

[1] J. Kaye, E.A. Whitley, D. Lund, M. Morrison, H. Teare, K. Melham, Dynamic consent: a patient interface for twenty-first century research networks, Eur. J. Hum. Genet. 23 (2015) 141–146. https://doi.org/10.1038/ejhg.2014.71.

[2] W.M. Charles, M.B. van der Waal, J. Flach, A. Bisschop, R.X. van der Waal, H. Es-Sbai, C.J. McLeod, Blockchain-Based Dynamic Consent and its Applications for Patient-Centric Research and Health Information Sharing: Protocol for an Integrative Review, JMIR Res. Protoc. 13 (2024). https://doi.org/10.2196/50339.

[3] S. Rodríguez-Mejías, S. Degli-Esposti, S. González-García, C.L. Parra-Calderón, Toward the European Health Data Space: The IMPaCT-Data secure infrastructure for EHR-based precision medicine research, J. Biomed. Inform. 156 (2024) 104670. https://doi.org/10.1016/j.jbi.2024.104670.

[4] Draft guideline to Health Data Access Bodies: How to implement opt-out from secondary use of electronic health data, TEHDAS2 Joint Action, n.d. https://tehdas.eu/wp-content/uploads/2025/09/draft-guideline-to-health-data-access-bodies-how-to-implement-opt-out-from-secondary-use-of-electronic-health-data.pdf (accessed December 25, 2025).

[5] Regulation (EU) 2025/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (Text with EEA relevance), 2025. http://data.europa.eu/eli/reg/2025/327/oj/eng (accessed August 14, 2025).

[6] Consumers, Health, Agriculture and Food Executive Agency., Assessment of the EU Member States’ rules on health data in the light of GDPR., Publications Office, LU, 2021. https://data.europa.eu/doi/10.2818/546193 (accessed December 9, 2025).

[7] D. Elangovan, C.S. Long, F.S. Bakrin, C.S. Tan, K.W. Goh, S.F. Yeoh, M.J. Loy, Z. Hussain, K.S. Lee, A.C. Idris, The use of blockchain technology in the health care sector: systematic review, JMIR Med. Inform. 10 (2022) e17278.

[8] P.K. Ghosh, A. Chakraborty, M. Hasan, K. Rashid, A.H. Siddique, Blockchain application in healthcare systems: a review, Systems 11 (2023) 38.

[9] O. Choudhury, H. Sarker, N. Rudolph, M. Foreman, N. Fay, M. Dhuliawala, I. Sylla, N. Fairoza, A.K. Das, Enforcing Human Subject Regulations using Blockchain and Smart Contracts, Blockchain Healthc. Today (2018). https://doi.org/10.30953/bhty.v1.10.

[10] A. Satybaldy, A. Hasselgren, M. Nowostawski, Decentralized Identity Management for E-Health Applications: State-of-the-Art and Guidance for Future Work, Blockchain Healthc. Today 5 (S1) (2022). https://doi.org/10.30953/bhty.v5.195.

[11] M. Benchoufi, P. Ravaud, Blockchain technology for improving clinical research quality, Trials 18 (2017) 335. https://doi.org/10.1186/s13063-017-2035-z.

[12] C.C. Agbo, Q.H. Mahmoud, J.M. Eklund, Blockchain technology in healthcare: a systematic review, Healthcare 7 (2019) 56.

[13] G. Carter, B. Chevellereau, H. Shahriar, S. Sneha, OpenPharma Blockchain on FHIR: An Interoperable Solution for Read-Only Health Records Exchange through Blockchain and Biometrics, Blockchain Healthc. Today 3 (2020). https://doi.org/10.30953/bhty.v3.120.

[14] P. Tabari, G. Costagliola, M. De Rosa, M. Boeker, State-of-the-art fast healthcare interoperability resources (fhir)–based data model and structure implementations: Systematic scoping review, JMIR Med. Inform. 12 (2024) e58445.

[15] M. Shaikh, S.A. Memon, A. Ebrahimi, U.K. Wiil, A Systematic Literature Review for Blockchain-Based Healthcare Implementations, Healthcare 13 (2025) 1087.

[16] A.R. Lee, D. Koo, I.K. Kim, E. Lee, S. Yoo, H.-Y. Lee, Opportunities and challenges of a dynamic consent-based application: personalized options for personal health data sharing and utilization, BMC Med. Ethics 25 (2024) 92. https://doi.org/10.1186/s12910-024-01091-3.

[17] E. Xiong, C. Bonner, A. King, Z.M. Bourne, M. Morgan, X. Tolosa, T. Stanton, K. Greaves, Insights From the Development of a Dynamic Consent Platform for the Australians Together Health Initiative (ATHENA) Program: Interview and Survey Study, JMIR Form. Res. 8 (2024) e57165. https://doi.org/10.2196/57165.

[18] B.C. Mak, B.T. Addeman, J. Chen, K.A. Papp, M.J. Gooderham, L.C. Guenther, Y. Liu, U.C. Broedl, M.E. Logger, Leveraging Blockchain Technology for Informed Consent Process and Patient Engagement in a Clinical Trial Pilot, Blockchain Healthc. Today 4 (2021). https://doi.org/10.30953/bhty.v4.182.

[19] D. Frempong, C.E. Benson, O. Oyasiji, A. Okesiji, Blockchain-Enabled Consent Management in Healthcare: A Framework for Enforcing Privacy Preferences and Regulatory Compliance, Health (N. Y.) 3 (2024) 5.

[20] C. Welzel, M. Ostermann, H.L. Smith, T. Minssen, T. Kirsten, S. Gilbert, Enabling secure and self determined health data sharing and consent management, Npj Digit. Med. 8 (2025) 560. https://doi.org/10.1038/s41746-025-01945-z.

[21] K. Peffers, T. Tuunanen, M.A. Rothenberger, S. Chatterjee, A Design Science Research Methodology for Information Systems Research, J. Manag. Inf. Syst. 24 (2007) 45–77. https://doi.org/10.2753/MIS0742-1222240302.

[22] T.R. Chhetri, A. Kurteva, R.J. DeLong, R. Hilscher, K. Korte, A. Fensel, Data protection by design tool for automated GDPR compliance verification based on semantically modeled informed consent, Sensors 22 (2022) 2763.

[23] K. Li, A. Lohachab, M. Dumontier, V. Urovi, Privacy preservation in blockchain-based healthcare data sharing: A systematic review, Peer--Peer Netw. Appl. 18 (2025) 302. https://doi.org/10.1007/s12083-025-02148-9.

[24] A.C. Ekblaw, MedRec: blockchain for medical data access, permission management and trend analysis, PhD Thesis, Massachusetts Institute of Technology, 2017. https://dspace.mit.edu/handle/1721.1/109658 (accessed December 24, 2025).

Published

2026-04-30

How to Cite

Phuyal, S., Bhandari, M., Bista, R., & Ferreira, J. C. (2026). A Blockchain-Based Architecture for Dynamic and Auditable Patient Consent in the Secondary Use of Health Data. Blockchain in Healthcare Today, 9(1). https://doi.org/10.30953/bhty.v9.491