Start Your Search

E. Brown



Author of

  • +

    OS27 - Disrupting Technology into the Next Decade (ID 43)

    • Event: e-Health 2018 Virtual Meeting
    • Type: Oral Session
    • Track: Technical/Interoperability
    • Presentations: 1
    • +

      OS27.01 - Distributed Consent Management by Blockchain (ID 477)

      E. Brown, Computer Science, Memorial University; St. John's/CA

      • Abstract
      • Slides

      Purpose/Objectives: Different medical software applications are adopted proliferate for different purposes and organizations, including clinics, hospitals and pharmacies. The difficulty of enforcing consistent privacy and consent rules in multiple systems is one factor encouraging centralized data management. Centralized data repositories may then attempt to leverage technologies such as portals to mimic interoperability instead of actually supporting data exchange protocols. This paper presents an alternative approach which separates consent management from data records. Consent directives are maintained in a blockchain’s ledger, which is distributed and publicly accessible. As a consequence of blockchain technology, this consent ledger can be copied and re-distributed, is inherently consistent and reliable across different applications, is immutably secure with respect to consent history, and can be referenced by any records system, including paper records. Since the consent ledger is public, the resulting infrastructure allows any application or user to verify consent without requiring special authorization to access the ledger. Future designs, technology or records systems will also have access to the ledger without requireing re-engineering or revision to the blockchain. Additional implementation to enforce privacy and consent rules for different systems is not necessary since all systems can access the same distributed consent ledger. Access is unconstrained since the consent ledger is public and replicable. Since health record data is not stored with the consent ledger, public accessibility of the ledger does not increase the risk of privacy breach.

      Methodology/Approach: A demonstration implementation is provided using Solidity e-contract language under the Ethereum blockchain technology.

      Finding/Results: We illustrate a consent directive model which supports authorization, delegation and revocation of consent. It also supports configurable data specification within consent directives, so any data storage technology or data type can be referenced. The semantics for describing record data can be revised, without modifying the model, so changes in regulations or health policy can be reflected without requiring software revision.

      Conclusion/Implications/Recommendations: We argue that the flexibility of an open consent model and reference implementation for any record and data technology can encompass existing privacy enforcement mechanisms, such as role based access control, since such mechanisms can be mimicked by determining or redefining consent directive semantics. In addition, there is deceased risk of technology or regulation lock-in, as technology, legislation and social policy of today are less prone to become part of the the out-of-date and too-expensive-to-replace legacy systems of tomorrow.

      140 Character Summary: A blockchain health consent ledger increases flexibility in privacy protection, avoids technology lock-in and allows health information policy to evolve.

      Only Active Members that have purchased this event or have registered via an access code will be able to view this content. To view this presentation, please login or select "Add to Cart" and proceed to checkout.