A Blockchain-Based Architecture for Dynamic and Auditable Patient Consent in the Secondary Use of Health Data
DOI:
https://doi.org/10.30953/bhty.v9.491Keywords:
blockchain, digital health, interoperability, patient empowerment, health data reuse, consent managementAbstract
Purpose: The secondary use of patient health data is critical for advancing clinical research, public health, and digital health innovation. However, traditional consent mechanisms are often static, complex, and insufficiently transparent, limiting patient control and trust. In response to regulatory requirements introduced by the General Data Protection Regulation (GDPR) and the European Health Data Space (EHDS), this paper aims to design a secure, transparent, and revocable blockchain-based architecture for managing patient consent for the secondary use of health data, aligned with European legal and interoperability standards.
Methods: A multi-layered consent management architecture was designed by integrating blockchain smart contracts, Decentralized Identifiers (DIDs), Verifiable Credentials (VCs), and HL7 FHIR resources. The system incorporates a patient-controlled digital wallet, off-chain health data storage, and on-chain enforcement of consent policies through smart contracts. Regulatory and technical requirements were systematically derived from GDPR and EHDS provisions. The study follows a Design Science Research methodology and includes threat modeling and a theoretical performance and scalability analysis.
Results: The proposed architecture enables secure creation, delegation, and revocation of patient consent through immutable blockchain-based logging and FHIR-compliant data exchange. Consent records are tamper-evident while sensitive health data remain off-chain, ensuring data minimization and privacy protection. Consent attributes such as purpose limitation, duration, and data scope are explicitly modeled to comply with GDPR and EHDS requirements. Theoretical evaluation indicates that the architecture can scale to large healthcare data ecosystems when deployed on Ethereum-compatible blockchains combined with external storage solutions.
Conclusions: This study presents a modular, standards-based consent management framework that enhances patient autonomy, supports regulatory compliance, and strengthens governance for the secondary use of health data. By combining blockchain, digital identity, and healthcare interoperability standards, the architecture addresses key legal and technical challenges of dynamic consent. Future work will focus on developing a user-centered prototype and conducting empirical validation in real-world secondary-use healthcare scenarios.
Downloads
References
[1] J. Kaye, E.A. Whitley, D. Lund, M. Morrison, H. Teare, K. Melham, Dynamic consent: a patient interface for twenty-first century research networks, Eur. J. Hum. Genet. 23 (2015) 141–146. https://doi.org/10.1038/ejhg.2014.71.
[2] W.M. Charles, M.B. van der Waal, J. Flach, A. Bisschop, R.X. van der Waal, H. Es-Sbai, C.J. McLeod, Blockchain-Based Dynamic Consent and its Applications for Patient-Centric Research and Health Information Sharing: Protocol for an Integrative Review, JMIR Res. Protoc. 13 (2024). https://doi.org/10.2196/50339.
[3] S. Rodríguez-Mejías, S. Degli-Esposti, S. González-García, C.L. Parra-Calderón, Toward the European Health Data Space: The IMPaCT-Data secure infrastructure for EHR-based precision medicine research, J. Biomed. Inform. 156 (2024) 104670. https://doi.org/10.1016/j.jbi.2024.104670.
[4] Draft guideline to Health Data Access Bodies: How to implement opt-out from secondary use of electronic health data, TEHDAS2 Joint Action, n.d. https://tehdas.eu/wp-content/uploads/2025/09/draft-guideline-to-health-data-access-bodies-how-to-implement-opt-out-from-secondary-use-of-electronic-health-data.pdf (accessed December 25, 2025).
[5] Regulation (EU) 2025/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (Text with EEA relevance), 2025. http://data.europa.eu/eli/reg/2025/327/oj/eng (accessed August 14, 2025).
[6] Consumers, Health, Agriculture and Food Executive Agency., Assessment of the EU Member States’ rules on health data in the light of GDPR., Publications Office, LU, 2021. https://data.europa.eu/doi/10.2818/546193 (accessed December 9, 2025).
[7] D. Elangovan, C.S. Long, F.S. Bakrin, C.S. Tan, K.W. Goh, S.F. Yeoh, M.J. Loy, Z. Hussain, K.S. Lee, A.C. Idris, The use of blockchain technology in the health care sector: systematic review, JMIR Med. Inform. 10 (2022) e17278.
[8] P.K. Ghosh, A. Chakraborty, M. Hasan, K. Rashid, A.H. Siddique, Blockchain application in healthcare systems: a review, Systems 11 (2023) 38.
[9] O. Choudhury, H. Sarker, N. Rudolph, M. Foreman, N. Fay, M. Dhuliawala, I. Sylla, N. Fairoza, A.K. Das, Enforcing Human Subject Regulations using Blockchain and Smart Contracts, Blockchain Healthc. Today (2018). https://doi.org/10.30953/bhty.v1.10.
[10] A. Satybaldy, A. Hasselgren, M. Nowostawski, Decentralized Identity Management for E-Health Applications: State-of-the-Art and Guidance for Future Work, Blockchain Healthc. Today 5 (S1) (2022). https://doi.org/10.30953/bhty.v5.195.
[11] M. Benchoufi, P. Ravaud, Blockchain technology for improving clinical research quality, Trials 18 (2017) 335. https://doi.org/10.1186/s13063-017-2035-z.
[12] C.C. Agbo, Q.H. Mahmoud, J.M. Eklund, Blockchain technology in healthcare: a systematic review, Healthcare 7 (2019) 56.
[13] G. Carter, B. Chevellereau, H. Shahriar, S. Sneha, OpenPharma Blockchain on FHIR: An Interoperable Solution for Read-Only Health Records Exchange through Blockchain and Biometrics, Blockchain Healthc. Today 3 (2020). https://doi.org/10.30953/bhty.v3.120.
[14] P. Tabari, G. Costagliola, M. De Rosa, M. Boeker, State-of-the-art fast healthcare interoperability resources (fhir)–based data model and structure implementations: Systematic scoping review, JMIR Med. Inform. 12 (2024) e58445.
[15] M. Shaikh, S.A. Memon, A. Ebrahimi, U.K. Wiil, A Systematic Literature Review for Blockchain-Based Healthcare Implementations, Healthcare 13 (2025) 1087.
[16] A.R. Lee, D. Koo, I.K. Kim, E. Lee, S. Yoo, H.-Y. Lee, Opportunities and challenges of a dynamic consent-based application: personalized options for personal health data sharing and utilization, BMC Med. Ethics 25 (2024) 92. https://doi.org/10.1186/s12910-024-01091-3.
[17] E. Xiong, C. Bonner, A. King, Z.M. Bourne, M. Morgan, X. Tolosa, T. Stanton, K. Greaves, Insights From the Development of a Dynamic Consent Platform for the Australians Together Health Initiative (ATHENA) Program: Interview and Survey Study, JMIR Form. Res. 8 (2024) e57165. https://doi.org/10.2196/57165.
[18] B.C. Mak, B.T. Addeman, J. Chen, K.A. Papp, M.J. Gooderham, L.C. Guenther, Y. Liu, U.C. Broedl, M.E. Logger, Leveraging Blockchain Technology for Informed Consent Process and Patient Engagement in a Clinical Trial Pilot, Blockchain Healthc. Today 4 (2021). https://doi.org/10.30953/bhty.v4.182.
[19] D. Frempong, C.E. Benson, O. Oyasiji, A. Okesiji, Blockchain-Enabled Consent Management in Healthcare: A Framework for Enforcing Privacy Preferences and Regulatory Compliance, Health (N. Y.) 3 (2024) 5.
[20] C. Welzel, M. Ostermann, H.L. Smith, T. Minssen, T. Kirsten, S. Gilbert, Enabling secure and self determined health data sharing and consent management, Npj Digit. Med. 8 (2025) 560. https://doi.org/10.1038/s41746-025-01945-z.
[21] K. Peffers, T. Tuunanen, M.A. Rothenberger, S. Chatterjee, A Design Science Research Methodology for Information Systems Research, J. Manag. Inf. Syst. 24 (2007) 45–77. https://doi.org/10.2753/MIS0742-1222240302.
[22] T.R. Chhetri, A. Kurteva, R.J. DeLong, R. Hilscher, K. Korte, A. Fensel, Data protection by design tool for automated GDPR compliance verification based on semantically modeled informed consent, Sensors 22 (2022) 2763.
[23] K. Li, A. Lohachab, M. Dumontier, V. Urovi, Privacy preservation in blockchain-based healthcare data sharing: A systematic review, Peer--Peer Netw. Appl. 18 (2025) 302. https://doi.org/10.1007/s12083-025-02148-9.
[24] A.C. Ekblaw, MedRec: blockchain for medical data access, permission management and trend analysis, PhD Thesis, Massachusetts Institute of Technology, 2017. https://dspace.mit.edu/handle/1721.1/109658 (accessed December 24, 2025).
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Sudip Phuyal, MSc, Manila Bhandari, MSc, Rabindra Bista, PhD, João Carlos Ferreira, PhD

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors retain copyright of their work, with first publication rights granted to Blockchain in Healthcare Today (BHTY). Read the full Copyright Statement.













