D5.13 Design and Specifications of the Blockchain-based Auditing Mechanism (Version 1)

The aim of deliverable D5.13 is to identify the functions that a blockchain-based auditing mechanism should offer for cross-border data exchange scenarios, to design the mechanism that satisfies these functions and to detail its specifications. In particular, our aim is to develop a system that allows to prove that certain eHealth data have been requested bya legitimate entity, and whether they have been provided or not. For example, when the National Contact Point of one country requests data for a patient from the National Contact Point of another country, both countries need to keep an unforgeable copy of the transaction, in order to be able to prove in the future that the data has been requested and/or received. A similar approach can be followed in the cross-region (national) scenario, in which health data should be exchanged intra-border, i.e. between different private and/or public institutions within a country. A blockchain is a distributed data structure that can solve this issue by linking each block to its predecessor via cryptography. As a first step, the log flow within OpenNCP is detailed in order to identify the log files that are created for each transaction. An overview of the most prominent open source tools for efficient management of log files, along with a description of SmartLog tool, provided by Bit4id, is then presented. After briefly presenting the blockchain-based auditing requirements that were defined in D4.3, the blockchain-based auditing mechanism that is essential for KONFIDO is described. This mechanism can be split into two main categories: blockchain-based logging and blockchain-based informed consent. In the former category, privacy-critical operations(such as log files collected by National Contact Point nodes regarding a specific cross-border exchange) are stored on a blockchain in order to provide traceability and liability support. In the latter category, any consent provided through OpenNCP (e.g. from a patient to a specific physician) is stored on a blockchain in order to provide a permanent record on when this consent was provided and its duration. Having detailed the design of the blockchain-based auditing mechanism, four potential candidate blockchain implementations (Multichain, Ethereum, Hyperledger Sawtooth and Hyperledger Fabric) are investigated to support the design of the required mechanism. The document concludes with the specifications of the blockchain-based auditing mechanism.