Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing

Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's w...

Full description

Saved in:
Bibliographic Details
Published inIEEE access Vol. 11; pp. 12726 - 12740
Main Authors Roman-Martinez, Isabel, Calvillo-Arbizu, Jorge, Mayor-Gallego, Vicente J., Madinabeitia-Luque, German, Estepa-Alonso, Antonio J., Estepa-Alonso, Rafael M.
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Access control
Blockchain
Blockchains
business process management (BPM)
Consent
consent management
Consents
Critical components
Cryptography
Data exchange
fast healthcare information resources (FHIR)
General Data Protection Regulation
general data protection regulation (GDPR)
Health care
Health information management
Medical services
Organizations
Personal health
Service oriented architecture
service-oriented architecture (SOA)
Online AccessGet full text

Cover

Abstract Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a service-oriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.
AbstractList Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes that subject of care should give explicit consent to the treatment of her personal data, and organizations must obey the individual's will. Nevertheless, few solutions focus on guaranteeing the proper execution of consents. We propose a service-oriented architecture, backed by blockchain technology, that enables: (1) tamper-proof and immutable storage of subject of care consents; (2) a fine-grained access control for protecting health data according to consents; and (3) auditing tasks for supervisory authorities (or subjects of care themselves) to assess that healthcare organizations comply with GDPR and granted consents. Standards for health information exchange and access control are adopted to guarantee interoperability. Access control events and the subject of care consents are maintained on a blockchain, providing a trusted collaboration between organizations, supervisory authorities, and individuals. A prototype of the architecture has been implemented as a proof of concept to evaluate the performance of critical components. The application of subject of care consent to control the treatment of personal health data in federated and distributed environments is a pressing concern. The experimental results show that blockchain can effectively support sharing consent and audit events among healthcare organizations, supervisory authorities, and individuals.
Author Roman-Martinez, Isabel
Estepa-Alonso, Rafael M.
Mayor-Gallego, Vicente J.
Madinabeitia-Luque, German
Calvillo-Arbizu, Jorge
Estepa-Alonso, Antonio J.
Author_xml – sequence: 1
  givenname: Isabel
  surname: Roman-Martinez
  fullname: Roman-Martinez, Isabel
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
– sequence: 2
  givenname: Jorge
  orcidid: 0000-0003-1277-3310
  surname: Calvillo-Arbizu
  fullname: Calvillo-Arbizu, Jorge
  email: jcalvillo@us.es
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
– sequence: 3
  givenname: Vicente J.
  orcidid: 0000-0002-8461-1102
  surname: Mayor-Gallego
  fullname: Mayor-Gallego, Vicente J.
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
– sequence: 4
  givenname: German
  surname: Madinabeitia-Luque
  fullname: Madinabeitia-Luque, German
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
– sequence: 5
  givenname: Antonio J.
  orcidid: 0000-0003-1841-3973
  surname: Estepa-Alonso
  fullname: Estepa-Alonso, Antonio J.
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
– sequence: 6
  givenname: Rafael M.
  orcidid: 0000-0001-8505-1920
  surname: Estepa-Alonso
  fullname: Estepa-Alonso, Rafael M.
  organization: Departamento de Ingeniería Telemática, Escuela Tx00E9;cnica Superior de Ingeniería, Seville, Spain
BookMark eNqFUU1v1DAQtVCRKKW_AA6RuDaLPxI7OW6jUioV9bBwtibOeOsltYvtReLf4zQVqrgwlxm9mfdmNO8tOfHBIyHvGd0wRvtP22G42u02nHKxEbzhkravyClnsq9FK-TJi_oNOU_pQEt0BWrVKTGXczA_zD04X19CwqnaYfzlDNZ30aHPBdhGc-8ymnyMWNkQqyH4VFrVV_Cwx4dSXlRbYzClpZVjmC8q8IV4nFx2fv-OvLYwJzx_zmfk--erb8OX-vbu-mbY3tamoX2uEVEoyRU1bBqtbaBDhRNKaGAcrVGTtXzslJBcUMqE7IBxJRoEQ0fRMy7OyM2qOwU46MfoHiD-1gGcfgJC3GuI2ZkZNeKiJ7q-H22DrOk7TtFaBS2MDFpRtD6uWo8x_DxiyvoQjtGX8zVXHVNMSkrLlFinTAwpRbR_tzKqF3P0ao5ezNHP5hRW_w_LuAzZLb8DN_-H-2HluvKuF9uokEI14g_cV5-m
CODEN IAECCG
CitedBy_id crossref_primary_10_1016_j_heliyon_2024_e34407
crossref_primary_10_1093_gigascience_giae021
crossref_primary_10_1016_j_ins_2023_119322
crossref_primary_10_1109_ACCESS_2024_3431292
crossref_primary_10_1145_3718082
crossref_primary_10_1109_ACCESS_2025_3547953
crossref_primary_10_1080_23311975_2024_2395430
crossref_primary_10_1016_j_compbiomed_2024_108956
crossref_primary_10_1109_ACCESS_2023_3311823
Cites_doi 10.1109/ACCESS.2020.3014565
10.4258/hir.2020.26.4.265
10.1109/ICWS.2006.67
10.5220/0010260205340541
10.1109/MASCOTS.2018.00034
10.1155/2019/1431578
10.3390/s21237994
10.1007/s12652-020-01761-1
10.1109/MC.2015.33
10.1016/j.csi.2011.06.002
10.1016/j.jnca.2019.04.013
10.3390/electronics10243131
10.1109/CCWC47524.2020.9031179
10.1016/j.dcan.2019.10.004
10.1016/j.ijmedinf.2020.104246
10.1109/ACCESS.2019.2953729
10.3390/app11041612
10.1016/j.ijmedinf.2019.104040
10.1109/SMC42975.2020.9283203
10.1016/j.ins.2020.09.051
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
DBID 97E
ESBDL
RIA
RIE
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
DOA
DOI 10.1109/ACCESS.2023.3242605
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE Xplore Open Access Journals
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Engineered Materials Abstracts
METADEX
Technology Research Database
Materials Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
Directory of Open Access Journals - May need to register for free articles
DatabaseTitle CrossRef
Materials Research Database
Engineered Materials Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
METADEX
Computer and Information Systems Abstracts Professional
DatabaseTitleList
Materials Research Database
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2169-3536
EndPage 12740
ExternalDocumentID oai_doaj_org_article_eec7df3899bf4e149820eff7a5ab1a53
10_1109_ACCESS_2023_3242605
10036374
Genre orig-research
GroupedDBID 0R~
4.4
5VS
6IK
97E
AAJGR
ABAZT
ABVLG
ACGFS
ADBBV
AGSQL
ALMA_UNASSIGNED_HOLDINGS
BCNDV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
EJD
ESBDL
GROUPED_DOAJ
IPLJI
JAVBF
KQ8
M43
M~E
O9-
OCL
OK1
RIA
RIE
RNS
AAYXX
CITATION
RIG
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c409t-eee376270c1dbff4a8e7ede6a4abbfc7dff2b873623001368a12734eac0b39123
IEDL.DBID DOA
ISSN 2169-3536
IngestDate Wed Aug 27 01:32:47 EDT 2025
Mon Jun 30 05:16:40 EDT 2025
Tue Jul 01 02:48:39 EDT 2025
Thu Apr 24 23:05:48 EDT 2025
Wed Aug 27 02:50:32 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Language English
License https://creativecommons.org/licenses/by/4.0/legalcode
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c409t-eee376270c1dbff4a8e7ede6a4abbfc7dff2b873623001368a12734eac0b39123
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-1277-3310
0000-0002-8461-1102
0000-0001-8505-1920
0000-0003-1841-3973
OpenAccessLink https://doaj.org/article/eec7df3899bf4e149820eff7a5ab1a53
PQID 2781716600
PQPubID 4845423
PageCount 15
ParticipantIDs crossref_primary_10_1109_ACCESS_2023_3242605
doaj_primary_oai_doaj_org_article_eec7df3899bf4e149820eff7a5ab1a53
ieee_primary_10036374
proquest_journals_2781716600
crossref_citationtrail_10_1109_ACCESS_2023_3242605
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 20230000
2023-00-00
20230101
2023-01-01
PublicationDateYYYYMMDD 2023-01-01
PublicationDate_xml – year: 2023
  text: 20230000
PublicationDecade 2020
PublicationPlace Piscataway
PublicationPlace_xml – name: Piscataway
PublicationTitle IEEE access
PublicationTitleAbbrev Access
PublicationYear 2023
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref12
arsanjani (ref27) 2004; 1
(ref14) 2013
(ref33) 2023
ref31
(ref15) 2005
ref30
ref11
ref10
ref2
ref17
(ref35) 2023
ref16
wood (ref23) 2017; 151
(ref32) 2023
ref26
rupasinghe (ref7) 2019
ref25
(ref24) 2023
ref20
ref21
(ref34) 2023
(ref1) 2016
nakamoto (ref22) 2008
ref28
ref29
ref8
ref9
ref4
ref3
(ref18) 2023
ref6
(ref13) 1995
(ref36) 2022
ref5
(ref37) 2014
helm (ref19) 2020
References_xml – ident: ref8
  doi: 10.1109/ACCESS.2020.3014565
– ident: ref6
  doi: 10.4258/hir.2020.26.4.265
– volume: 1
  start-page: 15
  year: 2004
  ident: ref27
  article-title: Service-oriented modeling and architecture
  publication-title: IBM Developer Works
– ident: ref26
  doi: 10.1109/ICWS.2006.67
– year: 2023
  ident: ref24
  publication-title: Open source blockchain technologies
– year: 2008
  ident: ref22
  publication-title: A Peer-to-Peer Electronic Cash System
– year: 2005
  ident: ref15
– ident: ref2
  doi: 10.5220/0010260205340541
– ident: ref21
  doi: 10.1109/MASCOTS.2018.00034
– ident: ref5
  doi: 10.1155/2019/1431578
– year: 2023
  ident: ref32
  publication-title: WSO2
– ident: ref4
  doi: 10.3390/s21237994
– ident: ref10
  doi: 10.1007/s12652-020-01761-1
– ident: ref16
  doi: 10.1109/MC.2015.33
– year: 1995
  ident: ref13
– year: 2023
  ident: ref33
  publication-title: Wso2 api manager
– ident: ref25
  doi: 10.1016/j.csi.2011.06.002
– ident: ref29
  doi: 10.1016/j.jnca.2019.04.013
– year: 2022
  ident: ref36
  publication-title: Basic Audit Log Patterns (BALP)
– ident: ref11
  doi: 10.3390/electronics10243131
– year: 2023
  ident: ref34
  publication-title: WSO2 Identity Server
– ident: ref17
  doi: 10.1109/CCWC47524.2020.9031179
– start-page: 1
  year: 2019
  ident: ref7
  article-title: Blockchain based dynamic patient consent: A privacy-preserving data acquisition architecture for clinical data analytics
  publication-title: Proc ICIS
– volume: 151
  start-page: 1
  year: 2017
  ident: ref23
  article-title: Ethereum: A secure decentralised generalised transaction ledger
  publication-title: Ethereum Project Yellow Paper
– ident: ref28
  doi: 10.1016/j.dcan.2019.10.004
– year: 2013
  ident: ref14
– ident: ref31
  doi: 10.1016/j.ijmedinf.2020.104246
– ident: ref20
  doi: 10.1109/ACCESS.2019.2953729
– ident: ref12
  doi: 10.3390/app11041612
– year: 2014
  ident: ref37
  publication-title: XACML v3 0 multiple decision profile version 1 0
– year: 2016
  ident: ref1
  publication-title: Eu general data protection regulation
– ident: ref3
  doi: 10.1016/j.ijmedinf.2019.104040
– year: 2023
  ident: ref35
  publication-title: JBPM
– year: 2023
  ident: ref18
  publication-title: Fast Healthcare Information Resources (FHIR)
– start-page: 343
  year: 2020
  ident: ref19
  article-title: Process mining on FHIR-An open standards-based process analytics approach for healthcare
  publication-title: Proc Int Conf Process Mining
– ident: ref9
  doi: 10.1109/SMC42975.2020.9283203
– ident: ref30
  doi: 10.1016/j.ins.2020.09.051
SSID ssj0000816957
Score 2.349131
Snippet Continuity of care requires the exchange of health information among organizations and care teams. The EU General Data Protection Regulation (GDPR) establishes...
SourceID doaj
proquest
crossref
ieee
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 12726
SubjectTerms Access control
Blockchain
Blockchains
business process management (BPM)
Consent
consent management
Consents
Critical components
Cryptography
Data exchange
fast healthcare information resources (FHIR)
General Data Protection Regulation
general data protection regulation (GDPR)
Health care
Health information management
Medical services
Organizations
Personal health
Service oriented architecture
service-oriented architecture (SOA)
SummonAdditionalLinks – databaseName: IEEE Electronic Library (IEL)
  dbid: RIE
  link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwED5BJxh4IwoFeWBsQpqXk7GtqCokykIlNst2bIGKAoJ24ddz57ilAoHYosSW7Xy2786P7wO45BhyaR3xoJRKBTgS40DZIsGYx2IwwePIVhQo3k7y8TS9ecge_GV1dxfGGOMOn5mQHt1efvWiF7RUhiOcth15ugmbGLk1l7VWCyqkIFFm3DML9aLyqj8cYiNCEggPyW_ISaNuzfo4kn6vqvJjKnb2ZbQLk2XNmmMls3AxV6H--Eba-O-q78GO9zRZv-ka-7Bh6gPYXuMfPAQ9QFM204_yqQ4GaM4q5qeO4I7oj9EZZf21jQaGDi4jhU_8xL7OzXRZ36ku0ic69t5lssaMdN0DSzmC6ej6fjgOvOpCoDHWmwdYdZx0Yh7pXqWsTWVhuKlMLlNE02peWRurgqPhSxzhWyF7RJGDE3ikkhIN4TG06pfanACzJit0YnP88Sotq6yQaakQJFIFLHKu2hAv0RDaU5KTMsazcKFJVIoGQkEQCg9hG7qrTK8NI8ffyQcE8yop0Wm7FwiP8KNTGEPtIqpBZVODQSP6RcZaLjOpejJL2nBEkK6V16DZhs6y1wg_9t9FzAviIEJP8vSXbGewRVVsVnI60Jq_Lcw5-jZzdeH69CfSI_Uk
  priority: 102
  providerName: IEEE
Title Blockchain-Based Service-Oriented Architecture for Consent Management, Access Control, and Auditing
URI https://ieeexplore.ieee.org/document/10036374
https://www.proquest.com/docview/2781716600
https://doaj.org/article/eec7df3899bf4e149820eff7a5ab1a53
Volume 11
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LTwMhECamJz0YHzWu1oaDx9LuG_bYNjaNiXqxSW8EWIiJZjVa_78zLK2bmOjF6wIBZgZmZoHvI-SaQ8plTMxZpbRmsBJTpp3IIOdxkEzwNHY1Jop39-Vyld-ui3WH6gvvhLXwwK3gJtYaXjtEgdMutxDPg8uyznFVKJ2owuN8gs_rJFN-DxZJWRU8wAwlcTWZzucwozGyhY8xiCiRsK7jijxif6BY-bEve2ezOCKHIUqk03Z0x2TPNifkoIMdeErMDNzQs3mCzJ7NwBXVNCx79oDQxRBI0mnnkIBCcEqRnROK6PedlxGdesZELMIr6yOqGmiITzWglz5ZLW4e50sWGBOYgTxtw2DssGGkPDZJrZ3LlbDc1rZUOWjCoSBdqgUHp5V5sDahEoS3gc031lkFTuyM9JrXxp4T6mwhTOZKkJPOq7oQKq80yBQZ_UTJdUTSrfCkCXDiyGrxIn1aEVeylbhEicsg8YiMdo3eWjSN36vPUCu7qgiF7T-AgchgIPIvA4lIH3Xa6Q_PrnkekcFWyTKs2w-ZcoH4QRAFXvxH35dkH-fT_rIZkN7m_dNeQRCz0UNvr0P_3vALUx_tfQ
linkProvider Directory of Open Access Journals
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwzV1Lb9QwEB5V7QE40AJFLH3gA9w2IXEeTg497G5bbemDSyv1ZmzHVlFRWrW7Qu1_6V_htzHjeJcVCG6VuEVJnIf9eTxjj78P4L3AkMuYRES10jrCnsgj7aoMYx6HwYTgiWsoUDw-Kcdn-afz4nwJHuZ7Yay1PvnMxnTo1_KbKzOlqTLs4bTsKPKQQ3lo775jhHa7c7CLzfmB8_2909E4CiICkcHQZRLhQ7APcZGYtNHO5aqywja2VDl-nDOicY7rSqAdzzx_WaVSYnxBe5TorE6J1wAt_Ao6GgXvtofNp3BIs6IuROAySpP642A0wmqLSZI8Jk-lJFW8hfHOywIEHZc_jL8f0fZX4cesLrpElst4OtGxuf-NJvK_raw1eB58aTbowP8Clmz7Ep4tMCy-AjPEwfrSXKivbTTEAbthwThGn4ngGd1tNlhYSmHowjPSMMVL7FdmUJ8NvK4kXaLE_j5TLRakDS34lnU4e5S_fA3L7VVr3wBztqhM5kpsaJ3XTVGpvNYICtI9rEqhe8BnrS9NIF0n7Y9v0gdfSS07yEiCjAyQ6UF_Xui64xz59-1DgtX8ViIM9ycQDjLYH2kt_ReRKWqXWwyL0fOzzglVKJ2qIuvBOkFo4X0denqwOUOpDNbtVnJREcsS-spv_1LsHTwZnx4fyaODk8MNeEqf281bbcLy5GZqt9CTm-ht358YfHlsTP4EgERUbg
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Blockchain-Based+Service-Oriented+Architecture+for+Consent+Management%2C+Access+Control%2C+and+Auditing&rft.jtitle=IEEE+access&rft.au=Roman-Martinez%2C+Isabel&rft.au=Calvillo-Arbizu%2C+Jorge&rft.au=Mayor-Gallego%2C+Vicente+J.&rft.au=Madinabeitia-Luque%2C+German&rft.date=2023&rft.issn=2169-3536&rft.eissn=2169-3536&rft.volume=11&rft.spage=12727&rft.epage=12741&rft_id=info:doi/10.1109%2FACCESS.2023.3242605&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_ACCESS_2023_3242605
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon