Nathaniel Aldred,Luke Baal,Graeham Broda,Steven Trumble,Qusay H. Mahmoud

DOI: https://doi.org/10.48550/arXiv.1912.09882

2019-12-20

Cryptography and Security

Abstract:A blockchain is a distributed ledger forming a distributed consensus on a history of transactions. It is the underlying technology for the Bitcoin cryptocurrency, but there are many applications beyond the financial sector. With built-in security and removal of the need for third party trust, blockchain has started to see some use within contract applications among other things. In this paper, we present the design and implementation of a permissioned-based blockchain third party consent management system, whose policy can be decided by a government agency. We have constructed a proof of concept implementation using Hyperledger Fabric to provide a service that allows end-users to control and consent to who manages their private information. We believe our solution meets the guiding principles of EU General Data Protection Regulation or GDPR. While our performance and usability evaluation are limited, our solution design and its implementation meet the 7 foundational principles of privacy by design.

Mpyana Mwamba Merlec,Youn Kyu Lee,Seng-Phil Hong,Hoh Peter In

DOI: https://doi.org/10.3390/s21237994

IF: 3.9

2021-11-30

Sensors

Abstract:A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Rodrigo Dutra Garcia,Gowri Ramachandran,Kealan Dunnett,Raja Jurdak,Caetano Ranieri,Bhaskar Krishnamachari,Jo Ueyama

2024-11-25

Abstract:Modern distributed applications in healthcare, supply chain, and the Internet of Things handle a large amount of data in a diverse application setting with multiple stakeholders. Such applications leverage advanced artificial intelligence (AI) and machine learning algorithms to automate business processes. The proliferation of modern AI technologies increases the data demand. However, real-world networks often include private and sensitive information of businesses, users, and other organizations. Emerging data-protection regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) introduce policies around collecting, storing, and managing digital data. While Blockchain technology offers transparency, auditability, and immutability for multi-stakeholder applications, it lacks inherent support for privacy. Typically, privacy support is added to a blockchain-based application by incorporating cryptographic schemes, consent mechanisms, and self-sovereign identity. This article surveys the literature on blockchain-based privacy-preserving systems and identifies the tools for protecting privacy. Besides, consent mechanisms and identity management in the context of blockchain-based systems are also analyzed. The article concludes by highlighting the list of open challenges and further research opportunities.

Cryptography and Security,Emerging Technologies

Vikas Jaiman,Visara Urovi

DOI: https://doi.org/10.48550/arXiv.2007.04847

2020-07-09

Distributed, Parallel, and Cluster Computing

Abstract:In modern healthcare systems, being able to share electronic health records is crucial for providing quality care and for enabling a larger spectrum of health services. Health data sharing is dependent on obtaining individual consent which, in turn, is hindered by a lack of resources. To this extend, blockchain-based platforms facilitate data sharing by inherently creating a trusted distributed network of users. These users are enabled to share their data without depending on the time and resources of specific players (such as the health services). In blockchain-based platforms, data governance mechanisms become very important due to the need to specify and monitor data sharing and data use conditions. In this paper, we present a blockchain-based data sharing consent model for access control over individual health data. We use smart contracts to dynamically represent the individual consent over health data and to enable data requesters to search and access them. The dynamic consent model extends upon two ontologies: the Data Use Ontology (DUO) which models the individual consent of users and the Automatable Discovery and Access Matrix (ADA-M) which describes queries from data requesters. We deploy the model on Ethereum blockchain and evaluate different data sharing scenarios. The contribution of this paper is to create an individual consent model for health data sharing platforms. Such a model guarantees that individual consent is respected and that there is accountability for all the participants in the data sharing platform. The evaluation of our solution indicates that such a data sharing model provides a flexible approach to decide how the data is used by data requesters. Our experimental evaluation shows that the proposed model is efficient and adapts to personalized access control policies in data sharing.

Konstantinos Rantos,George Drosatos,Konstantinos Demertzis,Christos Ilioudis,Alexandros Papanikolaou,Antonios Kritsas

DOI: https://doi.org/10.1007/978-3-030-12942-2_23

2019-01-01

Abstract:The value of personal data generated and managed by smart devices which comprise the Internet of Things (IoT) is unquestionable. The EU General Data Protection Regulation (GDPR) that has been recently put in force, sets the cornerstones regarding the collection and processing of personal data, for the benefit of Data Subjects and Controllers. However, applying this regulation to the IoT ecosystem is not a trivial task. This paper proposes ADvoCATE, a user-centric solution that allows data subjects to easily control consents regarding access to their personal data in the IoT ecosystem and exercise their rights defined by GDPR. It also assists Data Controllers and Processors to meet GDPR requirements. A blockchain infrastructure ensures the integrity of personal data processing consents, while the quality thereof is evaluated by an intelligence service. Finally, we present some preliminary details of a partial implementation of the proposed framework.

May Alhajri,Carsten Rudolph,Ahmad Salehi Shahraki

DOI: https://doi.org/10.1109/ACCESS.2022.3154106

2022-03-03

Abstract:Wearable fitness devices are widely used to track an individual's health and physical activities to improve the quality of health services. These devices sense a considerable amount of sensitive data processed by a centralized third party. While many researchers have thoroughly evaluated privacy issues surrounding wearable fitness trackers, no study has addressed privacy issues in trackers by giving control of the data to the user. Blockchain is an emerging technology with outstanding advantages in resolving consent management privacy concerns. As there are no fully transparent, legally compliant solutions for sharing personal fitness data, this study introduces an architecture for a human-centric, legally compliant, decentralized and dynamic consent system based on blockchain and smart contracts. Algorithms and sequence diagrams of the proposed system's activities show consent-related data flow among various agents, which are used later to prove the system's trustworthiness by formalizing the security requirements. The security properties of the proposed system were evaluated using the formal security modeling framework SeMF, which demonstrates the feasibility of the solution at an abstract level based on formal language theory. As a result, we have empirically proven that blockchain technology is suitable for mitigating the privacy issues of fitness providers by recording individuals' consent using blockchain and smart contracts.

Cryptography and Security,Computers and Society,Distributed, Parallel, and Cluster Computing,Logic in Computer Science,Systems and Control

Akash Singh,

DOI: https://doi.org/10.55041/ijsrem29509

2024-03-22

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:In contemporary healthcare systems, ensuring patient consent management while safeguarding data privacy and security is a paramount concern. Traditional approaches to managing patient consent often face challenges related to security vulnerabilities, data breaches, and lack of transparency. This research paper proposes a novel approach to address these challenges by leveraging blockchain technology for patient consent management. Blockchain, with its decentralized and immutable ledger, offers a promising solution for securely recording and managing patient consent in healthcare settings. This paper presents a detailed exploration of the concept, design, and implementation of a blockchain-based patient consent management system. Through a comprehensive literature review, methodology description, and evaluation of the proposed system, this research demonstrates the potential benefits of blockchain technology in enhancing patient privacy and data security. The findings of this study contribute to the advancement of healthcare data management practices and provide valuable insights for future research and development in this evolving field. Keywords— Patient consent management, Blockchain technology, Healthcare data security, Privacy protection, Decentralization, Immutable ledger, Transparency, System architecture, Data integrity, Healthcare information management

Anh Pham,Maxim Edelson,Armin Nouri,Tsung-Ting Kuo

DOI: https://doi.org/10.1016/j.compbiomed.2024.108956

2024-08-08

Abstract:Background: The consent protocol is now a critical part in the overall orchestration of clinical research. We aimed to demonstrate the feasibility of an Ethereum-based informed consent system, which includes an immutable and automated channel of consent matching, to simultaneously assure patient privacy and increase the efficiency of researchers' data access. Method: We simulated a multi-site scenario, each assigned 10000 consent records. A consent record contained one patient's data-sharing preference with regards to seven data categories. We developed a blockchain-based infrastructure with a smart contract to record consents on-chain, and to query consenting patients corresponding to specific criteria. We measured our system's recording efficiency against a baseline design and verified accuracy by testing an exhaustive list of possible queries. Results: Our method achieved ∼3-4% lead with an average insertion speed of ∼2 s per record per node on either a 3-, 4- or 5-node network, and 100 % accuracy. It also outperformed other solutions in external validation. Discussion: The speed we achieved is reasonable in a real-world system under the realistic assumption that patients may not change their minds too frequently, with the added benefit of immutability. Furthermore, the per-insertion time did improve slightly as the number of network nodes increased, attesting to the benefit of node parallelism as it suggests no attrition of insertion efficiency due to scale of nodes. Conclusions: Our work confirms the technical feasibility of a blockchain-based consent mechanism, assuring patients with an immutable audit trail, and providing researchers with an efficient way to reach their cohorts.

Javed Ahmed,Sule Yildirim,Mariusz Nowostawski,Mohamed Abomhara,Raghavendra Ramachandra,Ogerta Elezaj

DOI: https://doi.org/10.1007/978-3-030-39445-5_10

2020-01-01

Abstract:AbstractOnline Social Networks (OSNs) are very popular and widely adopted by the vast majority of Internet users across the globe. Recent scandals on the abuse of users’ personal information via these platforms have raised serious concerns about the trustworthiness of OSN service providers. The unprecedented collection of personal data by OSN service providers poses one of the greatest threats to users’ privacy and their right to be left alone. The recent approval of the GDPR (General Data Protection Regulation) presents OSN service providers with great compliance challenges. A set of new data protection requirements are imposed on data controllers (OSN service providers) by GDPR that offer greater control to data subjects (OSN users) over their personal data. This position paper investigates the link between GDPR provisions and the use of blockchain technology for solving the consent management problem in online social networks. We also describe challenges and opportunities in designing a GDPR-compliant consent management mechanism for online social networks. Key characteristics of blockchain technology that facilitate regulatory compliance were identified. The legal and technological state of play of the blockchain-GDPR relationship is reviewed and possible ways to reconcile blockchain technology with the GDPR requirements are demonstrated. This paper opens up new research directions on the use of the disruptive innovation of blockchain to achieve regulatory compliance in the application domain of online social networks.

Caspar Barnes,Mateo Riobo Aboy,Timo Minssen,Jemima Winifred Allen,Brian D Earp,Julian Savulescu,Sebastian Porsdam Mann

DOI: https://doi.org/10.1080/15265161.2024.2416117

2024-11-05

Abstract:Participation in research is supposed to be voluntary and informed. Yet it is difficult to ensure people are adequately informed about the potential uses of their biological materials when they donate samples for future research. We propose a novel consent framework which we call "demonstrated consent" that leverages blockchain technology and generative AI to address this problem. In a demonstrated consent model, each donated sample is associated with a unique non-fungible token (NFT) on a blockchain, which records in its metadata information about the planned and past uses of the sample in research, and is updated with each use of the sample. This information is accessible to a large language model (LLM) customized to present this information in an understandable and interactive manner. Thus, our model uses blockchain and generative AI technologies to track, make available, and explain information regarding planned and past uses of donated samples.

Nguyen Binh Truong,Kai Sun,Gyu Myoung Lee,Yike Guo

DOI: https://doi.org/10.1109/tifs.2019.2948287

IF: 7.231

2020-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of GDPR-compliance, handled by a supervisory authority, is irregularly conducted; it is challenging to be certified that a service provider has been continuously adhering to the GDPR. Furthermore, it is beyond the data owner's capability to perceive whether a service provider complies with the GDPR and effectively protects her personal data. This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies. The goals of the platform are to provide decentralised mechanisms to both service providers and data owners for processing personal data; meanwhile, empower data provenance and transparency by leveraging advanced features of the blockchain technology. The platform enables data owners to impose data usage consent, ensures only designated parties can process personal data, and logs all data activities in an immutable distributed ledger using smart contract and cryptography techniques. By honestly participating in the platform, a service provider can be endorsed by the blockchain network that it is fully GDPR-compliant; otherwise, any violation is immutably recorded and is easily figured out by associated parties. We then demonstrate the feasibility and efficiency of the proposed design concept by developing a profile management platform implemented on top of the Hyperledger Fabric permissioned blockchain framework, following by valuable analysis and discussion.

computer science, theory & methods,engineering, electrical & electronic

Giuseppe Albanese,Jean-Paul Calbimonte,Michael Schumacher,Davide Calvaresi

DOI: https://doi.org/10.1007/s12652-020-01761-1

IF: 3.662

2020-02-14

Journal of Ambient Intelligence and Humanized Computing

Abstract:Clinical trials (CTs) are essential for the advancement of medical research, paving the way for the development and adoption of new treatments, and contributing to the evolution of healthcare. An essential factor for the success of a CT is the appropriate management of its participants and their personal data. According to the current regulations, collecting and using personal data from participants must comply with rigorous standards. Therefore, healthcare institutes need to obtain freely given, specific, informed, and unambiguous consent before being able to collect the data. Some of the major limitations of the current technological solutions are the lack of control over the granularity of consent grants, as well as the difficulty of handling dynamic changes of consent over time. In this paper, we present SCoDES, an approach for trusted and decentralized management of dynamic consent in clinical trials, based on blockchain technology (BCT). The usage of blockchain provides a set of features that allow maintaining consent information with trust guarantees while avoiding the need for a dedicated or centralized third trusted party. We provide a full implementation of SCoDES, made available as a self-contained infrastructure, with the possibility to interact with external services, and using hyperledger as a blockchain framework.

computer science, information systems,telecommunications, artificial intelligence

Zhiwei Wang,Qingqing Chen,Lei Liu

DOI: https://doi.org/10.1109/jiot.2023.3242959

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:In this Internet of Things era, privacy preserving is one of the most vital barriers for personal data sharing. In this article, we present a secure and privacy-preserving data sharing protocol over the permissioned blockchains which require to certificate the users before they submit the transactions. We use the structure-preserving Groth signature to construct the anonymous credentials for satisfying the requirement of permissioned blockchains, and the anonymous credentials does not disclose the real identities of data owners. We prove that the anonymous credential in our protocol achieves the ideal functionality. For the secure access control and privacy protection of the data accessors, we propose an efficiently anonymous authentication scheme which utilizes the ElGamal commitment and the one-out-of-many proof to ensure a data accessor is authorized, but any unauthorized entities cannot learn the real identity of the data accessor, and even the data owner does not know who (although in the access control list) and when downloads his/her data. The blockchain platform is used to record the data storing, access control list, and the storage addresses, which helps to enhance the security level of the protocol. We implement our protocol over the ThinkPad, the RaspBerry Pi, the Huawei cloud, and the Hyperledger Fabric, and the experiments show the good performances.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shayne Longpre,Robert Mahari,Ariel Lee,Campbell Lund,Hamidah Oderinwale,William Brannon,Nayan Saxena,Naana Obeng-Marnu,Tobin South,Cole Hunter,Kevin Klyman,Christopher Klamm,Hailey Schoelkopf,Nikhil Singh,Manuel Cherep,Ahmad Anis,An Dinh,Caroline Chitongo,Da Yin,Damien Sileo,Deividas Mataciunas,Diganta Misra,Emad Alghamdi,Enrico Shippole,Jianguo Zhang,Joanna Materzynska,Kun Qian,Kush Tiwary,Lester Miranda,Manan Dey,Minnie Liang,Mohammed Hamdy,Niklas Muennighoff,Seonghyeon Ye,Seungone Kim,Shrestha Mohanty,Vipul Gupta,Vivek Sharma,Vu Minh Chien,Xuhui Zhou,Yizhi Li,Caiming Xiong,Luis Villa,Stella Biderman,Hanlin Li,Daphne Ippolito,Sara Hooker,Jad Kabbara,Sandy Pentland

2024-07-25

Abstract:General-purpose artificial intelligence (AI) systems are built on massive swathes of public web data, assembled into corpora such as C4, RefinedWeb, and Dolma. To our knowledge, we conduct the first, large-scale, longitudinal audit of the consent protocols for the web domains underlying AI training corpora. Our audit of 14,000 web domains provides an expansive view of crawlable web data and how codified data use preferences are changing over time. We observe a proliferation of AI-specific clauses to limit use, acute differences in restrictions on AI developers, as well as general inconsistencies between websites' expressed intentions in their Terms of Service and their robots.txt. We diagnose these as symptoms of ineffective web protocols, not designed to cope with the widespread re-purposing of the internet for AI. Our longitudinal analyses show that in a single year (2023-2024) there has been a rapid crescendo of data restrictions from web sources, rendering ~5%+ of all tokens in C4, or 28%+ of the most actively maintained, critical sources in C4, fully restricted from use. For Terms of Service crawling restrictions, a full 45% of C4 is now restricted. If respected or enforced, these restrictions are rapidly biasing the diversity, freshness, and scaling laws for general-purpose AI systems. We hope to illustrate the emerging crises in data consent, for both developers and creators. The foreclosure of much of the open web will impact not only commercial AI, but also non-commercial AI and academic research.

Computation and Language,Artificial Intelligence,Machine Learning

Adetola Sogbesan,Uche Mbannaso

DOI: https://doi.org/10.1109/nigercon54645.2022.9803088

2022-04-17

Abstract:Violations of personal data privacy is generating grave concerns across the globe, and regulation of personal data usage has been found wanting in numerous jurisdictions. Privacy protection has always been treated based on unilateral asymmetric approaches. That is, a service provider (SP), forces privacy rules to the user to blindly accept or services would be denied. The user has no way to weigh the service values vis-vie the demand for access to many of the personally identifiable information (PII). Besides, once the PII is collected by the SP, the user’s consent is often not sorted before further sharing with third parties. This article seeks to contribute to the current dialogue on the regulation of personal data protection through presenting findings from a three-pronged research exercise: (1) a mapping, via a six-question schema, of personal data usage modalities; (2) consideration of the complexities of regulation in this sphere; and (3) conceptualization, for consideration by privacy data consuming parties, a symmetric configurable policy consent architecture for personal data release.

Computer Science,Law

Rathee, Geetanjali

DOI: https://doi.org/10.1007/s12083-024-01827-3

IF: 3.488

2024-12-11

Peer-to-Peer Networking and Applications

Abstract:The ability to share Electronic Health Records (EHRs) with the right people plays a crucial role in providing on-time diagnosis. The outsourcing of private health data on the cloud, with negligible control in the hands of the data owners, poses a significant challenge for e-healthcare applications. Obtaining the owner's consent is not just essential for data sharing but also to protect the privacy of the data being shared. With the help of Blockchain and Interplanetary File System (IPFS), this research paper proposes a purpose-based framework for obtaining dynamic consent before sharing data among healthcare providers, academicians, etc. The study develops a blockchain system on the Ethereum network to store encrypted EHRs on IPFS. This architecture allows for secure and privacy-enhanced data sharing. The proposed model demonstrates effectiveness in enhancing data security, privacy, scalability, ownership, and integrity of medical records. The cost analysis shows a negligible contract deployment cost of 0.00174363 ETH, equivalent to $2.78. The framework presents a viable solution for securing EHRs and obtaining dynamic consent, ensuring improved healthcare data management. The use of blockchain and IPFS offers a promising avenue for enhancing data security and privacy in e-healthcare applications.

computer science, information systems,telecommunications

Arijit Sengupta,Hemang Subramanian

DOI: https://doi.org/10.2196/32104

2022-01-20

Abstract:Background: Integrating pervasive computing with blockchain's ability to store privacy-protected mobile health (mHealth) data while providing Health Insurance Portability and Accountability Act (HIPAA) compliance is a challenge. Patients use a multitude of devices, apps, and services to collect and store mHealth data. We present the design of an internet of things (IoT)-based configurable blockchain with different mHealth apps on iOS and Android, which collect the same user's data. We discuss the advantages of using such a blockchain architecture and demonstrate 2 things: the ease with which users can retain full control of their pervasive mHealth data and the ease with which HIPAA compliance can be accomplished by providers who choose to access user data. Objective: The purpose of this paper is to design, evaluate, and test IoT-based mHealth data using wearable devices and an efficient, configurable blockchain, which has been designed and implemented from the first principles to store such data. The purpose of this paper is also to demonstrate the privacy-preserving and HIPAA-compliant nature of pervasive computing-based personalized health care systems that provide users with total control of their own data. Methods: This paper followed the methodical design science approach adapted in information systems, wherein we evaluated prior designs, proposed enhancements with a blockchain design pattern published by the same authors, and used the design to support IoT transactions. We prototyped both the blockchain and IoT-based mHealth apps in different devices and tested all use cases that formed the design goals for such a system. Specifically, we validated the design goals for our system using the HIPAA checklist for businesses and proved the compliance of our architecture for mHealth data on pervasive computing devices. Results: Blockchain-based personalized health care systems provide several advantages over traditional systems. They provide and support extreme privacy protection, provide the ability to share personalized data and delete data upon request, and support the ability to analyze such data. Conclusions: We conclude that blockchains, specifically the consensus, hasher, storer, miner architecture presented in this paper, with configurable modules and software as a service model, provide many advantages for patients using pervasive devices that store mHealth data on the blockchain. Among them is the ability to store, retrieve, and modify ones generated health care data with a single private key across devices. These data are transparent, stored perennially, and provide patients with privacy and pseudoanonymity, in addition to very strong encryption for data access. Firms and device manufacturers would benefit from such an approach wherein they relinquish user data control while giving users the ability to select and offer their own mHealth data on data marketplaces. We show that such an architecture complies with the stringent requirements of HIPAA for patient data access.

May Alhajri,Ahmad Salehi Shahraki,Carsten Rudolph

DOI: https://doi.org/10.1145/3511616.3513100

2022-03-02

Abstract:The rapid advances in fitness wearable devices are redefining privacy around interactions. Fitness wearables devices record a considerable amount of sensitive and private details about exercise, blood oxygen level, and heart rate. Privacy concerns have emerged about the interactions between an individual's raw fitness data and data analysis by the providers of fitness apps and wearable devices. This paper describes the importance of adopting and applying legal frameworks within the fitness tracker ecosystem. In this review, we describe the studies on the current privacy policies of fitness app providers, heuristically evaluate the methods for consent management by fitness providers, summarize the gaps identified in our review of these studies, and discuss potential solutions for filling the gaps identified. We have identified four main problems related to preserving the privacy of users of fitness apps: lack of system transparency, lack of privacy policy legibility, concerns regarding one-time consent, and issues of noncompliance regarding consent management. After discussing feasible solutions, we conclude by describing how blockchain is suitable for solving these privacy issues.

Cryptography and Security,Computers and Society

Zhenan Wu,Han Zheng,Lan Zhang,Xiang-Yang Li

DOI: https://doi.org/10.1109/bigcom.2019.00040

2019-01-01

Abstract:Data trading has become a promising way to bridge numerous data islands and benefit a wide range of data driven applications. However, due to the high risk of data privacy, the easy-to-copy feature of data, and potential malicious behaviors of users, there still lacks data trading solutions to provide privacy protection, copyright/ownership protection and auditability of user behaviors. In this work, we propose a blockchain and smart contract based framework to keep tamper-proof records of data trading transactions, which also preserves users' identity, behavior and data privacy. Data fingerprint is introduced to track data and protect data ownership. A set of protocols are also designed to prevent dishonest behaviors and ensure the security of data trading.

Md Al Amin,Hemanth Tummala,Rushabh Shah,Indrajit Ray

2024-12-13

Abstract:Digital healthcare systems have revolutionized medical services, facilitating provider collaboration, enhancing diagnosis, and optimizing and improving treatments. They deliver superior quality, faster, reliable, and cost-effective services. Researchers are addressing pressing health challenges by integrating information technology, computing resources, and digital health records. However, digitizing healthcare introduces significant risks to patient data privacy and security, with the potential for unauthorized access to protected health information. Although patients can authorize data access through consent, there is a pressing need for mechanisms to ensure such given consent is informed and executed properly and timely. Patients deserve transparency and accountability regarding the access to their data: who access it, when, and under what circumstances. Current healthcare systems, often centralized, leave much to be desired in managing these concerns, leading to numerous security incidents. To address these issues, we propose a system based on blockchain and smart contracts for managing informed consent for accessing health records by the treatment team members, incorporating safeguards to verify that consent processes are correctly executed. Blockchain's inherent immutability ensures the integrity of consent. Smart contracts automatically execute agreements, enhancing accountability. They provide a robust framework for protecting patient privacy in the digital age. Experimental evaluations show that the proposed approach can be integrated easily with the existing healthcare systems without incurring financial and technological challenges.

Cryptography and Security