Blockchain is best known for keeping cryptocurrency transactions safe, but what about using blockchain for securing medical-related data? Could blockchain help to enhance healthcare data security?
The use of blockchain for medical records is still in its infancy, but there are clear security benefits that could help to reduce healthcare data breaches while making it far easier for health data to be shared between providers and accessed by patients.
At present, the manner in which health records are stored and shared leaves much to be desired. The system is not efficient, there are many roadblocks that stopthe sharing of data and patients’ health data is not always stored by one healthcare provider – instead a patients’ full health histories are broken up and spread across multiple providers’ systems.
Not only does this make it difficult for health data to be joined together, it also leaves data vulnerable to being stolen. When data is split between multiple providers and their business associates, there is considerable possibility for a breach to occur. The Health Insurance Portability and Accountability Act (HIPAA) requires all HIPAA covered groups and their business associates to put in place technical safeguards to ensure the confidentiality, integrity, and availability of protected health information. However, each entity adapts their own security measures.
The more groups that have access to health data, the greater the potential for mistakes to be made that result in the data being exposed. As the Department of Health and Human Services’ Office for Civil Rights Breach portal clearly portrays, HIPAA-covered groups and their business associates are not always as careful as they should be when storing and sending data, and even when they are, it is often not possible to stop breaches. However, using blockchain for medical records could massively improve data security.
Blockchain, as the name implies, is a chain of data blocks which contain details of transactions, each of which is encrypted to ensure privacy. Instead of storing data in a single location, blockchain keeps data in an encrypted ledger, which is spread across synchronized, replicated databases. Each block is connected to the previous block by a unique public key with access to data carefully controlled.
As has been shown with the huge Anthem and Equifax data breaches, single groups cannot be trusted to hold vast quantities of data and keep it secure in a centralized system. Storing data in a decentralized system could be a viable other option.
With blockchain, each data block in the chain can be encrypted with public key cryptography which can be unlocked with the implementation of a private key or password, which could be held by a patient.
If blockchain is adapted for health data, rather than multiple healthcare providers storing their own copies of a patient’s data, the patient would grant each access to their data and supply them with a key.
Without access to the key, the data saved in blockchain would be inaccessible. It would not be possible to hack a single block of data, at least not without at the same time hacking all the others in the chain’s chronology. It would also not possible for alterations to the data blocks to be made and for those changes to be hidden.
With a cryptocurrency like Bitcoin, blockchain is used for completing transactions – the buying and selling of the currency. With health records, the transactions would be consultations with physicians, X-ray images or blood test results, prescriptions, or surgical operations. Each time data is saved, it would need to be validated by a trusted body who has been given an access key. Once validated, it would be added as a block in the chain in chronological order, with the blockchain making up a patient’s entire medical history.
The implementation of blockchain for medical records could prove very beneficial for providers and patients. Not only for maintaining medical records securely, but pulling together separated medical records stored by multiple healthcare suppliers.
This would permit full medical records to be easily shared between providers. Medical records would not need to be sent electronically between suppliers, new providers would just be required to be told where to access the data and given the access key.
Blockchain could make it far easier for patients to access their healthcare files. Rather than filing a request for copies of their health data with many different healthcare providers, one request could be submitted and their full healthcare record could be obtained. Currently, that process can be complicated, time-consuming, and potentially costly for the patient, since each supplier is allowed under HIPAA to charge a fee for providing copies of data.
When data is made available through patient portals, the process of joining together health records can be even more complex, as is distributing the information. Blockchain could also help sort out the issues that exist with a number of different patient identifiers.
Blockchain clearly works for completing financial transactions but what about blockchain and medical records? Is it a viable solution? Trials using Blockchain and medical data have shown very promising results. One trial conducted by MIT Media Lab and Beth Israel Deaconess Medical Center has shown blockchain to work successfully for tracking test results, treatments, and prescriptions for inpatients and outpatients over a duration of 6 months. In that trial, data exchange between two institutions was simulated using two separate databases at Beth Israel. Plans are now underway to grow the pilot.
There are still problem that must be resolved. Blockchain is not anonymous but pseudonymous. There is also the obstacle of how to make specific records private, such as psychotherapy notes, to stop patients accessing those details.
It would also be a requirement for blockchain to be extensively tested with health data and healthcare groups would need to be convinced to implement blockchain medical records systems. Encouragingly, earlier in 2017, IBM carried out a survey on 200 healthcare groups. 16% said they hoped to have a commercial blockchain solution in place this year.