Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

Roman-Martinez, Isabel; Calvillo-Arbizu, Jorge; Mayor-Gallego, Vicente J.; Madinabeitia-Luque, German; Estepa, Antonio; Estepa, Rafael

doi:10.1109/access.2023.3242605

Cited by 12 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Distributed ledger technology (DLT), such as blockchain, can be used to deliver the information management component of consent management system [ 161 , 162 ]. DLT systems grant access to the genomic data if the data request matches the consent and complies with GDPR’s right to be forgotten, by detaching the ledger-based consent object from the genomic data that are stored elsewhere.…”

Section: Informed Consent Managementmentioning

confidence: 99%

Future-proofing genomic data and consent management: a comprehensive review of technology innovations

Oliva,

Kaphle,

Reguant

et al. 2024

GigaScience

View full text Add to dashboard Cite

Genomic information is increasingly used to inform medical treatments and manage future disease risks. However, any personal and societal gains must be carefully balanced against the risk to individuals contributing their genomic data. Expanding our understanding of actionable genomic insights requires researchers to access large global datasets to capture the complexity of genomic contribution to diseases. Similarly, clinicians need efficient access to a patient’s genome as well as population-representative historical records for evidence-based decisions. Both researchers and clinicians hence rely on participants to consent to the use of their genomic data, which in turn requires trust in the professional and ethical handling of this information. Here, we review existing and emerging solutions for secure and effective genomic information management, including storage, encryption, consent, and authorization that are needed to build participant trust. We discuss recent innovations in cloud computing, quantum-computing-proof encryption, and self-sovereign identity. These innovations can augment key developments from within the genomics community, notably GA4GH Passports and the Crypt4GH file container standard. We also explore how decentralized storage as well as the digital consenting process can offer culturally acceptable processes to encourage data contributions from ethnic minorities. We conclude that the individual and their right for self-determination needs to be put at the center of any genomics framework, because only on an individual level can the received benefits be accurately balanced against the risk of exposing private information.

show abstract

Section: Informed Consent Managementmentioning

confidence: 99%

Future-proofing genomic data and consent management: a comprehensive review of technology innovations

Oliva,

Kaphle,

Reguant

et al. 2024

GigaScience

View full text Add to dashboard Cite

show abstract

“…Roman-Martinez et al [18] suggested a service-oriented architecture for consent management, access control, and auditing of health data usage with a blockchain. By utilizing two separate blockchains for checking consent and auditing events, the authors developed a system with service-oriented architecture, which shares personal health data.…”

Section: B Consent-based Sharingmentioning

confidence: 99%

A Consent-Based Privacy-Compliant Personal Data-Sharing System

Park,

Oh,

Choi

2023

IEEE Access

View full text Add to dashboard Cite

Personal data is becoming increasingly valuable in business, as the insights that can be obtained from data processing continue to improve. However, it also can cause adverse effects on individuals. To improve data quality while satisfying privacy compliance, companies now have focused on collecting informed consent from individuals to directly handle personal data without applying any privacy-preserving techniques. Even though the companies obtain consent to use personal data, to improve transparency and accountability to ensure that companies deal with personal data according to consent, it is necessary for a system to comply with privacy requirements. Therefore, this paper proposes a new consent-based privacy-compliant personal data-sharing system that considers personal data-sharing flows and requirements obtained from enterprises and privacy frameworks, respectively. By analyzing a general process and the roles of actors for data sharing in enterprise environments according to standard privacy frameworks, this paper has proposed system requirements, system architecture, and detailed procedure for a consent-based privacycompliant processing method that considers compliance checking as well as consent checking. To show the feasibility of the proposed system, this paper demonstrates a prototype and the performance analysis in the lab and real-world environments.

show abstract