TY  - JOUR
AU  - Hawig, David
AU  - Zhou, Chao
AU  - Fuhrhop, Sebastian
AU  - Fialho, Andre S
AU  - Ramachandran, Navin
PY  - 2019
DA  - 2019/6/14
TI  - Designing a Distributed Ledger Technology System for Interoperable and General Data Protection Regulation–Compliant Health Data Exchange: A Use Case in Blood Glucose Data
JO  - J Med Internet Res
SP  - e13665
VL  - 21
IS  - 6
KW  - distributed ledger technology
KW  - directed acyclic graph
KW  - IOTA
KW  - IPFS
KW  - blockchain
KW  - Masked Authenticated Messaging, MAM
KW  - mobile health
KW  - blood glucose
KW  - diabetes
KW  - FHIR
AB  - Background: Distributed ledger technology (DLT) holds great potential to improve health information exchange. However, the immutable and transparent character of this technology may conflict with data privacy regulations and data processing best practices. Objective: The aim of this paper is to develop a proof-of-concept system for immutable, interoperable, and General Data Protection Regulation (GDPR)–compliant exchange of blood glucose data. Methods: Given that there is no ideal design for a DLT-based patient-provider data exchange solution, we proposed two different variations for our proof-of-concept system. One design was based purely on the public IOTA distributed ledger (a directed acyclic graph-based DLT) and the second used the same public IOTA ledger in combination with a private InterPlanetary File System (IPFS) cluster. Both designs were assessed according to (1) data reversal risk, (2) data linkability risks, (3) processing time, (4) file size compatibility, and (5) overall system complexity. Results: The public IOTA design slightly increased the risk of personal data linkability, had an overall low processing time (requiring mean 6.1, SD 1.9 seconds to upload one blood glucose data sample into the DLT), and was relatively simple to implement. The combination of the public IOTA with a private IPFS cluster minimized both reversal and linkability risks, allowed for the exchange of large files (3 months of blood glucose data were uploaded into the DLT in mean 38.1, SD 13.4 seconds), but involved a relatively higher setup complexity. Conclusions: For the specific use case of blood glucose explored in this study, both designs presented a suitable performance in enabling the interoperable exchange of data between patients and providers. Additionally, both systems were designed considering the latest guidelines on personal data processing, thereby maximizing the alignment with recent GDPR requirements. For future works, these results suggest that the conflict between DLT and data privacy regulations can be addressed if careful considerations are made regarding the use case and the design of the data exchange system. 
SN  - 1438-8871
UR  - http://www.jmir.org/2019/6/e13665/
UR  - https://doi.org/10.2196/13665
UR  - http://www.ncbi.nlm.nih.gov/pubmed/31199293
DO  - 10.2196/13665
ID  - info:doi/10.2196/13665
ER  -