BLOCKCHAIN FOR CONSENT MANAGEMENT IN THE E-HEALTH
ENVIRONMENT: A NUGGET FOR PRIVACY AND SECURITY
CHALLENGE
Philippe Genestier1 [PhD], Sajida Zouarhi1 [MSc], Pascal Limeux1 [MSc], David Excoffier1
[MSc], Alain Prola1 [MSc], Stephane Sandon1 [MSc], Jean-Marc Temerson1 [MSc]
1
Orange Labs, 28 Chemin du vieux chêne - BP 98, 38243 Meylan Cedex, France,
[email protected]
Abstract
In our digital world, access to personal data has become an item of concern, with challenging
security and privacy aspects. Occurrences of hacking intentions and privacy violation make
digital trust a top challenge. This is true in the e-health area where patient’s health data
management must comply with many regulations, while remaining accessible to duly authorized
health practitioners.
Everyone has heard about Blockchain via its most known application which is Bitcoin, in the
payment area. Blockchain inner characteristics make it possible to fulfill the requirements of
consent management, as illustrated in our implementation within a health domain use case.
Keywords: Digital trust; Blockchain; privacy; security; auditability.
Introduction and use case
A critical point is for patients to be able to grant authorized persons a selected, partial or total
access to their personal data. This is called consent management and is a key point for e-health.
Existing solutions pretending to face the related challenges (governance, granularity, traceability)
show low suitability due to several disadvantages: confidence based on a single solution
provider, consents not being auditable by third parties, respect of privacy being in “all or
nothing” mode.
Figure 1. Existing solutions for consent management
Dedicated recording
for each application
Global access to data
for third party
•
•
•
•
reading rights
writing rights
anytime
over any kind of data
« whole or
nothing » mode
Result: low suitability of classical solutions
•
•
•
trust relying solely on the solution provider
consents are not auditable by third parties
respect of privacy in everything or nothing mode
In classical solutions, dedicated records are used: when a consent management function exists, it
is managed in silo, by each application, as illustrated in figure 1, and the user therefore has to
define his consents in each of them. Trust is based upon the sole application provider: unique
trusted third party.
Moreover, consent is generally given as global access for the whole set of user’s data in the
application: user has no way to divide his consent, no way to control the kind of use made of his
data.
Figure 2. New features for a consent management environment
Unified recording
through our solution
Access with fine grain
for a specified third party
1. User selects the data type
2. User defines the reading rights
3. User defines the writing rights
4. User defines the access temporality
In the « Orange Consent Management Service » solution we developed, these main issues are
solved using a Blockchain based solution, and in addition to that, we also make it possible to
share the consent management function among several applications (this last feature is illustrated
in Figure 2 above).
The main features that make Blockchain based solutions relevant for the selected use case are:

trust improvement, as trust no more relies on a single actor but is distributed among a
whole set of actors : approval of records and delivery of access authorization are totally
decentralized.

immutability due to impossibility of ledger falsification: non repudiation is effective
because data register are replicated, and once a consent is recorded, it can no longer be
modified neither deleted (if a modification is done, another consent is then recorded).
Going to this method provides a huge trust improvement due to a responsibility of consents
management ensured and distributed within several actors having different interest. This
mechanism is illustrated in Figure 3 below.
Transparency is also provided as auditability of consents by third parties is made possible.
Figure 3. Blockchain solution for consent management service
This transaction
is spread to
validating peer nodes
Consent reached !
Transaction integrated
in a Block being
added to the
blockchain
Arrival of a new consent
as a transaction
The consent is validated and then added to the Blockchain ledger.
It is available for consultation by any application third party
Different kinds of Blockchains exist: public blockchains (access is open with no restriction) like
Bitcoin1 or Ethereum2, and private or consortium blockchains (access to the network is restricted
to duly authorized actors). For sensitive data management, a solution of the consortium type has
been selected with Hyperledger 3.
In this type of protocol, one must be invited to become a “node” and be part of the transaction
and blocks validation process. Hyperledger provides a native security management, a
membership service and a modular architecture (customizable consent) and, moreover it is
industry oriented.
Method
The demonstrator we developed was built with Hyperledger and integrated in a medical data
collection chain. In this solution, the consents are managed in smart contracts (computing
programs offering operations such as “Create”, “Remove”, “Use”, “Delete”).
When a user defines a consent, he interacts with a consent smart contract to create a new
transaction, which is first memorized and then subsequently recorded in a block (once a majority
of nodes running Hyperledger have validated it); then this block is added to the ledger with
information that allow to ensure confidentiality and integrity of this block, but also of all the
previous ones.
Figure 4. Solution demonstrator, end to end vision
Third party
Third party
Third party
User
Patient
Data
management
server
Consent
management
server
Due to its intrinsic features (decentralization, built-in consensus, cryptographic techniques)
Blockchain (lower right part of figure 4) can be an innovative way to address the consent
management topic. That is why it was chosen to implement our patient consent management
function which is integrated in a medical data collection chain.
In complement to the Blockchain mechanism features, in the consent management function
which we demonstrated, we added a new feature providing finer grain for patients to manage
their consents: instead of being defined at the patient record level as in most existing solutions,
the consent is set up at the vital sign level, Digital trust4 is also improved since the consent data
recorded in the ledger are not under the responsibility of a single actor, but validated by a whole
set of consortium partners.
Results
The end to end vision of the solution demonstrator is described in figure 4 above, which displays
all actors, servers and sensors involved. In our specific use case, and for the purpose of our
scenario, we also combine the integration of our Continua data collection chain, and a multi-vital
signs sensor (Gogo EarBuds) which generates heart rate and steps measurements. The solution
works in four steps, detailed in figures 5 to 8 as follows.
The first step (figure 5 below) is the consent recording: it concerns the data owner (here, the
patient) who defines his consent (through the application giving access to his data), the consent
being recorded in the Blockchain through the consent management server.
Figure 5. Solution demonstrator, step 1: consent recording
Third party
Third party
Third party
User
Patient
Data
management
server
Consent
management
server
In a second step (Figure 6) the patients’ data recording is classically done via the Continua data
collection chain: from the Gogo earbuds sensor which measures heart rate and number of steps,
via the gateway application on the patient’s mobile phone (which also computes data derived
from the both measurements) and up to the data server.
Figure 6. Solution demonstrator, step 2: data collection
Third party
Third party
Third party
User
Patient
Sensor (1) and (2)
FHIR Message
Heart rate (1)
Number of walked steps (2)
Data
management
server
Consent
management
server
During the third step, illustrated in figure 7, third parties can only access the data for which the
patient has granted them authorization: upon a consultation request, the data management server
consults the consent management server which transmits recorded authorizations in the
Blockchain.
Figure 7: solution step 3: Data consultation by health professional
Third party
Health
professional
Practitioner
Third party
Coach
User
Patient
Fitness coach
Third party
Auditor
Heart rate (1)
Number of
walked steps
(2)
Data
management
server
Consent
management
server
Figure 8 depicts how the Blockchain is used for ledger consultation (simple reading).
Figure 8. Solution step 4: Blockchain status overview
Third party
Health professional
Third party
Coach
Third party
Auditor
User
Patient
Data
management
server
Consent
management
server
Thus, a smart solution has been developed and demonstrated for patients’ consent management.
This solution brings high governance: privacy is guaranteed, fine granularity too, with a precise
level of accuracy in data access control for selection, definition of access modalities.
In the end, a perfect traceability is made possible due to log of achieved actions: consent
recording as well as access to data themselves, all traced in time.
To summarize, an innovative solution for consent management has been developed, that could
also open new possibilities of data valuation. This work, which can be applied to a number of
domains other than e-Health (for example IoT), allows Orange customers to keep control of their
data, respect their privacy, using innovating technologies.
Future work
This solution has been demonstrated with a beta version of Hyperledger promoted by the Linux
Foundation and will thus need to be up-dated when the industrial grade solution will be released
(expected in March 2017) before any eventual large scale launch.
Last but not least, a remaining challenge is to check with actors of the health domain whether it
is possible to find a sufficient number of actors agreeing to be part of such a consortium.
Independently from that, the demonstrator will evolve in the frame of the Serene_IoT Penta5
European project where it will be implemented.
Conclusions
The high security and especially privacy regulations that apply in the health data sector need a
cautious care when personal medical data are handled. Patients’ empowerment through a better
personal data governance is also a critical feature to help them manage their pathology.
Our first research work shows that Blockchain is a good candidate towards a smart and reliable
solution to tackle these key issues in an innovative way.
Acknowledgements
Authors warmly thank Mrs Lan Wang and Mr Zili Lu, both from Orange Labs Bejiing, for their
active contribution to the multi-vital signs sensor and for fruitful discussions.
References
[1] Satoshi Nakamoto, October 2008, whitepaper, “Bitcoin: A Peer-to-Peer Electronic Cash System” available at
https://bitcoin.org/bitcoin.pdf last accessed 14 Januray 2017
[2] Vitalik Buterin, December 2013, Ethereum white paper, available at
https://github.com/ethereum/wiki/wiki/White-Paper last accessed 13 January 2017
[3] Hyperledger - White paper, (20 pages), available at
https://github.com/hyperledger/hyperledger/wiki/Whitepaper-WG last accessed 13 January 2017
[4] ILNAS (Institut Luxembourgeois de la normalisation, de l’accréditation, de la sécurité et qualité des produits et
services), Digital Trust White paper: Version 1 June 2012, 144 available at https://portail-
qualite.public.lu/fr/publications/confiance-numerique/etudes-nationales/Pub-ilnas-tudor-white-paperdigital-trust-june-2012-v1_0/ilnas-tudor-white-paper-digital-trust-june-2012-v1_0.pdf
last accessed 14 January 2017 , and Version 2.0 – June 2014
ISSN 2354-5003 ; 146 pages available at https://portail-qualite.public.lu/fr/publications/confiancenumerique/etudes-nationales/white-paper-digital-trust-june-2014/White-Paper-Digital-Trust-June-2014.pdf last
accessed 14 January 2017
[5] Serene_IoT Penta European project : http://www.penta-eureka.eu/ accessed 13 January 2017, and to be
published in http://www.penta-eureka.eu/projects/local_index.php as soon as this web section will be updated with
details on all PENTA projects after the first call is successfully running.
Authors details
Philippe Genestier (PhD) is working at Orange Labs since 1999 as a project manager. His
current activities include the responsibility of Orange’s eHealth research projects, e-health
services, dealing mainly with remote monitoring and interoperability, and the exploration of
Blockchain use possibilities in eHealth and IoT.
Sajida Zouarhi is an engineer and a PhD student in Computer Science and Network since 2014
with Orange labs and LIG (computer science laboratory of Grenoble).Her research work is about
“Quality of service of complex and heterogeneous systems for critical data transmission” and
Blockchain-based solutions.
Pascal Limeux is technical architect and security expert at Orange Labs. He has designed the
technical architecture of the Blockchain based Consent Management Service for data collection
chain in Continua environment and is specifically in charge of the implementation of the servers
and security aspects.
David Excoffier is an experienced R&D project manager. He worked for a decade in the
industrial field –aeronautic & spatial domains, and then was in charge for ten more years of
leading several national & international collaborative research projects in the M2M/IoT field.
David joined Orange Labs in 2015 to provide his leadership on research projects and his
expertise on Internet of Things, Fog Computing & Blockchain.
Alain Prola is application designer/developer on android platform. He has co-developed
Continua connector in e-health data collection chain. Previously he has developed several
mobile apps for emerging countries. Prior to that, he has worked 10 years in research in
microelectronics.
Stéphane Sandon, is a software engineer at Orange Labs. He worked on security protocols for
the French administration (www.service-public.fr) and is now expert on Android platform
development.
Jean-Marc Temerson is R&D engineer working in “Health and Data” at Orange Labs. After
involvement in collaborative projects management and preparation, and more recently in the eHealth area and medical image applications, he is now deeply involved in the “health data
collection chain” project.