Digital health tools now generate sensitive information well beyond clinical settings, from consumer apps and wearables that track activity, sleep, blood pressure and oxygen levels to platforms that interpret intimate physiological signals. Yet many devices are not subject to mandatory quality control, and users are often not meaningfully informed about who receives their data or how long it is stored. Concerns include opaque sharing practices, limited options to revoke permissions, and persistent data flows to large cloud providers. A conceptual framework proposes combining consent management with technologies that can verifiably track consent and data use, with the aim of strengthening transparency, trust and willingness to share data for care and research.
Consent, Regulation and Public Willingness
Personally generated health data sits at the intersection of ethical standards and legal requirements. Foundational ethics instruments emphasise informed consent, while in Europe the General Data Protection Regulation sets the binding legal framework for processing, including explicit, specific consent where no other lawful basis applies, with provisions for research under safeguards. Consent models have evolved to balance data protection with scientific utility. Broad consent authorises future research for a defined period but can lack granularity. Dynamic consent allows case-by-case permissions through digital interfaces yet risks fatigue. Meta consent lets individuals decide how to provide consent for past and future use. A platform-based Standard Health Consent model is proposed to combine features of these approaches and enable standardised, easy-to-use consent for both primary and secondary data sharing.
Public attitudes underscore the centrality of transparency and control. Surveys indicate high willingness to share anonymised data for research, with a clear preference for active opt-in rather than passive opt-out mechanisms. Detailed information about usage, storage, privacy and protection increases willingness to share, while opacity about which actors access data undermines trust. People report more comfort sharing with healthcare professionals, academic researchers and non-profits than with for-profit or governmental organisations. The framework therefore argues for mechanisms that allow individuals to view and change consent at any time and to receive feedback on the purposes and projects that use their anonymised data. These features are positioned as key to bridging the gap between public willingness and operational needs.
At the same time, structural barriers persist. Many wearable vendors retain extensive data rights through service agreements and monetise data, offering little incentive to adopt user-controlled models. The authors suggest that real-world implementation of transparent consent systems will likely depend on regulatory mandates, public pressure or integration into public-sector platforms that prioritise data ethics and agency.
Blockchain and SSI for Verifiable Control
The framework assesses blockchain, self-sovereign identity and decentralised identifiers as key enablers of consent tracking and accountable access. Blockchain provides a tamper-resistant ledger of events, with smart contracts recording consent states, grants, revocations and access metadata while keeping the underlying health data off-chain. For personally generated data, a consortium blockchain is proposed to balance privacy with shared control, allowing trusted entities such as health systems to validate transactions while maintaining an auditable, time-stamped trail. Once consent is recorded, changes are appended as new blocks, creating an immutable history of permissions and use.
Smart contracts can automate evaluation of access requests against registered preferences. An individual sets consent in a platform, which writes an initial right to the chain. When a healthcare provider or research organisation requests access, the platform evaluates the request, either contacting the individual for confirmation or granting access automatically according to preferences. Revocation is supported at any time, with near-immediate update of access status. Interoperability with clinical systems is addressed through secure interfaces and standards such as HL7 FHIR, including examples where consent states can be synchronised with electronic health records and national identification provider networks.
Benefits include enhanced transparency, reduced administrative burden and support for compliance by providing auditable trails of consent. Challenges include transaction performance and energy use, addressed through permissioned networks with selected validators, and the need to manage dependencies on external data sources via oracles. Usability and key management remain hurdles, especially for non-technical users. Pilot efforts illustrate feasibility of blockchain-based consent enforcement, but sustained adoption depends on integration with healthcare infrastructure and user-friendly interfaces.
Self-sovereign identity and decentralised identifiers complement blockchain by placing identity control with individuals. Using standards for verifiable credentials, health platforms can link data and consent to identifiers that are portable across systems. Consent credentials can specify data scope, purpose and duration, embed expiries, and be revoked or updated by the user. Notifications can inform people about upcoming expirations or new uses of their data. Key recovery options such as social mechanisms, biometrics or custodial backups are discussed alongside trade-offs, with the reminder that time criticality differs across use cases. Interoperability challenges persist due to fragmented systems, reinforcing the need to adhere to open standards.
Linkage with De-identified Tokens
Linking personally generated data with clinically generated data can expand research utility while preserving privacy. Privacy-preserving record linkage enables matching across databases without revealing sensitive variables. Commercially adopted techniques generate de-identified tokens by encrypting identifiers into unique placeholders that cannot be reversed, allowing the same person’s records to be linked across sources without exposing personal information. This can connect app or wearable data with clinical trials or electronic records, support real-world evidence and coordinate care while maintaining data minimisation.
Must Read: Addressing Health Inequities with Data Sharing
The approach offers benefits across stakeholders. For individuals, it adds a layer of protection against unauthorised exposure while enabling contributions to research and care pathways. For healthcare providers, it improves interoperability between disparate datasets without sharing identifiable data. For researchers, it facilitates aggregation of rich multi-source datasets needed for precision medicine and population analyses.
Still, risks remain. Cross-dataset re-identification is possible when unique patterns or rare trajectories make people distinguishable, especially as analytic techniques advance. Peer-to-peer linkage can invite brute-force attempts to force matches. Mitigations include secure multi-party computation, the use of a trusted third party to govern matching at scale, and methods that minimise linkability between source and encoded records. Practical limits include reduced suitability for some retrospective collections, sensitivity to incomplete input during token generation, and the need for robust infrastructure and governance to maintain integrity and prevent misuse.
A comparative view positions blockchain with self-sovereign identity for fine-grained, user-managed consent and accountability, while de-identified tokens suit large-scale linkage that does not require continuous user involvement. A hybrid approach can combine personalised consent with scalable integration across silos. Implementation barriers include digital literacy, integration costs and uneven interoperability. Proposed mitigations include simplified interfaces, training, embedding consent tools in familiar portals, automation of routine tasks, targeted funding and inclusive design to support digitally marginalised groups.
Secure consent management that is transparent and verifiable is presented as essential to safeguarding autonomy and unlocking data for care and research. By combining consent platforms with blockchain, self-sovereign identity and de-identified tokens, the framework aims to give individuals meaningful control and provide accountable access across clinical and research systems. Integration with existing health IT, alignment with legal requirements and attention to usability are critical. Next steps include technical prototyping alongside stakeholder validation to assess trust, usability and scalability in practice.
Source: npj digital medicine
Image Credit: iStock
