Patient Data Consent Contract

What it does:
Allows patients to grant, revoke, and manage consent for accessing their medical data in a transparent and auditable way using blockchain.

Why it matters:
Gives patients true ownership and control over their health data, reduces unauthorized access, and ensures compliance with privacy regulations through immutable consent records.

How it works:

  • Each patient controls consent via their wallet address

  • Healthcare providers request access to patient data

  • Patients grant or deny consent on-chain

  • Consent includes scope and expiration time

  • Patients can revoke consent at any time

  • All access permissions are publicly auditable (without exposing data)

      // SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;

/**
 * @title PatientDataConsent
 * @author Nam
 * @notice On-chain consent management for patient medical data
 */
contract PatientDataConsent {

    // -------------------- CONSENT STRUCT --------------------

    struct Consent {
        bool granted;
        uint256 expiry;
    }

    // -------------------- STORAGE --------------------

    // patient => provider => consent
    mapping(address => mapping(address => Consent)) public consents;

    // -------------------- EVENTS --------------------

    event ConsentGranted(
        address indexed patient,
        address indexed provider,
        uint256 expiry
    );
    event ConsentRevoked(
        address indexed patient,
        address indexed provider
    );

    // -------------------- MODIFIERS --------------------

    modifier onlyPatient(address _patient) {
        require(msg.sender == _patient, "Not patient");
        _;
    }

    // -------------------- CONSENT LOGIC --------------------

    /**
     * @notice Grant consent to a healthcare provider
     * @param _provider Healthcare provider address
     * @param _duration Consent duration in seconds
     */
    function grantConsent(
        address _provider,
        uint256 _duration
    )
        external
        onlyPatient(msg.sender)
    {
        require(_provider != address(0), "Invalid provider");
        require(_duration > 0, "Invalid duration");

        consents[msg.sender][_provider] = Consent({
            granted: true,
            expiry: block.timestamp + _duration
        });

        emit ConsentGranted(
            msg.sender,
            _provider,
            block.timestamp + _duration
        );
    }

    /**
     * @notice Revoke consent from a healthcare provider
     */
    function revokeConsent(address _provider)
        external
        onlyPatient(msg.sender)
    {
        Consent storage consent = consents[msg.sender][_provider];
        require(consent.granted, "Consent not active");

        consent.granted = false;
        consent.expiry = 0;

        emit ConsentRevoked(msg.sender, _provider);
    }

    // -------------------- VIEW FUNCTIONS --------------------

    /**
     * @notice Check if provider has valid consent
     */
    function hasValidConsent(
        address _patient,
        address _provider
    )
        external
        view
        returns (bool)
    {
        Consent memory consent = consents[_patient][_provider];
        return consent.granted && block.timestamp <= consent.expiry;
    }
}