Abstract
After both national governments and healthcare institutions have attempted moving towards using electronic health records (‘EHRs’), access control, transparency, and auditability have emerged as important success factors. Distributed ledger technology (‘DLT’) has been proposed as a mechanism to allow patients to control their electronic health records. Underpinning ‘smart contracts’, DLT might help automate and streamline the consent and healthcare management process. However, the degree to which DLT can remain compatible with auditability requirements imposed by current data privacy regulations remains an ongoing implementation challenge. In this paper, we present a comparison of auditability requirements for EHRs in five jurisdictions: United States, Australia, Switzerland, the European Union, and the Council of Europe. Further, we examine the extent to which DLT can help satisfy these auditability requirements. Following our comparative doctrinal analysis, we identify similarities but conclude there is no universal granular definition for auditability in the five jurisdictions we examine. Therefore, we argue that DLT and smart contracts cannot oust the role of legal regulation with respect to patient data. Nevertheless, in concert with regulation, further encryption mechanisms, and patient education, this technology can provide a mechanism to satisfy the need for patients, physicians, and researchers to access auditable EHRs. We then use these three case studies to demonstrate the potential of DLT in an ethically and legally integrated implementation approach.
Original language | English |
---|---|
Pages (from-to) | 173-201 |
Number of pages | 29 |
Journal | Journal of Law, Information & Science |
Volume | 26 |
Issue number | 1 |
Publication status | Published - 2021 |
Keywords
- distributed ledger technology
- privacy
- electronic health records
- patient data