Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment

Similar documents
Decentralized Identity for a Decentralized World. Alex Simons Partner Director Program Management, Identity Division Microsoft

The Potential for Blockchain to Transform Electronic Health Records ARTICLE TECHNOLOGY. by John D. Halamka, MD, Andrew Lippman and Ariel Ekblaw

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Health Data & Blockchain: The New Sharing Frontier. Michael Dillhyon, CCO, Graftworx

Data Warehouse Risk Assessment (GDPR)

Blockchain and Additive Manufacturing

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

RESEARCH AND BIG DATA

Our Data Privacy Statement Scope Responsibilities

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

GDPR Workflow White Paper

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Cova Security Gates Ltd Privacy Notice. Unit C1, Sussex Manor Business Park, Crawley, West Sussex, RH10 9NH, United Kingdom

Project Isaacus - Leading Public and Private Actors beyond Big Data. Jaana Sinipuro, Project Director

Digital Health Cyber Security Centre

H2020-LEIT-ICT WP European Data Infrastructure ICT-13 Supporting the emergence of data markets and the data economy

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

Helping you to be GDPR compliant

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

Aspects of Identity. IGF November BCS Security Community of Expertise

PRIVACY NOTICE (TIER 4)

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

In Accountable IoT We Trust

Vanderbilt Video Surveillance. EU General Data Protection Regulation A Compliance Guide

ITU Workshop on Security Aspects of Blockchain (Geneva, Switzerland, 21 March 2017) Blockchains risk or mitigation?

WAVE: A decentralised authorization system for IoT via blockchain smart contracts

Case Study Vitality Justin Skinner Group Chief Risk Officer

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Legal Issues Surrounding the Internet of Things and Other Emerging Technology

PRIVACY POLICY OF THE WEB SITE

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

Blockchain as a Foundation for Sharing Healthcare Data

Data Subject Data Portability Request Form

FAQ about the General Data Protection Regulation (GDPR)

Spectrum Wellness Privacy Statement

White Paper. Blockchain alternatives: The case for CRAQ

Data protection declaration

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

Privacy based Public Key Infrastructure (PKI) using Smart Contract in Blockchain Technology

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Our Privacy Policy gives you detailed information on when and why we collect your personal information, how we use it and how we keep it secure.

Patient Information Security

Fair data and open data: differences and consequences

GDPR: A technical perspective from Arkivum

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

IDENTITY ASSURANCE PRINCIPLES

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

Information Security Incident

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Trustworthy user authentication, authorization, data integrity AND consent management

GDPR: A QUICK OVERVIEW

NHS R&D Forum Privacy Policy: FINAL v0.1 May 25 th 2018

The NIH Collaboratory Distributed Research Network: A Privacy Protecting Method for Sharing Research Data Sets

FIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT

Wonde may collect personal information directly from You when You:

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

PS Mailing Services Ltd Data Protection Policy May 2018

GDPR: The Day After. Pierre-Luc REFALO

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

What is this Privacy Policy for? The Website. Use of Cookies

Data Processor Agreement

Privacy Policy of

WELCOME ISO/IEC 27001:2017 Information Briefing

Token Sale Privacy Policy

Cyber Review Sample report

Extension Architecture Privacy Notice

PRIVACY NOTICE Olenex Sarl

General Data Protection Regulation (GDPR) Key Facts & FAQ s

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Google Cloud & the General Data Protection Regulation (GDPR)

UK SECURE eresearch PLATFORM

On the design of a Blockchain-based system to facilitate Healthcare Data Sharing

Railroad Medicare Electronic Data Interchange Application

Membership Privacy Notice. 31 August 2018

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Data Subject Access Request Form

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

Introductory guide to data sharing. lewissilkin.com

1) The Definition of Personal Data, the Legal Basis of Data Processing, the Concepts of Data Controller and Data Processor

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Employing the principles of My Data and blockchain in building trust in farm data sharing

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

General Data Protection Regulation (GDPR)

April 2018 Page 1 of 14

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Vistra International Expansion Limited PRIVACY NOTICE

BRIDGEWATER SURGERIES. Privacy Notice

NHS Wales. Dr Carwyn Lloyd-Jones

Privacy Notice for Customers

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Change Healthcare CLAIMS Provider Information Form *This form is to ensure accuracy in updating the appropriate account

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

The GDPR Are you ready?

Just-Property Ltd GDPR Client Data Register

Accelerate Digital Transformation

GDPR and the Privacy Shield

The website. Use of cookies. Introduction

Transcription:

Using Blockchain for Consent and Access to Private and Sensitive Data in the GDPR Environment Gary Leeming, Chief Technology Officer Connected Health Cities, University of Manchester 1

Connected Health Cities Development of digital learning health systems Improved health and wealth for the UK 15 million Social contract with local citizens to use their data (3-5 million)

Learning Health System

What is GDPR? New EU data protection legislation Increases protections and rights for use of citizens data Sensitive data, such as health, has further protections Balanced against research requirements But untested in law so uncertainty remains

Consent, data and research Consent carries different meanings research requires informed consent Consent is not the only model for accessing data in health research Anonymised data not protected but patient level data has risks of re-identification How do we keep citizens informed and involved in use of data?

Blockchain in Health Research Distributed Ledger Technology can be applied to healthcare data sharing agreements to: Remove the need for trusted third parties Ensure auditable trails of data sharing requests and permissions Offer field tested state of the art in privacy and encryption

Consent Use Case Take the underlying technology (Distributed Ledgers) and apply it to a consent model (Research / Secondary use) Allow patients fine-grained control / view of who can use their data and for what purpose Technical solution consent model is adaptable

Design Aims Allow patients fine-grained control / view of who can use their data and for what purpose (Completely) Distributed / Decentralised Secure Anonymous / Strongly identifiable Robust Provable transactions / transparent auditing For recording of consent not management of data

Design and Implementation Test version implemented on private Ethereum ledger Ethereum selected because of ability to easily implement contracts

Research Organisations propose topics of research and Participants grant permission for Data Custodians to release their data for that particular use Three classes of user

Research Organisation Post research requests ( Proposals ) Run blockchain nodes Use inbuilt gas mechanism for participation impetus Submit off-chain data request with proposal signature Publish / push research results

Data Owner Data Custodian Manage access to patient data Act on behalf of participant (contractually) Grant publication of research requests to Research Organisations Revoke research requests

Participant View proposals View outcomes Set Preferences General (Allow, Consent, Deny) Proposal Type (Grant, Consent, Deny) Pharma, Public, Gov, NHS, Insurance etc Proposal (Grant, Deny)

Future Development Reimbursement for use of data Management of data assets and compute Reproducibility Integration with other Ethereum applications, e.g. UPort

Contact Details gary.leeming@manchester.ac.uk @grazulis With thanks to Prof. John Ainsworth and Dr James Cunningham Cunningham, J, Leeming, G, Ainsworth, J Computable Information Governance Contracts, January 2017, Studies in health technology and informatics 235:476-480, DOI: 10.3233/978-1-61499-753-5-476 Cunningham, J, Ainsworth, J Enabling Patient Control of Personal Electronic Health Records Through Distributed Ledger Technology, January 2017, Studies in health technology and informatics 245:45-48

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback