Advancing Compliance with HIPAA and GDPR in Healthcare: A Blockchain-Based Strategy for Secure Data Exchange in Clinical Research Involving Private Health Information

Barbaria, Sabri; Jemai, Abderrazak; CEYLAN, Halil; Muntean, Raul; Dergaa, Ismail; Boussi Rahmouni, Hanene

doi:10.3390/healthcare13202594

Advancing Compliance with HIPAA and GDPR in Healthcare: A Blockchain-Based Strategy for Secure Data Exchange in Clinical Research Involving Private Health Information

Barbaria S., Jemai A., CEYLAN H. İ., Muntean R. I., Dergaa I., Boussi Rahmouni H.

Healthcare (Switzerland), cilt.13, sa.20, 2025 (SCI-Expanded)

Yayın Türü: Makale / Derleme
Cilt numarası: 13 Sayı: 20
Basım Tarihi: 2025
Doi Numarası: 10.3390/healthcare13202594
Dergi Adı: Healthcare (Switzerland)
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Social Sciences Citation Index (SSCI), Scopus, CINAHL, Directory of Open Access Journals
Anahtar Kelimeler: attribute-based access control, blockchain technology, cryptographic protocols, data interoperability, GDPR compliance, healthcare informatics, HIPAA regulations, Hyperledger Fabric, privacy preservation, smart contracts
Atatürk Üniversitesi Adresli: Evet

Özet

Background: Healthcare data interoperability faces significant barriers, including regulatory compliance complexities, institutional trust deficits, and technical integration challenges. Current centralized architectures demonstrate inadequate mechanisms for balancing data accessibility requirements with patient privacy protection, as mandated by HIPAA and GDPR frameworks. Traditional compliance approaches rely on manual policy implementation and periodic auditing, which are insufficient for dynamic, multi-organizational healthcare data-sharing scenarios. Objective: This study develops and proposes a blockchain-based healthcare data management framework that leverages Hyperledger Fabric, IPFS, and the HL7 FHIR standard and incorporates automated regulatory compliance mechanisms via smart contract implementation to meet HIPAA and GDPR requirements. It assesses the theoretical system architecture, security characteristics, and scalability considerations. Methods: We developed a permissioned blockchain architecture that employs smart contracts for privacy policy enforcement and for patient consent management. The proposed system incorporates multiple certification authorities for patients, hospitals, and research facilities. Architectural evaluation uses theoretical modeling and system design analysis to assess a system’s security, compliance, and scalability. Results: The proposed framework demonstrated enhanced security through decentralized control mechanisms and cryptographic protection protocols. Smart contract-based compliance verification can automate routine regulatory tasks while maintaining human oversight in complex scenarios. The architecture supports multi-organizational collaboration with attribute-based access control and comprehensive audit-trail capabilities. Conclusions: Blockchain-based healthcare data-sharing systems provide enhanced security and decentralized control compared with traditional architectures. The proposed framework offers a promising solution for automating regulatory compliance. However, implementation considerations—including organizational readiness, technical complexity, and scalability requirements—must be addressed for practical deployment in healthcare settings.