Blockchain Development Services in Healthcare for Clinical Trials: Consent, Integrity, and Reporting

Clinical trials are rapidly moving towards more decentralized and tech-friendly approaches. Hey there! In this post, we’re going to help decision-makers figure out how to create and launch some awesome blockchain-based features. We're talking about things like eConsent, ensuring complete data integrity, and providing clear reporting--all designed to keep up with the regulatory updates that are rolling out in 2024 and 2025.
We'll also go over some handy tips for putting things into practice and point out some common mistakes to avoid along the way. For more info, be sure to swing by the FDA's official website: fda.gov. You'll find all the latest updates there!

Summary (description)

The FDA has just wrapped up their guidance on decentralized clinical trial elements, and it’s all ready to roll out in 2024! In the meantime, the ICH E6(R3) guidelines are set to launch in the EU in July 2025. Plus, ONC’s HTI-1 is really shaking things up in the world of health IT interoperability. With all these changes happening, we're really looking at an awesome chance to introduce some solid features like verifiable consent, secure tracking of data, and clear reporting for trials. We can make the most of permissioned blockchain, verifiable credentials, HL7 FHIR, and trustworthy off-chain storage to get there. It’s an exciting time to push these innovations forward! For more info, feel free to check it out here: (fda.gov).

---

Why now: what changed in 2024-2025 that matters for your build

So, the FDA just released their final guidance on “Conducting Clinical Trials with Decentralized Elements” on September 17, 2024. Pretty exciting stuff! This step really boosts the use of remote activities and digital health technologies (DHTs). It also clearly defines what sponsors and investigators are responsible for. On top of that, it really paves the way for some cool possibilities when it comes to digital consent and gathering data remotely. And the best part? You can beef up those processes with some solid cryptographic techniques to keep everything secure. Feel free to take a look at it here. It’s worth checking out!

So, back in January 2025, the ICH E6(R3) Principles and Annex 1 were officially wrapped up. They’re scheduled to roll out across the EU on July 23, 2025, so mark your calendars! Hey there! Just a heads up, Annex 2 is coming your way later this year. It’s all about decentralized and pragmatic trials, plus real-world data. Stay tuned! R3 really focuses on making sure that quality aligns with the level of risk involved. They prioritize solid data governance and have validated computerized systems, which makes them a great fit for integrating on-chain provenance and signature trails. If you want to dive deeper into this topic, check out thefdalawblog.com. They’ve got some great info!

The ONC's final rule on HTI-1, set to kick off in 2024 and run through 2029, is really focused on enhancing FHIR API requirements. It's all about making decision support more transparent and encouraging everyone to get on board with USCDI adoption. Make sure you pay attention to those compliance deadlines stretching all the way through 2026 and beyond. It's super important that your blockchain workflows meet the latest FHIR and API security standards. Trust me, staying on top of this will save you a lot of headaches down the road! If you're looking for more details, check this out here. It should have everything you need!

Hey there! Just a heads up--the TEFCA national exchange is officially up and running, and it’s growing really fast! By the middle to the end of 2025, we’re looking at a massive exchange of documents--think millions of them--happening between more than 9,000 organizations through 10 QHINs. It’s going to be quite the network! This really simplifies the process of linking trial data to different care settings. Plus, it ensures that we're always keeping consent and audit policies in check by using verifiable credentials and FHIR. If you want to dive deeper into this topic, you can check it out here. It's definitely worth a read!

In June 2024, the EU decided to step up the transparency rules for clinical trials by making some updates to the Clinical Trials Information System (CTIS). Then, in 2025, ClinicalTrials.gov gave its Protocol Registration System (PRS) and FHIR export features a much-needed refresh. Pretty exciting changes, right? This ramp-up is really stepping up the game for quick, top-notch, and organized reporting. With your chain-anchored workflows, you'll be able to automate a lot of this process, making it way smoother. If you're interested, you can find all the details right here. It's worth a look!

At the end of the day, what really matters is that you can-- and honestly, you should-- build blockchain components that fit your unique needs when it comes to consent, tracking the origin of data, and meeting any reporting requirements. Instead of forcing yourself into a generic “one-size-fits-all” distributed ledger model for every situation, tailor it to what you actually need.

---

Use case 1 -- eConsent that’s verifiable, revocable, and comprehensible

What Regulators Expect:

So, the FDA and OHRP have come up with some really important guidelines about electronic informed consent (eIC) and how to share that “Key Information.” Hey, just a quick reminder that Part 11 still covers all those electronic records and signatures. When you're creating your content, it's a good idea to think about layering it so that it's simple and easy to grasp. Also, make sure to keep an eye on the different versions you have. And don’t forget about getting some IRB oversight involved in the process! If you want to dive deeper into this, just take a look at the guidance over here: (fda.gov). It's got all the info you need!

Hey there! So, if you're looking into strengthening your digital identity setup, check out NIST’s 2025 Digital Identity Guidelines (SP 800‑63‑4). They’ve got some great info on creating phishing-resistant authentication, letting users control their wallets, and rolling out verifiable credentials at different levels of assurance. The best part? You won’t be stuck using only one tech stack, so you’ve got flexibility to choose what works best for you! Sure thing! If you want to get into the nitty-gritty, check this out: (pages.nist.gov). It's got all the details you need!

What Participants Respond To:

Hey, so here’s the scoop: research shows that using video-assisted or interactive eConsent makes a big difference. It helps people really grasp what’s going on, feel more satisfied, and just improves the overall quality of the consent process way more than those boring old static PDFs. Pretty cool, right? It's really about crafting a multimedia experience, right? We're shifting our focus towards teaching, giving feedback, and checking comprehension rather than just tossing an e-signature on a PDF and calling it a day. (pubmed.ncbi.nlm.nih.gov).

Design pattern that works in practice:

1. Identity and credentials First things first, you'll want to check the identities of both the participants and investigators. Make sure you do this using identity proofing that's in line with NIST 800‑63‑4 standards. Next, go ahead and issue some W3C Verifiable Credentials (VCs) for the roles of “Participant” and “Investigator.” To keep things running smoothly, we’re just going to store the credential metadata and revocation registries on the blockchain. If you want to dive deeper into this topic, just click here to get all the details!

Consent as Typed Data + FHIR

Alright, so let’s talk about consent in the world of healthcare data and how it connects to FHIR. Basically, when we say "consent as typed data," we're talking about how patient preferences and permissions are recorded in a clear, standardized format. This helps ensure that everyone's on the same page when it comes to sharing and using health information.

Now, FHIR (which stands for Fast Healthcare Interoperability Resources) plays a big role here. It’s a modern framework that makes it easier for different healthcare systems to communicate and share data seamlessly. By using FHIR to manage consent, we can better protect patient rights while also ensuring that the necessary information flows smoothly between providers.

So, in a nutshell, tying consent to typed data using FHIR is all about making healthcare more efficient and respectful of patient choices. It’s a win-win! Alright, let’s break this agreement down a bit. First off, we should come up with a user-friendly layered interface that people can easily navigate. Next, we need to create a model that machines can understand using FHIR Consent. This will help clarify the policy and the specific data that’s involved. Lastly, we’ll use a typed message that we sign off the blockchain (thanks to EIP‑712), so we can keep Protected Health Information (PHI) secure and away from the chain. Sounds good? We'll create a hash of the exact text or video manifest and then save that hash on the blockchain for a bit of extra security. Take a look at this link: build.fhir.org. It’s worth checking out!

1. Verifiability and revocation Hey, let's go with a permissioned chain for timestamping and VC revocation lists. Sounds good? This approach lets us incorporate ETSI-compliant signature containers and timestamp tokens. This means we can keep things valid for the long haul, even if we have to switch up our cryptography down the line. If you want to dive deeper into that, you can find more information here. It’s definitely worth checking out!

Keeping Things in Check at the Data Edge

• To wrap things up, we'll be putting the IHE Privacy Consent on FHIR (PCF) profile into action to handle consent. This takes FHIR Consent and turns it into OAuth2/SMART scopes and access control, ensuring that any systems down the line really stick to what the participant agreed to. If you're looking for more info, just check out github.com. You'll find everything you need there!

Here’s a straightforward EIP-712 payload you could use for consent attestation, and it doesn’t include any personal health information (PHI). It might look something like this:

{
  "types": {
    "EIP712Domain": [
      {"name":"name","type":"string"},
      {"name":"version","type":"string"},
      {"name":"chainId","type":"uint256"}
    ],
    "ConsentAttestation": [
      {"name":"researchStudyId","type":"string"},
      {"name":"consentVersion","type":"string"},
      {"name":"fhirConsentReference","type":"string"},
      {"name":"contentDigest","type":"bytes32"},
      {"name":"validFrom","type":"uint256"},
      {"name":"validUntil","type":"uint256"},
      {"name":"grants","type":"string"}
    ]
  },
  "primaryType":"ConsentAttestation",
  "domain":{"name":"TrialConsent","version":"1","chainId":1337},
  "message":{
    "researchStudyId":"NCT01234567",
    "consentVersion":"v3.2-2025-07-20",
    "fhirConsentReference":"Consent/abc123",
    "contentDigest":"0x...",
    "validFrom":1731715200,
    "validUntil":1763251200,
    "grants":"share:RWD,notify:AEs"
  }
}

The participant's wallet handles all the signing for them. By adding this signature and the VC proof, we can make sure that there's no denying who did what. Plus, it gives us the flexibility to share just what we need to, all while keeping personal health information safely off the blockchain. If you want to dive deeper into it, you can check it out here.

Practical Guardrails

So, here's the deal: keep all your cool media files off the blockchain. Then, just hash each one of those assets and pop that manifest hash right into the signed payload. Simple as that! Just a quick reminder: stick with the FHIR Consent as your main record. You’ll want to use the chain just for handling proofs and revocations. It keeps things nice and tidy! Check it out here.

To make sure you're getting proper feedback on your user experience, it's a good idea to collaborate with Institutional Review Boards (IRBs) and stick to the FDA/OHRP’s “key information” guidelines. These guidelines will help you keep everything on the right track. When you're working on stuff, it’s really important to think about a few key things. First off, make sure to include comprehension checks--these help everyone understand better. Also, try to keep the language simple and clear; nobody wants to be stumbling over complicated words! And don’t forget about offering bilingual content if you can; it shows you care and helps a wider audience connect with what you’re sharing. If you're interested in diving deeper into the topic, you can check it out here.

---

Use case 2 -- Data integrity and provenance across the trial lifecycle

What Auditors Look For

• ALCOA+ is basically the ultimate benchmark for reliable data: It’s an acronym that stands for Attributable, Legible, Contemporaneous, Original, Accurate, and then you’ve got Complete, Consistent, Enduring, and Available. It's all about making sure your data is top-notch! It's really important to link each of these properties to a specific technical control. If you're looking for more info, just click here!
• Advice from ICH E6(R3) and the FDA: They emphasize how crucial it is to have validated computer systems, keep a solid chain-of-custody, and utilize remote data capture. This is where cryptographic provenance really comes into play and shows its true value. Check it out here.

Architecture That Stands Up in Inspections

• Utilize HL7 FHIR Provenance for all key events, such as when data gets created, changed, signed, or transformed. It's really important to keep track of these moments! This process includes adding digital signatures that follow FHIR’s Signature guidelines and linking the event hash to the blockchain. Why is that important? Well, it lets anyone who's reviewing the work double-check those hashes and verify the signatures on their own. It's all about making sure everything stays transparent and trustworthy! Check it out here.
• Put in place ETSI AdES signature and timestamp policies so we can ensure long-term validation. Picture this: you're using LTV signatures and time-stamp tokens. This way, your evidence remains solid and verifiable no matter if you switch up your keys or decide to phase out certain algorithms. It's all about keeping that trust intact! Check out the standards and explore more details right here. You might find some really interesting info!
• Go for off-chain storage to better protect your PHI from being stored on-chain. It's a smart move to keep things secure! Consider using encrypted storage solutions like S3, GCS, or Blob, or you might want to check out IPFS/Filecoin. Just make sure to have some solid pinning and preservation service-level agreements (SLAs) in place to keep everything secure and accessible! Make sure to record just the content-addressable CIDs or hashes on the blockchain. If you decide to go with IPFS, keep an eye on availability by using verifiable pinning clusters. It's a smart way to make sure your data stays accessible! If you're looking for more details, just check this out here.
• When it comes to sensitive analytics, trust the execution: If you're handling potentially sensitive info like PHI outside your usual setup--like during adjudication or signal detection--make sure you're using Trusted Execution Environments (TEEs) that offer remote attestation. A good example of this would be Intel SGX DCAP. This really shows that your code and data isolation are solid, and it makes sense to keep the attestation evidence hashes stored on-chain. Learn more here.

Minimal Event Model

• On-chain: You’ve got the proof hash, event type, timestamp, signer DID, and a pointer to the VC status list.
• Off-chain: You've got the complete FHIR bundle, which includes both the Provenance and resource details. Don't forget about the signature object, TSP timestamp receipts, and if it's necessary, the TEE attestation bundle as well. (hl7.org).

Performance and Scale

• Think about checking out a permissioned network like Hyperledger Fabric 2. It might be worth your time! You know, you could go with 5 LTS or maybe v3 BFT ordering. Another option could be combining Besu or Quorum with Tessera for those private payloads. Just something to think about! With this approach, you can really lock in on membership, privacy, and throughput. (toc.hyperledger.org).

Hey there! Just a little tip: it’s better to keep those blocks smaller. Instead of flooding the chain with every single device reading, consider batching the event digests--kind of like Merkle roots--every N minutes. It’s a more efficient way to handle things! Make the most of side channels for IoT devices to boost their data rates, and don’t forget to sprinkle in some periodic proofs to support everything. (arxiv.org).

---

Use case 3 -- Reporting and transparency you can automate

Hey, have you heard about the exciting changes coming to ClinicalTrials.gov in 2025? It’s really going to shake things up! They’re ramping up the PRS and FHIR export, which is awesome. Plus, the World Health Organization is now emphasizing that summary results need to be shared within a year after the main trial is done. Exciting times ahead! On top of that, smart contracts can really help keep everything running smoothly. They can check event timestamps and even send out alerts if results don’t make it to the PRS or a journal. It’s like having an extra set of eyes to make sure nothing slips through the cracks! If you're curious to dive deeper into it, just check out the details here. Happy exploring!

Alright, so when you’re diving into mapping those reporting artifacts, be sure to check out the FHIR R6 resources. They’ve got some useful ones like ResearchStudy for your registry records, AdverseEvent to keep track of safety info, and Evidence/EvidenceVariable for summarizing everything. One really effective way to handle this is by creating a pipeline that signs and anchors hashes every time there's a change in the records. Then, you can easily share that information with registries using an API. It's a smooth process that keeps everything in sync! If you're curious and want to dive deeper, you can find more details right here.

Hey there! Just a quick reminder to link your trial network to the care ecosystem. That TEFCA/QHIN connection is super important for fetching EHR data. Just remember to use consent-aware requests and keep those digests on-chain. You got this! If you’re looking for more info, just check it out here. It's got everything you need!

KPI Ideas That Matter to Regulators and Ops

Let’s dive into some key performance indicators (KPIs) that really click with both regulators and the operations team:

• eConsent Comprehension Rate: Let’s see how well users really understand things! We can gauge their comprehension by taking a look at their knowledge before and after they dive into those interactive modules. Don't forget to keep an eye on how long it usually takes to get consent, how long it takes if someone wants to withdraw their consent, and the time it takes for that revocation to actually take effect.
• Provenance Coverage: Check out the percentage of important data elements that come with signed FHIR Provenance. Make sure to keep an eye on how well the signature verification is doing, and don’t forget to check in on the success of LTV signature re-validation whenever you do a key rotation. It’s important stuff!
• Reporting SLAs: Just a quick reminder to keep an eye on the time between when the database locks up and when the registry results go live. It's an important step! And don't forget to watch out for audit drift. That’s basically when you notice differences between the results that are posted and the approved analysis package summaries. It’s good to keep tabs on that!

If you want to dive deeper into this topic, feel free to take a look at this link. It’s got some good info for you!

---

Real implementations and what they teach

• Triall and Mayo Clinic: These two are joining forces to develop a pretty exciting eClinical platform that’s integrated with blockchain technology. This platform ensures that the data is reliable and trustworthy for a multicenter trial that's all about pulmonary arterial hypertension (PAH). We're talking about 10 different sites and more than 500 patients involved in this important research! It includes eConsent and has a solid audit trail because of their "Verifiable Proof API." So, here’s the gist: You can start using hash-anchored auditability right away, and the best part? You don’t have to worry about handling any personal health information (PHI) on the blockchain. Pretty neat, right? (read more here).
• PharmaLedger Association: They've got some really cool things happening with their active xLab projects. They're diving into areas like eConsent and decentralized trials, using verifiable credentials and decentralized identifiers (DIDs). Super interesting stuff! Their ePI solution shows how you can share regulated content using a blockchain resolver while keeping patient information completely private. So, what’s the takeaway? When it comes to decentralized identity and keeping content authentic, you can totally expand your reach worldwide without needing to keep user data on the blockchain. Pretty neat, right? (check it out).

---

How to pick a stack (2025 buyer’s guide)

• Network layer Alright, let’s talk about your network layer--specifically Hyperledger Fabric version 2. The 5 LTS / v3 BFT is definitely a great option! It provides tight control over permissions, keeps channels under wraps, and is perfect for businesses. On top of that, it boasts a solid ecosystem and some pretty interesting success stories when it comes to Part 11 validation. Check it out here. If you’re really into EVM compatibility--like, if you're thinking about VCs and using EIP-712 tools--then you might want to consider going with Besu or Quorum, plus Tessera. It could be a great fit for what you’re after! You’ll get the chance to manage private transactions and utilize hardware-backed keys. If you want to dive deeper into this topic, you can check out more details here.
• Identity and consent When it comes to identity and consent, you might want to check out W3C VC 2. It's got some solid options! 0 for credentials. IHE Privacy Consent on FHIR is pretty cool because it helps you turn FHIR Consent into actual OAuth scopes that you can enforce. On the other hand, NIST 800-63-4 dives into the nitty-gritty of proofing and federation controls, giving you solid guidelines to work with. If you want to get into the nitty-gritty, you can check it out here. Hey, just a quick reminder--make sure to include EIP‑712 in your wallet and app setups. It really helps create a smoother, more user-friendly experience for signing consent, and it’s super important for making it easy for folks to verify things themselves. Just a quick reminder to keep that PHI off-chain! If you want to dive deeper into EIP-712, you can check it out here. Happy reading!
• Provenance and signatures When it comes to provenance, it's a good idea to pair FHIR Provenance with digital signatures. They'll work together nicely to keep everything secure and trustworthy! ETSI time-stamps and signature validation can really be useful for providing Long-Term Validity (LTV) evidence. If you want the details, just click here.
• Off‑chain storage If you're looking into off-chain storage options, definitely consider using encrypted cloud object storage for handling PHI. It’s a smart choice! If you're up for something a little different, you might want to check out IPFS/Filecoin! They offer a cool way to manage your content through content-addressable artifacts, plus you can verify that things are pinned and preserved just the way you want. It's definitely worth a look if you're feeling adventurous! Hey, just remember to make sure you’ve got those pinning and retrieval SLAs locked in contractually. And let’s stick to keeping just the hashes and CIDs on the chain, alright? If you're looking for more info, check it out here. There’s plenty of great insights waiting for you!
• Confidential compute Finally, when it comes to confidential computing, don't forget to check out TEEs that offer remote attestation--things like Intel SGX DCAP or some managed attestation services. They can really make a difference! They'll assist you in showing where your analytics were conducted and how they were processed. If you're looking for more info, you can check it out here.

---

Implementation blueprint (what we deliver in a 12-16 week engagement)

Phase 0 -- Compliance Framing (2 Weeks)

First things first, let’s get everything down on paper about protocols, consent, and what you need to report. This will help us see the big picture! So, this covers the ICH E6(R3), the final guidelines from the FDA on Decentralized Clinical Trials (DCT), the Part 11 regulations, and what the site IRB is looking for. Let's sort out what needs to be on-chain and what can hang out off-chain. If you want to dive deeper into this topic, feel free to click on this link: thefdalawblog.com. It’s a great resource!

Phase 1 -- Consent MVP (4-6 weeks)

• Design a user-friendly eConsent interface that features multiple layers and includes checks to ensure users understand the information. After you've successfully verified someone's identity, go ahead and issue those verifiable credentials (VCs) and sign the EIP-712 consent payload. Next up, you’ll want to mint a revocation entry on a private chain. And don’t forget to save the FHIR Consent and Provenance bundle along with the timestamps. It’s important to have everything documented! If you want to dive deeper into this topic, feel free to visit hhs.gov. There's plenty of useful info waiting for you there!

Phase 2 -- Data Integrity Spine (4-6 Weeks)

Let's kick off the rollout of those event gateways that will create signed FHIR Provenance for EDC/ePRO uploads. We'll be batching the hashing and connecting it to the chain every 5 to 10 minutes. And just to make things even more secure, we'll add in some ETSI LTV signatures. Let’s set up attested compute for those safety signal scripts. If you want to dive deeper into this, head over to hl7.org for more info!

Phase 3 -- Reporting Automation (2-4 Weeks)

Alright, so here’s the plan: let’s link those database lock packages to the FHIR ResearchStudy and Evidence bundles. We’ll hash-anchor them and then send them over to PRS and the registries. Don’t forget to keep track of those WHO 12-month clocks--time flies, right? And as those deadlines get closer, we’ll set up some on-chain alarms to keep us on our toes! (who.int).

So, what we need to provide includes a bunch of validation packages that follow Part 11 guidelines, some standard operating procedures (you might know them as SOPs), a threat model, and UX proof of consent that’s all set for the IRB.

---

Emerging best practices we recommend in 2025

Consider eConsent as something beyond just a PDF. It's really about treating it like valuable data and solid evidence. Make the most of Verifiable Credentials (VCs) to confirm roles such as guardian or legally authorized representative (LAR). Plus, don't forget to use EIP-712 for signed, typed consent records that tie in nicely with FHIR Consent. Hey, take a look at the details right here! You’ll find all the info you need.

Make sure to stay on top of your cryptographic proofs for everything that really matters, but remember to keep any Protected Health Information (PHI) stored off the chain. Make use of FHIR Provenance along with ETSI time-stamps, and just keep the key details: the hash, the timestamp, and the signer's info. No need to overcomplicate things! Check out all the details here. There's a lot to unpack!

Think about the future when designing: make sure your signatures and timestamps can still be checked even after algorithms change down the line. When you kick off your project, don’t forget to think about how you'll handle re-signing and archival policies from the get-go. It’s a good idea to have a plan in place early on! If you want to dive deeper into this topic, check it out here.

Make the most of TEFCA and HTI-1 by connecting your systems with FHIR APIs. This way, you'll ensure a seamless transfer of data. Plus, don’t forget to enforce consent right at the edge with PCF. It's all about optimizing your setup! If you're looking for more details, you can check it out here. There's a lot of great information waiting for you!

• Keep in mind what regulators really care about. They’re looking at stuff like how well you understand the information, how complete it is, whether you’ve got all the necessary details about where it comes from, and how quickly you’re getting your reports out there. Make sure to build dashboards that can be easily checked against events anchored in the chain. It’s important that they’re set up for reliable audits! If you’re looking to dive deeper into this topic, feel free to check it out here. Happy reading!

---

Common pitfalls (and fixes)

• Let's not throw PHI on the blockchain just because we want to be transparent. It's important to think this through! Let's keep things off-chain and just toss on some hashed proofs when we need to go on-chain. It's really important to set up your access controls with policies that are aware of consent and use verifiable credentials. This way, you can ensure that everyone’s on the same page and that the right people have access to the right information. (github.com).

Let’s be real--using static eConsent can be pretty tedious, and honestly, the user experience isn’t all that great. Give multi-modal content and teaching methods a shot! They can really make a difference in helping people grasp concepts more clearly and reduce misunderstandings. (pubmed.ncbi.nlm.nih.gov).

Make sure you keep an eye on how long that signature is valid for! It's a good idea to use ETSI LTV time-stamps and consider re-sealing your data from time to time. (standards.globalspec.com).

Let’s get specific about identity and not beat around the bush. Make sure to follow NIST 800-63-4 guidelines. Also, don’t forget to implement passkeys and create processes that help keep phishing attempts at bay. Oh, and don’t forget to add support for proxies and guardians who have their own unique verifiable credentials. (pages.nist.gov).

---

Brief, in‑depth example: a verifiable adverse event (AE) report

So, whenever there's an adverse event (AE) on-site, we make sure to log it into the electronic health record (EHR). From there, it gets exported as a FHIR AdverseEvent resource, and we also include a linked Observation for good measure. To make sure everything's above board, a FHIR Provenance bundle goes ahead and digitally signs the adverse event (AE) using the investigator’s credentials. Then, the hash of that bundle is added to the consortium chain. If you want to dive deeper into it, feel free to click here for more details!

So, while all that’s going on, the safety team dives into the Trusted Execution Environment (TEE) to handle everything. They make it a point to gather and document attestation evidence and secure its digest. Whenever a serious or unexpected AE pops up, the system springs into action and automatically gets the regulatory package ready.
When it comes to submissions for ClinicalTrials.gov and EudraVigilance, it gathers all the info from that signed bundle. Plus, it uses these unchangeable hashes to show exactly what was sent and when. It’s a smart way to keep everything clear and verified! If you're looking to explore this topic further, just click here!

So, the cool outcome here is that regulators get to independently verify when the data was collected and if it’s legit. Meanwhile, sponsors have a clear view of which consent scope made it possible to use that data. Pretty neat, right?

---

What success looks like

We've got this fantastic IRB-approved eConsent system that’s super user-friendly! Participants can easily understand everything, and they also have the option to revoke their consent on the spot, all while keeping things transparent with clear tracking. Every important piece of data we handle is backed by signed FHIR Provenance and ETSI time-stamps. This means we’re always set for quick inspections whenever they come up! No more worrying about missing reporting deadlines! Thanks to our internal smart contracts, we’ve got everything running smoothly. They send out reminders and escalate things as needed, all while keeping an eye on the timelines set by the WHO, FDA, and PRS.
(who.int).

---

Ready to execute

7Block Labs: Your Go-To for Regulatory Compliance in 2025

At 7Block Labs, we're really focused on building frameworks for consent, integrity, and reporting that are designed just right for the regulatory changes coming in 2025. So, in our toolkit, we've got a little bit of everything! We've got permissioned ledgers, VCs and DIDs, FHIR, TEEs, and some solid verifiable off-chain storage too. It's like a Swiss Army knife for all our needs!

Hey there! If you're getting ready for a DCT or thinking about sprucing up your platform, I’ve got some great news for you. We can help you launch a compliant, easy-to-check MVP in just 12 to 16 weeks! Plus, we’ll provide you with a clear plan for scaling things up later on. Sounds good, right?

Key References for Major Updates and Standards

Hey there! Just wanted to give you a quick heads-up on some important updates and standards you should keep in mind:

• FDA’s Final Guidance on DCT (2024): If you want to dive deeper into this topic, check it out here.
• ICH E6(R3): Just a heads up, this is set to kick in across the EU on July 23, 2025.
• HTI‑1 Timelines: Don’t forget to mark these dates on your calendar!
• TEFCA Expansion: We'll keep you posted as things develop!
• WHO 12-Month Results Standard: This is super important for keeping our reporting consistent.
• ClinicalTrials.gov is Getting a Makeover: Exciting updates are rolling out soon for this important resource!
• **W3C VC 2. Hey, guess what? There’s a new version coming soon!
• NIST SP 800‑63‑4: Hey, security standards are changing and keeping up with the times.
• HL7 FHIR Consent/Provenance: Changes in how healthcare data is managed.
• ETSI Signature/Timestamp Policies: These are important when it comes to digital signatures.
• Real Deployments: Take a look at what's going on with Mayo Clinic, Triall, and PharmaLedger. There's some exciting stuff happening there!

It's super important to keep up with these updates!

---