Seminar: Auditing Consent Access with Ethereum Blockchain

Mahesh Kumar Gupta
M.Sc. Candidate
Supervisor: Dr. Edward Brown

Auditing Consent Access with Ethereum Blockchain

Department of Computer Science
Monday, July 30, 2018, 11:00 a.m., Room EN 2022


Patient consent for Personal Health Information (PHI) is central to the issue of privacy in Healthcare. Healthcare Organizations are generally required to obtain meaningful consent for the collection, use and disclosure of personal information that are consistent with government acts and regulations. As the healthcare industry comprises of many independent entities, referring and managing the consent submitted by the patient becomes complicated. Moreover, any change or update in technology adopted by any of the entities will limit the flexibility of current centralized consent management model and will suffer from the inconsistency of privacy consent within the system.

In this project a distributed consent management system using the Ethereum blockchain is proposed. This system separates the PHIfrom the consent directives and provides a distributed ledger of public consent directive. The directives can be accessed by any health information system and is independent of the technology of any health data providers. The project implements two primary use cases: 1) To save the consent directives defined by the patient using smart contracts over the blockchain network and then querying the consent for the external system. 2) Creating audit trails for the patient health information access by any actors to be able to audit the permission requests for
monitoring drug distribution. The implementation first use case gives a robust and technology independent consent management system. The second use case results in a system that helps in auditing the profile access which can be linked with the prescription filling by pharmacist and thereby monitoring drug distribution.