ClinConNet: A Blockchain-based Dynamic Consent Management Platform for Clinical Research

Consent is an ethical cornerstone of clinical research and healthcare in general. Although the ethical principles of consent - providing information, ensuring comprehension, and ensuring voluntariness - are well-defined, the technological infrastructure remains outdated. Clinicians are responsible for obtaining informed consent from research subjects or patients, and for managing it before, during, and after clinical trials or care, which is a burden for them. The voluntary nature of participating in clinical research or undergoing medical treatment implies the need for a participant-centric consent management system. However, this is not reflected in most established systems. Not only do most healthcare information systems not follow a user-centric model, but they also create data silos, which significantly reduce the mobility of patient data between different healthcare institutions and impact personalized medicine. Furthermore, consent management tools are outdated. We propose ClinConNet (Clinical Consent Network), a platform that connects researchers and participants based on clinical research projects. ClinConNet is powered by a dynamic consent model based on blockchain and take advantage of dynamic consent interfaces, as well as blockchain and Self-Sovereign Identity systems. ClinConNet is user-centric and provides important privacy features for patients, such as unlinkability, confidentiality, and ownership of identity data. It is also compatible with the right to be forgotten, as defined in many personal data protection regulations, such as the GDPR. We provide a detailed privacy and security analysis in an adversarial model, as well as a Proof of Concept implementation with detailed performance measures that demonstrate the feasibility of our blockchain-based consent management system with a median end-to-end consent establishment time of under 200ms and a throughput of 250TPS.

💡 Research Summary

ClinConNet is a comprehensive platform that modernizes informed‑consent management for clinical research by integrating blockchain technology with Self‑Sovereign Identity (SSI). The authors identify three major shortcomings of current systems: (1) they are clinician‑centric and rely on paper or static digital forms, (2) they create data silos that hinder the mobility of consent and health data across institutions, and (3) they provide limited participant control over their own consent and identity. To address these issues, ClinConNet combines three technical pillars.

First, it adopts an SSI model based on Decentralized Identifiers (DIDs) and a wallet application. Participants generate a pair of DIDs – a public, discoverable DID stored on the blockchain and a private (peer) DID kept only on their device – together with the associated asymmetric key pair. This gives users full ownership of their identity data and eliminates reliance on centralized identity providers.

Second, the platform runs on a permissioned Hyperledger Fabric consortium blockchain. Smart contracts encode the consent lifecycle (creation, update, revocation) and enforce non‑repudiation, immutability, and access‑control policies. Because Fabric supports fine‑grained channel policies and endorsement, only authorized parties can invoke or read consent‑related transactions, while the ledger remains a single source of truth for all participants.

Third, a privacy‑by‑design “proxy‑anonymizer” architecture is introduced. The web portal acts as an honest‑but‑curious intermediary that forwards consent requests and proofs without ever learning the link between a participant’s private DID and the public DID recorded on‑chain. Consequently, the on‑chain hash that represents a consent record is permanently dissociated from the participant’s real identity, enabling full compliance with the “right to be forgotten” (RTBF). The authors distinguish partial RTBF (where on‑chain traces remain linkable) from full RTBF (where the link can be destroyed); ClinConNet achieves the latter, a capability missing in comparable solutions such as Dwarna, purpose‑based e‑consent, and MediLinker.

The paper provides a systematic comparison of existing blockchain‑based dynamic‑consent systems, categorizing them into ledger‑centric, hybrid web‑blockchain, and SSI‑based approaches. It highlights that ledger‑centric solutions expose metadata on the ledger, hybrid solutions centralize identity in a portal, and SSI‑based solutions often retain on‑chain artifacts that prevent full RTBF. ClinConNet’s combination of SSI wallets, on‑chain proof of consent, and a proxy architecture resolves these limitations.

A detailed adversarial security analysis is presented, covering authentication, integrity, non‑repudiation, confidentiality, unlinkability, and data minimization. The analysis assumes malicious actors who may control the portal, attempt to correlate on‑chain hashes with external data, or try to tamper with consent records. The authors demonstrate that, under the proposed design, such attacks are mitigated by cryptographic signatures, the separation of on‑chain and off‑chain data, and the inability of the portal to link private DIDs to public identifiers.

Performance evaluation is conducted on a proof‑of‑concept implementation. Cryptographic operations executed by the SSI wallet (key generation, signing, verification) average under 5 ms per operation, with key generation taking about 30 ms. Smart‑contract invocations achieve a median end‑to‑end consent establishment time of less than 200 ms and a throughput of roughly 250 transactions per second (TPS) for consent‑related functions, and up to 320 TPS for the most frequent operations. These figures demonstrate that the system can handle realistic clinical‑trial workloads while maintaining low latency. All source code and benchmarking scripts are released on GitHub to support reproducibility.

In conclusion, ClinConNet delivers a participant‑centric, privacy‑preserving, and regulator‑compliant consent management solution. By granting users sovereign control over their identities, leveraging immutable blockchain records for non‑repudiable consent, and ensuring that consent data can be fully erased from any linkable context, the platform addresses the ethical and technical gaps of current consent practices. Remaining challenges include improving the user experience of SSI wallets, defining robust key‑recovery mechanisms, and establishing governance models for the consortium blockchain across diverse healthcare institutions. Future work will explore integration with the European Digital Identity Wallet and the European Health Data Space, further aligning the platform with emerging cross‑border health data regulations.