A Blockchain-Based Consent Mechanism for Access to Fitness Data in the Healthcare Context

TL;DR

This paper proposes a blockchain-based, user-controlled consent system for sharing sensitive fitness data, addressing privacy and legal compliance issues in healthcare data management.

Contribution

It introduces a novel decentralized consent architecture utilizing blockchain and smart contracts, with formal security evaluation demonstrating its trustworthiness.

Findings

Blockchain effectively records user consent for fitness data.

The system is legally compliant and transparent.

Formal security modeling confirms its trustworthiness.

Abstract

Wearable fitness devices are widely used to track an individual's health and physical activities to improve the quality of health services. These devices sense a considerable amount of sensitive data processed by a centralized third party. While many researchers have thoroughly evaluated privacy issues surrounding wearable fitness trackers, no study has addressed privacy issues in trackers by giving control of the data to the user. Blockchain is an emerging technology with outstanding advantages in resolving consent management privacy concerns. As there are no fully transparent, legally compliant solutions for sharing personal fitness data, this study introduces an architecture for a human-centric, legally compliant, decentralized and dynamic consent system based on blockchain and smart contracts. Algorithms and sequence diagrams of the proposed system's activities show consent-related data flow among various agents, which are used later to prove the system's trustworthiness by formalizing the security requirements. The security properties of the proposed system were evaluated using the formal security modeling framework SeMF, which demonstrates the feasibility of the solution at an abstract level based on formal language theory. As a result, we have empirically proven that blockchain technology is suitable for mitigating the privacy issues of fitness providers by recording individuals' consent using blockchain and smart contracts.