Page 228 - ITU KALEIDOSCOPE, ATLANTA 2019
P. 228
Session 8: Data protection and privacy in healthcare
S8.1 Technical and legal challenges for healthcare blockchains and smart contracts
Steven A. Wright, Georgia State University, United States
The paper considers the technical and legal challenges impacting recent proposals for healthcare
applications of blockchain and smart contracts. Healthcare blockchain data and actors are rather
different to cryptocurrency data and actors, resulting in a different emphasis on blockchain
features. Technical issues with healthcare blockchain implementation and trust are considered, as
well as a variety of potential legal issues. Conclusions and recommendations are proposed for
open source and standardization efforts to reduce technical and legal risks for healthcare
blockchains and smart contracts.
S8.2 Design of a credible blockchain-based e-health records (CB-EHRs) platform
Lingyu Xu, Antoine Bagula, Omowunmi Isafiade and Kun Ma, University of the Western Cape,
South Africa; and Tapiwa Chiwewe, IBM Research Africa, South Africa
With the rapid development of electronic health care, the era of medical big data has already
emerged. However, in the global electronic health industry environment, one of the significant
challenges is that the various medical institutions are independent of one another. Patients,
doctors and medical researchers have significant barriers in accessing medical data. As an
intervention strategy using blockchain principle, this paper explores the characteristics of
blockchain which are applicable to the management of electronic health records (EHRs), and
presents a credible blockchain-based electronic health records (CB-EHRs) management
platform. A CB-EHRs platform is characterized by decentralization, data tamper-proof,
collective maintenance mechanisms, security and credibility. This platform cannot only realize
data sharing between medical institutions, but also ensures the privacy of users. This paper
introduces the components of the CB-EHRs platformmodel and the implementation principle of
its related functions. In addition, this paper also reviews and selects the delegated Byzantine
Fault Tolerance (dBFT) consensus mechanism as a viable option for the CB-EHRs platform.
Finally, by comparing with the Practical Byzantine Fault Tolerance (PBFT) consensus
mechanism and our research, we highlight the potential advantages of our proposed CB-EHRs
platform in the medical domain.
S8.3 The GDPR transfer regime and modern technologies
Melania Tudorica and Trix Mulder, University of Groningen, The Netherlands
Health data comes within a person's most intimate sphere. It is therefore considered to be
sensitive data due to the great impact it could have on a person's life if this data were freely
available. Unauthorized disclosure may lead to various forms of discrimination and violation of
fundamental rights. Rapid modern technological developments bring enormous benefits to
society. However, with this digitization, large amounts of health data are generated. This makes
our health data vulnerable, especially when transferred across borders. The new EU General
Data Protection Regulation (GDPR) legal framework provides for rights for users of modern
technologies (data subjects) and obligations for companies (controllers and processors) with
regard to the processing of personal data. Chapter V of the GDPR protects personal data that are
transferred to third countries, outside the EU. The term 'transfer' itself, however, is not defined
by the GDPR. This paper examines whether transfer within the meaning of the GDPR applies to
health data processed by modern technologies and if the complexity of the GDPR legal
framework as such sufficiently reflects reality and protects health data that moves across borders,
in particular to jurisdictions outside the EU.
– 208 –
