We have participated in several panel presentations and discussions on blockchain recently, and the topic of General Data Protection Regulation (GDPR) -- which went into effect May 25th -- has arisen with respect to blockchain's immutable ledger. While PokitDok is a United States corporation, we have designed our platform-as-a-service to scale globally and have created what we term a Trusted Borderless Health Network.
So, what does the GDPR have to do with PokitDok? Turns out, quite a lot. First, our Contextual Relevant Identity By Consensus algorithm on DokChain is specifically designed to scale globally for any identity provider. Second, the GDPR does not just apply to EU organizations;it also extends to organizations outside the EU which provide services to EU citizens. This means that PokitDok's customers need to consider the GDPR when serving their EU customers. But, the good news is PokitDok can help, as PokitDok has an extensive background in security and compliance, as well as a forward-looking technology platform built with security and privacy as a core tenet. In particular our DokChain solution directly addresses most of the major technical changes coming with GDPR and can facilitate the administrative controls as well.
The main change with GDPR is that consent must be clear and distinguishable from other matters. DokChain provides granular access grants, where each piece of data can be controlled with a very simple request for access that the owner completely controls. This access grant is enforced on the DokChain distributed ledger to ensure absolute immutable auditability without exposing any personal data outside of any of the involved parties.
Right to Access
Another GDPR change addresses an individual's right to obtain details about what personal data is being accessed and for what purposes. Again, DokChain provides the solution with a transparent audit trail on the distributed ledger, detailing access to data elements with when, by whom and what specific access grant allowed the access. All this information on the distributed ledger is anonymized through public keys and encrypted data pointers to off-chain data stores. So, only the individual data owner and those to whom that owner grants access are able to see the actual data accessed.
Right to be Forgotten
Also called Data Erasure, with GDPR the individual data owner has the right to have all personal data deleted, to prevent dissemination of that data, and to stop any current processing of the data. With DokChain's granular access controls, encrypted off-chain data handling and integration, combined with auditing the complete access history, allow for a complete removal of the actual data. Although the on-chain but anonymous audit trail is immutable, the encrypted off-chain data is not.
With DokChain, two steps can be enacted at the data owner's command:
- First, delete the encryption key for the data, thereby making any data immediately irrecoverable.
- Second, utilize the audit trail to specifically delete all off-chain data storage. The immutable data is actually a hashed value or set of temporal values that reference encrypted data off-chain for the specifics of the identity.
Figure 1 depicts the process using our basic account recovery and resetting key management mechanics.
Data Portability is the fundamental issue driving the development of DokChain. With a very strong underlying identity mechanism, audited access grants, encrypted off-chain data integration patterns, and data owner-centric control of the immutable record, the retrieval and transfer of data is facilitated while conforming to all the US and EU privacy control requirements of HIPAA and GDPR.
Privacy by Design
The choice of a distributed ledger with encrypted off-chain data integration for DokChain is fundamentally a "Privacy by Design" implementation. All aspects in the design of DokChain maximize the security of handling private data and put the data control and consent with the data owner, without compromising the data's usability and portability. The DokChain Identity by Consensus implementation specifically limits access to specific data about an individual and their personal data, to the context of the request. For example, when asked about a specific condition of an individual, given specific consent from the individual data owner, the system can respond with a true/false answer without having to reveal anything else about the individual.