Healthc Inform Res.  2020 Oct;26(4):265-273. 10.4258/hir.2020.26.4.265.

Patient Consent Management by a Purpose-Based Consent Model for Electronic Health Record Based on Blockchain Technology

Affiliations
  • 1Institute of Innovative Research, Tokyo Institute of Technology, Yokohama, Japan

Abstract


Objectives
Currently, patients’ consent is essential to use their medical records for various purposes; however, most people give their consent using paper forms and have no control over it. Healthcare organizations also have difficulties in dealing with patient consent. The objective of this research is to develop a system for patients to manage their consent flexibly and for healthcare organizations to obtain patient consent efficiently for a variety of purposes.
Methods
We introduce a new e-consent model, which uses a purpose-based access control scheme; it is implemented by a blockchain system using Hyperledger Fabric. All metadata of patient records, consents, and data access are written immutably on the blockchain and shared among participant organizations. We also created a blockchain chaincode that performs business logic managing patient consent.
Results
We developed a prototype and checked business logics with the chaincode by validating doctors’ data access with purpose-based consent of patients stored in the blockchain. The results demonstrate that our system provides a fine-grained way of handling medical staff ’s access requests with diverse intended purposes for accessing data. In addition, patients can create, update, and withdraw their consents in the blockchain.
Conclusions
Our consent model is a solution for consent management both for patients and healthcare organizations. Our system, as a blockchain-based solution that provides high reliability and availability with transparency and traceability, is expected to be used not only for patient data sharing in hospitals, but also for data donation for biobank research purposes.

Keyword

Health Information Exchange, Electronic Health Records, Blockchain, Consent Forms, Access to Information

Figure

  • Figure 1 Example purpose-tree.

  • Figure 2 JSON array-type of the purpose-tree of Figure 1.

  • Figure 3 Simple example of a patient’s consent for a specific data in the state database.

  • Figure 4 Validation of requestor’s access request with patient’s consent list.

  • Figure 5 Typical structure of a blockchain.

  • Figure 6 Channel of hospitals for exchanging patient records in an Electronic Health Record (EHR) system.

  • Figure 7 Pseudocode of a part of a chaincode for patient consent management.

  • Figure 8 Pseudocode of a part of a chaincode for patient consent check.


Reference

References

1. World Health Organization, Council for International Organizations of Medical Sciences. International ethical guidelines for health-related research involving humans. Geneva, Switzerland: Council for International Organizations of Medical Sciences;2017.
2. World Medical Association. World Medical Association Declaration of Helsinki: ethical principles for medical research involving human subjects. JAMA. 2013; 310(20):2191–4.
3. Kaye J, Whitley EA, Lund D, Morrison M, Teare H, Melham K. Dynamic Consent: a patient interface for twenty-first century research networks. Eur J Hum Genet. 2015; 23(2):141–6.
Article
4. Budin-Ljosne I, Teare HJ, Kaye J, Beck S, Bentzen HB, Caenazzo L, et al. Dynamic Consent: a potential solution to some of the challenges of modern biomedical research. BMC Med Ethics. 2017; 18(1):4.
Article
5. Albanese G, Calbimonte JP, Schumacher M, Calvaresi D. Dynamic consent management for clinical trials via private blockchain technology. J Ambient Intell Humaniz Comput. 2020; Feb. 14. [Epub]. https://doi.org/10.1007/s12652-020-01761-1.
Article
6. Coiera E, Clarke R. e-Consent: the design and implementation of consumer consent mechanisms in an electronic environment. J Am Med Inform Assoc. 2004; 11(2):129–40.
Article
7. Wuyts K, Scandariato R, Verhenneman G, Joosen W. Integrating patient consent in e-health access control. Int J Secur Softw Eng. 2011; 2(2):1–24.
Article
8. Asghar MR, Russello G. Flexible and dynamic consent-capturing. Camenisch J, Kesdogan D, editors. Open problems in network security. Heidelberg, Germany: Springer;2011. p. 119–31.
Article
9. Benchoufi M, Ravaud P. Blockchain technology for improving clinical research quality. Trials. 2017; 18(1):335.
Article
10. Rantos K, Drosatos G, Kritsas A, Ilioudis C, Papanikolaou A, Filippidis AP. A blockchain-based platform for consent management of personal data processing in the IoT ecosystem. Secur Commun Netw. 2019; 2019:1431578.
Article
11. Mamo N, Martin GM, Desira M, Ellul B, Ebejer JP. Dwarna: a blockchain solution for dynamic consent in biobanking. Eur J Hum Genet. 2020; 28(5):609–26.
Article
12. Byun JW, Li N. Purpose based access control for privacy protection in relational database systems. VLDB J. 2008; 17(4):603–19.
Article
13. Byun JW, Bertino E, Li N. Purpose based access control of complex data for privacy protection. In : Proceedings of the 10th ACM Symposium on Access Control Models and Technologies; 2005 Jun 1–3; Stockholm, Sweden. p. 102–10.
Article
14. Kabir ME, Wang H, Bertino E. A conditional purpose-based access control model with dynamic roles. Expert Syst Appl. 2011; 38(3):1482–9.
15. Androulaki E, Barger A, Bortnikov V, Cachin C, Christidis K, De Caro A, et al. Hyperledger Fabric: a distributed operating system for permissioned blockchains. In : Proceedings of the 13th EuroSys Conference; 2018 Apr 23–26; Porto, Portugal. p. 1–15.
16. Hyperledger. What is Hyperledger Fabric [Internet]. Dublin, Ireland: Hyperledge;c2020. [cited at 2020 Sep 15]. Available from: https://hyperledger-fabric.readthedocs.io/en/latest/whatis.html .
17. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role-based access control models. Computer. 1996; 29(2):38–47.
Article
18. Zhang R, George A, Kim J, Johnson V, Ramesh B. Benefits of blockchain initiatives for value-based care: proposed framework. J Med Internet Res. 2019; 21(9):e13595.
Article
19. Nakamoto S. Bitcoin: a peer-to-peer electronic cash system. Bitcoin.org;2008. [cited at 2020 Sep 15]. Available from: https://bitcoin.org/en/bitcoin-paper .
20. Viriyasitavat W, Hoonsopon D. Blockchain characteristics and consensus in modern business processes. J Ind Inf Integr. 2019; 13:32–9.
Article
21. Tith D, Lee JS, Suzuki H, Wijesundara WM, Taira N, Obi T, et al. Application of blockchain to maintaining patient records in electronic health record for enhanced privacy, scalability, and availability. Healthc Inform Res. 2020; 26(1):3–12.
Article
22. Truong NB, Sun K, Lee GM, Guo Y. GDPR-compliant personal data management: a blockchain-based solution. IEEE Trans Inf Forensic Secur. 2019; 15:1746–61.
Article
23. General Data Protection Regulation. Art. 17 GDPR: Right to erasure (‘right to be forgotten’) [Internet]. Brussel, Belgium: European Union;c2020. [cited at 2020 Sep 15]. Available from: https://gdpr.eu/article-17-right-to-be-forgotten/ .
24. Gauravaram P. Security analysis of salt||password hashes. In : Proceedings of 2012 International Conference on Advanced Computer Science Applications and Technologies (ACSAT); 2012 Nov 26–28; Kuala Lumpur, Malaysia. p. 25–30.
Full Text Links
  • HIR
Actions
Cited
CITED
export Copy
Close
Share
  • Twitter
  • Facebook
Similar articles
Copyright © 2024 by Korean Association of Medical Journal Editors. All rights reserved.     E-mail: koreamed@kamje.or.kr