Blockchain-enabled Clinical Study Consent Management

1.1 Relevance of the Subject Conducting clinical studies includes an obligation to publish results to participants, sponsors, colleagues, and the public (Antes, 2009). ClinicalTrials.gov lists over 304,000 studies with locations in 208 countries (ClinicalTrials, 2019). The German Register of Clinical Trials (Deutsches Register für Klinische Studien, [DRKS]) is the primary registry for Germany. The aim of this registry is as a central contact point to provide the public with a complete and up-to-date overview of clinical trials conducted in Germany. The University Hospital of Freiburg started implementing DRKS as part of a BMBF project in 2017. Since July 1st of that year, the German Institute has continued it permanently for Medical Documentation and Information (Deutsches Institut für Dokumentation und Information, [DIMDI], 2019).


Relevance of the Subject
Conducting clinical studies includes an obligation to publish results to participants, sponsors, colleagues, and the public (Antes, 2009). ClinicalTrials.gov lists over 304,000 studies with locations in 208 countries (ClinicalTrials, 2019). The German Register of Clinical Trials (Deutsches Register für Klinische Studien, [DRKS]) is the primary registry for Germany. The aim of this registry is as a central contact point to provide the public with a complete and up-to-date overview of clinical trials conducted in Germany. The University Hospital of Freiburg started implementing DRKS as part of a BMBF project in 2017. Since July 1st of that year, the German Institute has continued it permanently for Medical Documentation and Information (Deutsches Institut für Dokumentation und Information, [DIMDI], 2019).
A large number of national and international guidelines must be adhered to in order to ensure the quality of a clinical study. The documentation and archiving of agreement declarations for scientific and medical studies are indispensable, and are required by ethical committees before the start of research work.
This assures that the patient voluntarily participates in the study, and additionally that they agree to usage of the obtained results. By giving their consent, the study organizer secures the patient's legal rights, as well as protecting their own.
Written informed consent (WIC) is required in the context of voluntary participation in a clinical study, by the study participant (patient), according to § 40 AMG, § 20 MPG, § 3 (2b) of the Ordinance on the Application of Good Clinical Practice (GCP Ordinance) in the conduct of clinical trials with drugs for human application (European Medicines Agency EMA, 2019). Various formats exist to provide and document informed consent (Synnot et al., 2016).
The rationale for WIC is to provide subjects with the right of access to detailed (patient) information. Additionally, it is meant to provide sufficient time for a patient's reflection, before signing their consent and commencing the clinical trial, which is often documented by means of what's called a "digital time stamp". The physician conducting the study has a duty to inform persons being tested about the study in a personal consultation, and to answer the patient's questions (Purcaru, 2014). This can also be recorded digitally on an individual basis (for example, with a voice Written informed consent (WIC) is required in the context of voluntary participation in a clinical trial. The trial participant gives WIC in accordance with various regulatory requirements. We present a framework concept for a blockchain-based distributed ledger solution, which aims at implementing simple and secure management of WIC documentation, along the entire data value chain from acquiring consent to academic publication, and (commercially) exploiting the results of a clinical study. This may include (but is not limited to) clinical deployment, security monitoring, and conformity with data privacy and ethical standards. Thus, we present a potential "Health AI" application that goes beyond WIC documentation, to enabling the creation of a holistic data provenance trail graph. Such a framework concept aims to create sustainable value for study participants, clinicians, data scientists, and ultimately consumers. The framework's usefulness is relevant for ensuring the ethical development of artificial intelligence applications in the healthcare domain.
I think the biggest innovations of the 21st century will be at the intersection of biology and technology. A new era is beginning.
Steve Jobs recording) before the patient's declaration of consent is digitally signed and archived.
In clinical practice, WIC has to be defined, evaluated, and approved in advance with representatives of all relevant stakeholders (for example, Clinical Research Organisation, [CRO], patient representatives, sponsors, and ethics committees). To ensure that documentation meets the requirements, both clarification of persons tested, and obtaining of their signatures may only be carried out by actual physicians themselves, based on a standardized template. WIC must also include information on data protection, as well as the right to withdraw consent (Aerztekammer, 2019).
The introduction of EU Data Protection Basic Regulation (GDPR) on May 25th, 2018, changed the requirements for medical research projects that involve the processing of personal data. In the case of studies already in progress before that date, in which participant data continues to be collected afterwards, information sharing is required as a matter of principle (Wenlong, 2018).

Research & Practice Gap and Research Objective
Researchers, clinics, regulatory authorities, and others have an objective to improve their informed consent procedure in clinical research. Previous research has tested various digitized solutions (Tait, 2015;Synnot et al., 2016;Nugent et al., 2016) using consent systems. As well, previous efforts have been made both to suggest and attempt to implement blockchain solutions for implied consent (Choudhury et al., 2018;Omar et al., 2019;Osipenko, 2019). However, there is currently no available a scalable technical solution that addresses the major challenges of WIC.
In many current cases, paper documentation is still used to retrieve and store analog patient consent forms. This makes it hard to account for subsequent retrieval of documents, personnel changes, water damage, fire, etc., and can lead to ambiguities and damage of documents. In addition, hospitals apply different standard documentation for patient consent forms. Thus, the completeness of stored documents is compromised, and there is no common index created for retrospective archive searches.
Lastly, after successfully conducting a clinical study, there is usually no practical way, either for study participants or researchers, to obtain any subsequent changes to the consent given, or parts thereof. Nevertheless, it might be important to either restrict or extend the consent later on in the medical process, for a purpose that was not considered at the time of data collection (and thus there was no explicit consent for it), in case the data might still be valuable for answering additional research questions. In such a context, there is no practical way of solving the "right to be forgotten", which is now a requirement of the GDPR. This problem addresses how, if a participant wants, subsequent to clinical testing, to withdraw their consent (Wenlong 2018). Associated with this, an inability to change status may also block new business opportunities, for example, when a patient's consent does not include certain commercial applications of the study data.

Research & Practice Questions and Approach
Primary clinical research is extremely resourceintensive, in terms of time and money. The process of data acquisition can be lengthy in particular (Nijhawan, 2013). We argue in this paper that decentralized and secure management of consent data can help expand the application fields for individual clinical studies with multiple data uses. Such technological implementation can save resources for scientists and research institutes, and lead to advances in the research process. Further standardization, such as pre-formulated templates, can be designed to offer an advantage for ethical committees (IRB counsels) and scientists, which additionally accelerate the complex administrative process.
To trace WICs from end-to-end (E2E) means to make it possible to monitor each individual step of a clinical trial process transparently. This covers data collection, processing, application of machine learning, and deployment of results to the final product. The aim is to provide a ground layer for medical data provenance.
Ultimately, as the technology advances, tracking data provenance trails in a distributed ledger system will enable end-users to understand exactly which input data a machine-generated output (machine learning model prediction) is based on. For example, the system could attest that a predictive algorithm for Parkinson's diagnosis has been trained on 5,000 patient records, all of which have given their consent, from a multi-centre study that includes 27 different countries.

As-Is-Situation and To-Be-Situation
For participation in clinical trials, participants (patients or healthy subjects) nowadays must first give their written informed consent (Nijhawan, 2013). The study's protocols must therefore be approved in advance by an ethics committee, while the study's physician manages the operational steps: • informing study participants, • obtaining written informed consent (WIC), • enabling proper storage of WICs, • ensuring adequate data storage of collected study data.
A declaration of consent, as well as its potential revision in clinical trials, should be transparent for study subjects, and comprehensible for all parties involved.
This paper outlines how to develop and implement a standardized digital process that streamlines the process of obtaining study participants' clinical consent. This is achieved by linking patient consent to ongoing blockchain protocol revisions. In this way, the system will be able to store (off-chain, in decentralized storage) and track (on-chain) patient consent in a secure, more accident-free, publicly verifiable way, through real-time exchange of information.
Our research supports the development, risk assessment, and implementation of innovative distributed ledger business models, based on novel digital solutions. In our work, we applied a toolbox that aimed at developing an individual business model that can be operated economically (Echterhoff et al., 2017).
The first step of our structured research approach was to determine features of the current WIC status quo, as well as the basic functional dimensions for digitized clinical study consent management. We describe the findings in a morphological box (see Figure 1).
Our findings show that it is necessary to replace the status quo WIC paper form used in daily practice for documentation and workflow (from managing patient consent forms to publishing the study's results). Current research results suggest that new digital technology is on the verge of offering new opportunities to map WIC documents in an organisationally and legally secure manner digitally (Benchoufi, 2018;Borioli, 2018). Therefore, we plan to supplement their efforts by contributing a workflow using a blockchain system.
"Blockchain" is a distributed ledger technology, invented in theory in a white paper by the pseudonymous "Satoshi Nakamoto" from 2008, then actualized in practice starting January 3, 2009 with the start of Bitcoin. We believe the decentralised character of "blockchain" systems provides an alternative option for data management, which is conducted "by the social machine and cryptographised to enable various levels of user anonymity and thus greater freedom of participation" (Sandstrom, 2017a). Blockchain enables the recording of information between a variety of operators through a social recording system with data procedures. The recording system is a distributed ledger, in which a block of information is stored in a distributed fashion. The ledger is immutable and is available to all operators through a distributed  Healthcare, along with many other industries involving identity and consent, is a relevant area in our economy that will be transformed by digital technologies such as blockchain. Numerous new studies and research results have been published in recent years, making it difficult for researchers and practitioners to keep up with the technical and system-level advances. A systematic meta-study on health care applications of distributed ledgers is needed to provide a structured overview (Agbo et al., 2019).
The digital solution proposed here, still notably a theoretical contribution rather than an application with results at this stage, nevertheless aims to point out the following advantages compared with current paper-based practices: • Efficient and effective storage of WIC form data via a blockchain digital platform (instead of paper-based form), • Standardized collection of consent, including preparation of WIC declarations by study coordinators, as well as assessment of WIC declarations templates, involving ethics committees throughout the approval process, • Management process oversight (workflow of WIC form) and documentation of compliance with all necessary measures (including timestamps), • Simple digital verification and change management (up-to-date signatures, duty to provide information as, for example, in the context of the GDPR, implementing the "right to forget" at the request of a patient), • Easy to obtain WIC declarations for the use of data in further studies, • Operational implementation of study-specific consent management requirements (for example, selection of researchers with whom only certain data is shared), • Consistent end-to-end (E2E) provenance of data and consent for machine learning applications (for example, a data scientist can digitally check which data may be used for what, without compromising user data integrity), • Ensuring reciprocity (for example, patients can be contacted anonymously), to inform subjects about the study results at the end of the study, • Transparency regarding the origin of data in end-user applications.

Value Network: Stakeholder Network and Unmet Stakeholder Needs
Another step of our structured approach was to define the value network for our use case, and thus to analyse the unmet needs of the stakeholder network involved or impacted by the written consent process of a clinical study (Suman, 2018). Research participants, researchers, and research coordinators form the core of the stakeholder network. Clinics, pharma industry, health insurance companies, regulatory bodies, and many more form the additional elements of the stakeholder network.
Paper-based consent forms have many shortcomings that have led to mistakes in clinical studies. The written consent process must ensure that all stakeholders of a clinical study secure the prospective research participant's ethical and legal right to selfdetermination. According to the different stakeholder interests and roles involved, the aim is to ensure that all stakeholders: 1) understand concepts associated with voluntary participation, the option to withdraw participation or get information about unforeseen, additional but critical findings for participants, and 2) are assisted and supported during the entire clinical study, in the complex decision-making process that may have many options.
Exemplary for this case, we assume that the study's lead physician acts as an aggregator of the sensitive data and thus represents the 'single point of failure'. Several problems arise in the further processing of data collected in a clinical study: • It is often unclear, non-GDPR-conform, further use of the data with often unclear, limited application purpose, • The data processor (for example, data scientist) is usually not aware of the details of the consents or does not have access to them, • There is no use of the data for other purposes, which go beyond the originally defined one(s), for example, if follow-up questions arise from the research work, new data would theoretically have to be collected or the study participants would have to be asked ex-post, • There is no practical or feasible way of changing consent, neither if the study participant wishes to extend, limit or cancel their consent, nor if the study

Blockchain-enabled Clinical Study Consent Management
Hans H. Jung and Franz M.J. Pfister organizer wishes to apply for a consent change (for example, change of purpose), • There may be complete lack of transparency of the consent's contents, such that the information chain breaks off in most cases after the study's coordinated data has been handed over to data processors.
Complete digital documentation of provenance and consent up to the deployment of AI solutions would be desirable. The application of blockchain technology generates an opportunity to overcome the unmet needs mentioned exemplary for a paper-based process of written consent.

Value Proposition and Prototype Options
The blockchain approach presented here aims to implement simple and secure management of sensitive written informed consent forms for clinical studies. Currently, the signed forms are usually only available in paper form; accordingly, the management of changes is time-consuming and limited, often even not possible. The proposal provides transaction logging on the blockchain to be based on e.g. Ocean Protocol (Ocean Protocol, 2019) and for information to be implemented in decentralized database systems, for example, BigChainDB, see Figure 2 for details.
For example, a change (for example, extending for participation in a further study) or even lifting of the WIC, as required by the laws, is currently associated with large manual expenditure (for example, in terms of identifying and obtaining stored paper consent forms, and later adopting changes, upon patient's verifiable re-consent).
In the future, we believe that the complex data flow and change management of a clinical trial will be able to be tracked using a blockchain system, and thereby much more easily accessed digitally, than it is today still mostly using paper. The core digital functionality, called 'smart contracts', is thus being investigated for how they can contribute to clinical trial events, by executing pre-defined service execution agreements (SEA) (Nugent 2016). From a global perspective, approaches such as the one presented here with a blockchain backend, should be able to help with reliability, safety, and transparency, and mark a consistent step towards greater reproducibility in the system, for which all parties are calling.

Potential Digital Business Models
Digital technologies offer the opportunity to synchronize information flow and value creation across all participants of a complex stakeholder network through the application of contemporary digital business models (Jung & Kraft, 2017). The conclusion is simple: instead of building many proprietary networks to track and/or manage written consent (or other elements of a clinical study), the information bottlenecks can be significantly reduced by applying a social machine that orchestrates a standardized (decentralized) digital infrastructure.
Digital business models provide a basis for organizing contracting, ordering, invoicing, or payment that are aimed at driving data accessibility to scale. This means that digital solutions not only strive to reduce the current costs of data gathering, storing, management and security, but also to increase benefits across the ecosystem through new digital business models for cross-network data access, which is permissioned to legitimate stakeholders. In addition, for our particular use case, there is a chance to leverage potential benefits of a distributed network without a single centre, by opening up additional markets for industry collaboration based on standardized consent management for clinical trials, complete with data sharing, network report, and analysis (Engels et al., 2017).
Platform companies are companies that offer digital services based on IoT technologies that are built with data-driven business models. It is also such an applied basis that we use to describe a blockchain-based solution for WICs in this paper.

System Architecture
Being digitally empowered fundamentally changes the way companies and organizations design and manage their business models and processes (Jung & Kraft, 2017). The proposed blockchain-based healthcare solution, in the following named D-CSCM (Decentralized Clinical Study Consent Management), contains a functional overview to: • create and manage consent documents, • store consent documents in a decentralized way, • log all views and changes of the database entries "onchain" (incl. modification of consent documents).
All of these steps are enabled by a user-friendly frontend application, where consent documents are created to

Hans H. Jung and Franz M.J. Pfister
follow consent templates. The latter are treated as data assets, whose transactions are handled by smart contracts. For technical implementation, the solution is designed to be built on top of the Ocean Protocol framework, which provides basic platform functionality, as well as easy interfaces to make the solution integrable with or together into other (decentralized) system frameworks. Therefore, we designed the D-CSCM to set a new digital ground for associated services, such as data provenance services, training dataset retrieval services, and others.
Ocean Protocol is a decentralized data exchange protocol that connects data providers and consumers, and allows data to be shared, while guaranteeing traceability, transparency, and establishing trust based on reputation and contribution for all stakeholders involved. It enables data owners to give value to and have control over their own data, yet without being locked-in to any single marketplace, beyond the ledger community for local WICs. Ocean Protocol provides a data-sharing framework and an ecosystem for data and related services, which can drive the WIC distributed ledger blockchain.
In the D-CSCM, we treat consent documents as a data asset (DA). The data asset contains (public) metainformation (which may not contain personally identifiable information [PII]) and (private) content information (which is stored in multiple data centres, containing pseudonymized PII). Meta-information, for instance, can include the DID (Decentralized Identifier) of the creator of the data asset, linked data assets, etc.
At the core of Ocean Protocol are Service Execution Agreements (SEA). SEAs are smart contracts that help data and service owners control how their data is being used. The SEA of the proposed framework includes functions for creating, sharing, changing, and deleting DAs. A marketplace framework is used for end-user interaction to create, modify, and delete database entries. All changes are logged "on-chain".
The system architecture is outlined in Figure 2.

Digital Mockup and Prototype
The solution proposed in this paper primarily functions as a digital storage and management method, in contrast to the current analog solution. The documents can be stored in a decentralized way (that is, in multiple computers or data centres), thus ensuring data privacy protection, with access granted as part of a distributed Blockchain-enabled Clinical Study Consent Management ledger network, which provides protection against loss or destruction of transaction documentation. A technical implementation that leverages blockchain technology offers additional protection in terms of creating an immutable archive of records. The so-called 'block' entries of data constitute part of a growing list of records, which using blockchain as a social machine logs every access, as well as every change of entries visible for all permissioned network participants. Data security according to the GDPR can thus, again we caution, at least in theory, be established by all instances in such a distributed, decentralized digital system.
The digital documentation is made secure with encryption and permission control ("detailed access control"), and thus can be trusted by patients, as well as by study organizers and data scientist. A change in consent (restrictions, withdrawal of consent) can be implemented by the corresponding design of smart contracts.
With blockchain systems, the ground-breaking innovation is that there is no longer a single point of failure over distributed peer-to-peer networks. Thus, the greatest possible network failure security and "fault tolerance" can be achieved. This is an essential requirement in the context of sensitive private patient data that cannot be reproduced.
Blockchain distributed ledger technologies have the potential to radically change business processes and models, even making new ones possible in the first place. Blockchain platforms allow many participants to be connected in a digital network, and for their interactions and processes to be mapped in a way that is extremely difficult, on a mathematical-informationalcomputing level, to manipulate. An essential difference with existing solutions is that each participant remains in control of their own data.
Instead of supporting a single transaction between a participant and an organizer of a clinical study, a distributed ledger system will enable the creation of a platform business model that includes consent provision and registration, consent management and verification, as well as E2E, P2P data sharing (Rantos et al., 2019). This approach aims to leverage informed Blockchain-enabled Clinical Study Consent Management consent from being a process result, to becoming a process enabler, and even into a multiple business and health value proposition (EBA, 2018). Figure 3 compares the current WIC practice with a smart contract platform incorporating blockchain technology.
Digital consent management is mission-critical for clinical studies in order to prepare them for major challenges. It provides one of the main keys to leveraging data-acquisition-as-a-service business models in healthcare. Regulations in the market so far have aimed at putting individuals in the driver seat to gain control over their personal or private data. Digital consent management thus needs to ensure the user's right to provide re-consent, or to change their consent, at anytime in the process, in order to allow legitimate parties access to clinical information that uses corresponding services.
To make it compliant to GDPR and future regulatory governance models currently in discussion like Artificial Intelligence Ethics (Die Bundesregierung, 2018;European Commission, 2018), it is necessary to organize the platform either with existing trusted parties in a clinical stakeholder system (see part 2.2 of this paper), or by using a neutral external platform provider, such as suggested above in Ocean Protocol.
The application of AI in clinical studies (Jiang et al., 2017;Prevedello et al., 2018) provides a valid scenario for smart contract informed consent (SCIC). We believe that the increasing availability of health data, together with the enhanced performance of AI tools leveraging deep learning algorithms, will trigger a paradigm shift both in theory and practise for clinical studies. This situation thus makes AI ethics into a priority for developing a digital platform using SCIC, and the need for establishing AI ethical codes and guidelines that are crucial success factors in this project more pressing. Principles like transparency, accountability, human autonomy, and wellbeing, as well as beneficence, need to be applied in new healthcare applications.

Challenges and Limitations
The authors are well aware of and sensitive to some of the associated challenges and limitations in the proposed D-CSCM. One issue is agreeing to a definition of "smart contracts" in such a way that all stakeholders deem them as being appropriate. Whereas resistance from stakeholders might lead to a major bottleneck, this could nevertheless be solved by diverse expert groups and community or network leaders working together.
Storing data associated with patient data on a public blockchain often raises major privacy concerns, by definition. However, it needs noting that the consent information patients provide, and the clinical data itself, won't be stored on the blockchain. Rather it is stored 'off-chain' in decentralized databases. The blockchain simply stores the encrypted proof of a transaction, that is, to confirm such consent action has taken place. Only through the valid execution of a smart contract, to which users will have a private access key, can the link between the actual consent and clinical data be revealed. The method of storing data in a decentralized way, serves to strengthen the data security properties of the proposed solution.
Another challenge is associated with future access to consent already given by a patient. This requires a digital identity service (on top of a user interface), that links the real identity of a person to their consent information. Whatever technical solution is proposed for this might introduce a data privacy risk. Therefore, the mechanism needs to be discussed, along with which entity will be entitled and responsible to host such a digital identity service (which might be a centralized, trusted party). In addition, part of the consent template should either cover the aspect that links consent to a real person, either as a prerequisite for future consent modifications, or to restrict future consent modifications.
A technical limitation of the proposed solution might be the hosting of nodes that run the decentralized network, especially in the early phases. This can be overcome as a community effort by incentivizing various stakeholders to provide network capacity for the benefit of the entire ecosystem.

Conclusion and Outlook
Based on a digital transformation approach, the authors have proposed a new digital solution for WIC storage and management. We demonstrate how blockchain is technically applicable for this healthcare use case. We believe it can be implemented to allow WIC data that is managed in a more transparent and fail-safe manner, via P2P networks, through decentralized storage with permission validation. This approach in principle would eliminate much of the overall need for trust involved in WIC processing, which is usually created by intermediaries in use cases with multiple and not necessarily known actors. By eliminating the less productive or efficient intermediaries, we believe a level of higher efficiency in terms of time and costs can be achieved.
After presenting a basic classification of the technology and showing current developments, we laid clear foundations for the use case 'WIC for clinical studies'. The research applied several frameworks to define a basic understanding of the data-based business model and the functionality of blockchain technology. We therefore propose building, testing and implementing this system for patients and scientists, through incremental development with local clinics and already existing patient networks. Based on this, we plan to create a proof of concept and to test the strengths and weaknesses of a blockchain-based WIC platform, in order to evaluate its potential, setting a foundation for ethical and scalable health AI applications.