MENU menu

Knowledge Center

Updates for SaMD using Blockchain


On 9th February 2022

The EU Blockchain Observatory and Forum presented a thematic report, “Blockchain Applications in the Healthcare Sector”.


The report

  • provides an overview of challenges in the healthcare industry, blockchain applications for healthcare data and transparency
  • presents blockchain applications for pharmaceutical and healthcare supply chain and Blockchain in medical credentialing,
  • includes experts’ opinion on opportunities and challenges
  • discusses the role of Blockchain in COVID-19 pandemic management
  • explores regulatory, privacy and ethical implications, including health data accuracy as well as regulatory and ethical considerations
  • gives a practical overview of what the future holds, through the presentation of relevant use cases
  • explains the challenges and future prospects while it discusses relevant policy recommendations.


This report highlights some essential points for the manufacturers, and regulatory is one of the discussed elements.

The paramount regulatory considerations for Blockchain in healthcare involve interpretations and uncertainties regarding the degree to which blockchain technologies can meet the letter and spirit of GDPR.

GDPR is designed to protect EU residents’ personal data, and blockchain technology brings the potential of participatory governance to balance transparency and security, which aligns with GDPR’s focus on data management. GDPR’s privacy objective would also be aligned with core principles of healthcare, as health information is categorised as “sensitive personal data” subjected to higher levels of protection. Blockchain technologies feature mechanisms that can ensure secure transmissions and data encryption to safeguard patients’ rights to privacy.


Technological innovations and the global distribution of blockchain nodes have created new uncertainties for protecting and sharing health information. First, GDPR grants individuals the right to have data amended and the right to be forgotten. Therefore, it is uncertain the degree to which health information must be deleted from a practically immutable blockchain ledger. This will remain a topic of exploration. Our experts at Med-Di-Dia are here to support all the regulatory requirements in the MedTech space and be your regulatory risk partners for medical devices, diagnostics and digital health.


The report further highlights the lack of clarity from the European Union regarding data deletion and technology used for the same on Blockchain. It is unknown whether the introduction of blockchain would change healthcare organisations’ data-sharing approaches. In addition, while Blockchain-based transparency is promoted as a method for increasing trust, there are stringent GDPR limitations about the nature and levels of access to personal data because the healthcare industry and its data-sharing policy remain a topic of discussion.

On one side, where Blockchain talks about data sharing, the healthcare sector will be reluctant to share their data as it is personal data protected by GDPR. The report mentions an example where Centro Hospitalar Barreiro Montijo in Portugal was fined EUR 400,000 for GDPR violations related to insufficient access controls and inadequate protections for the confidentiality of health information. EU Blockchain Observatory and Forum believes that it may be more feasible to track ‘access to health’ information giving an example of the Estonian eHealth Foundation applies a layer of Blockchain to track and facilitate access permissions for health data stored in the electronic health record system. Compliance staff periodically view the audit trail to ensure that access was legitimate and limited to authorised healthcare personnel.


The committee generating this report is aware that EU authorities have been alerted to confusion surrounding the interpretations of GDPR and Blockchain and that there have been calls for revisions to GDPR. Specifically, the European Economic and Social Committee (2019) acknowledged that GDPR was drafted when blockchain technologies were largely unknown, and GDPR must be periodically reviewed with consideration of emerging technologies and data risk.


In conclusion of regulatory requirements, the report mentions that The European Commission is advised that outdated privacy regulations could hinder the adoption and acceptance of blockchain technologies for healthcare (Allen et al., 2020). In addition, legislators and regulators have a critical role in encouraging blockchain healthcare innovations in the EU and will enable progress with more explicit direction.


Why should regulation hold back your innovation?

Our experts are here to cut through the maze and navigate the regulatory affairs with you!

We are here to be your regulatory risk partners for Medical Devices, Diagnostics and Digital Health.

Contact our experts by sending an email at

View the report here