GDPR Compliance for Blockchain Applications in Healthcare
It addresses the problem of regulatory compliance for blockchain developers in healthcare, but it is incremental as it reviews existing work without proposing new solutions.
This paper explores the challenge of applying blockchain technology to healthcare data while ensuring compliance with GDPR, finding that existing proof-of-concepts only partially meet regulatory requirements and that no blockchain platform currently offers out-of-the-box compliance.
The transparent and decentralized characteristics associated with blockchain can be both appealing and problematic when applied to a healthcare use-case. As health data is highly sensitive, it is also highly regulated to ensure the privacy of patients. At the same time, access to health data and interoperability is in high demand. Regulatory frameworks such as GDPR and HIPAA are, amongst other objectives, meant to contribute to mitigating the risk of privacy violations in health data. Blockchain features can likely improve interoperability and access control to health data, and at the same time, preserve or even increase, the privacy of patients. Blockchain applications should address compliance with the current regulatory framework to increase real-world feasibility. This exploratory work indicates that published proof-of-concepts in the health domain comply with GDRP, to an extent. Blockchain developers need to make design choices to be compliant with GDPR since currently, none available blockchain platform can show compliance out of the box.