GDPR Compliance for Blockchain Applications in Healthcare

TL;DR

This paper explores how blockchain can be used in healthcare to improve data interoperability and privacy while complying with GDPR, highlighting current limitations and design considerations for developers.

Contribution

It provides an analysis of GDPR compliance challenges in blockchain healthcare applications and emphasizes the need for design choices to ensure legal adherence.

Findings

Most proof-of-concept blockchain health applications partially comply with GDPR.

No existing blockchain platform offers out-of-the-box GDPR compliance.

Design decisions are crucial for achieving GDPR compliance in blockchain health solutions.

Abstract

The transparent and decentralized characteristics associated with blockchain can be both appealing and problematic when applied to a healthcare use-case. As health data is highly sensitive, it is also highly regulated to ensure the privacy of patients. At the same time, access to health data and interoperability is in high demand. Regulatory frameworks such as GDPR and HIPAA are, amongst other objectives, meant to contribute to mitigating the risk of privacy violations in health data. Blockchain features can likely improve interoperability and access control to health data, and at the same time, preserve or even increase, the privacy of patients. Blockchain applications should address compliance with the current regulatory framework to increase real-world feasibility. This exploratory work indicates that published proof-of-concepts in the health domain comply with GDRP, to an extent. Blockchain developers need to make design choices to be compliant with GDPR since currently, none available blockchain platform can show compliance out of the box.