Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing
Md Al Amin, Hemanth Tummala, Rushabh Shah, Indrajit Ray
TL;DR
This work tackles the challenge of balancing patient privacy with secure PHI sharing under regulatory regimes like $HIPAA$ and $GDPR$. It introduces a privacy-preserving, blockchain-based framework that uses smart contracts to capture and enforce patient-informed consent (via $PPA$ and $SIC$), while maintaining provenance through a private audit blockchain anchored to a public chain and validating compliance via a novel Proof of Compliance ($PoC$) mechanism. Key contributions include formalizing the $PPA$ and $SIC$ structures, deploying per-patient smart contracts, integrating an honest broker to attest data protection status, and providing provenance services and independent compliance verification. The approach enhances transparency, tamper-resistance, and accountability in PHI sharing, with practical implications for policy enforcement, auditability, and patient control over data usage; future work will address lifecycle management of consents, encryption/key management, and broader performance evaluations.
Abstract
Protected Health Information (PHI) sharing significantly enhances patient care quality and coordination, contributing to more accurate diagnoses, efficient treatment plans, and a comprehensive understanding of patient history. Compliance with strict privacy and security policies, such as those required by laws like HIPAA, is critical to protect PHI. Blockchain technology, which offers a decentralized and tamper-evident ledger system, hold promise in policy compliance. This system ensures the authenticity and integrity of PHI while facilitating patient consent management. In this work, we propose a blockchain technology that integrates smart contracts to partially automate consent-related processes and ensuring that PHI access and sharing follow patient preferences and legal requirements.