Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment

Size: px

Start display at page:

Download "Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment"

Brent Lee
5 years ago
Views:

1 Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment Gary Leeming, Chief Technology Officer Connected Health Cities, University of Manchester 1

2 Connected Health Cities Development of digital learning health systems Improved health and wealth for the UK 15 million Social contract with local citizens to use their data (3-5 million)

3 Learning Health System

4 What is GDPR? New EU data protection legislation Increases protections and rights for use of citizens data Sensitive data, such as health, has further protections Balanced against research requirements But untested in law so uncertainty remains

5 Consent, data and research Consent carries different meanings research requires informed consent Consent is not the only model for accessing data in health research Anonymised data not protected but patient level data has risks of re-identification How do we keep citizens informed and involved in use of data?

6 Blockchain in Health Research Distributed Ledger Technology can be applied to healthcare data sharing agreements to: Remove the need for trusted third parties Ensure auditable trails of data sharing requests and permissions Offer field tested state of the art in privacy and encryption

7 Consent Use Case Take the underlying technology (Distributed Ledgers) and apply it to a consent model (Research / Secondary use) Allow patients fine-grained control / view of who can use their data and for what purpose Technical solution consent model is adaptable

8 Design Aims Allow patients fine-grained control / view of who can use their data and for what purpose (Completely) Distributed / Decentralised Secure Anonymous / Strongly identifiable Robust Provable transactions / transparent auditing For recording of consent not management of data

9 Design and Implementation Test version implemented on private Ethereum ledger Ethereum selected because of ability to easily implement contracts

10 Research Organisations propose topics of research and Participants grant permission for Data Custodians to release their data for that particular use Three classes of user

11 Research Organisation Post research requests ( Proposals ) Run blockchain nodes Use inbuilt gas mechanism for participation impetus Submit off-chain data request with proposal signature Publish / push research results

12 Data Owner Data Custodian Manage access to patient data Act on behalf of participant (contractually) Grant publication of research requests to Research Organisations Revoke research requests

13 Participant View proposals View outcomes Set Preferences General (Allow, Consent, Deny) Proposal Type (Grant, Consent, Deny) Pharma, Public, Gov, NHS, Insurance etc Proposal (Grant, Deny)

14 Future Development Reimbursement for use of data Management of data assets and compute Reproducibility Integration with other Ethereum applications, e.g. UPort

15 Contact With thanks to Prof. John Ainsworth and Dr James Cunningham Cunningham, J, Leeming, G, Ainsworth, J Computable Information Governance Contracts, January 2017, Studies in health technology and informatics 235: , DOI: / Cunningham, J, Ainsworth, J Enabling Patient Control of Personal Electronic Health Records Through Distributed Ledger Technology, January 2017, Studies in health technology and informatics 245:45-48

Decentralized Identity for a Decentralized World. Alex Simons Partner Director Program Management, Identity Division Microsoft

Decentralized Identity for a Decentralized World Alex Simons Partner Director Program Management, Identity Division Microsoft Today Your Identity == App(username, password) However u s e r n a m e Your