GDPR Compliance for Blockchain Applications in Healthcare


Anton Hasselgren, Paul Kengfai Wan, Margareth Horn, Katina Kralevska, Danilo Gligoroski and Arild Faxvaag, NTNU, Norwegian University of Science and Technology, Trondheim, Norway


The transparent and decentralized characteristics associated with blockchain can be both appealing and problematic when applied to a healthcare use-case. As health data is highly sensitive, it is therefore, highly regulated to ensure the privacy of patients. At the same time, access to health data and interoperability are in high demand. Regulatory frameworks such as GDPR and HIPAA are, amongst other objectives, meant to contribute to mitigating the risk of privacy violations of health data. Blockchain features can likely improve interoperability and access control to health data, and at the same time, preserve or even increase, the privacy of patients. Blockchain applications should address compliance with the current regulatory framework to increase real-world feasibility. This exploratory work indicates that published proof-of-concepts in the healthcare domain comply with GDPR, to an extent. Blockchain developers need to make design choices to be compliant with GDPR since currently, none available blockchain platform can show compliance out of the box.


Blockchain, DTL, health data, GDPR, privacy regulations.

Full Text  Volume 10, Number 13