Sharing information is a huge problem in healthcare. Providers need information about their patients’ medical history to provide the right treatment and avoid risks, but getting authorization is an outrageously complex process. HIPAA requirements are strict, and releasing information without the necessary permissions can result in heavy fines. Paperwork is a big part of a doctor’s working day.
Several startup companies are looking at blockchain technology to improve sharing of information while protecting it from unauthorized access. A blockchain is a “distributed ledger.” Copies of it are widely available, and entries in it are digitally signed. No single party owns it. Records can be added only according to its rules, and unauthorized changes to one copy won’t match the other copies, so they’ll be rejected.
The best known blockchain application is Bitcoin. Users can move the digital currency from their own “wallets” to other wallets. Once a transaction is made, it can’t be altered or revoked. People can safely accept payments from strangers without an intermediary.
Bringing patient data together
In healthcare, a blockchain can let participants make entries related to a patient, while anyone without authority can’t. Interest is serious; IBM Watson is working with the FDA on approaches to the issue. This approach promises to return control to the patient, who can authorize providers to add and access information.
The Bitcoin model isn’t suitable as it stands for healthcare. All transactions are public. Every payment is visible to all, even if the identity of the participants is unknown. A healthcare blockchain has to restrict information to authorized parties. Unlike Bitcoin, it will have to be a “permissioned” blockchain, where users have to gain authorization before they can make any changes.
One approach under consideration is to make the blockchain an index. The actual information would be held in a secure “data lake.” Blockchain entries would specify who has access, what kind of data can be accessed, and over what time period, but would not hold any personally identifying information.
Data on a patient could include not only information submitted manually by providers, but ongoing information gathered by equipment. A wearable device could periodically submit a patient’s vital signs to the blockchain.
Issues to overcome
Many startups have their own ideas, and they may all be good, but a single standard will have to emerge for the system to work. Patients won’t want to restrict their visits to providers who use compatible technology. It’s too soon to say what that standard should be; different prototypes and proofs of concept will compete, until major providers and government agencies settle on an approach everyone can use.
The regulatory environment will have to change, so that entering information in the blockchain won’t run afoul of legal restrictions. Exactly what the changes should be won’t be clear till there is more progress.
Safely de-identifying data is a difficult matter. When large amounts of information are available in one place, there are often ways to detect patterns and identify supposedly anonymous parties. Even timestamps can provide clues. Any blockchain approach will need to guard against subtle methods of identification. Once the information is out there, there’s no taking it back.
It would be disastrous if everyone adopted a blockchain, and then it proved to have a critical weakness. Businesses and regulators know how costly a mistake could be, and they’re going to proceed with caution. Management of the “data lake,” or however the actual information is stored, will be a big issue, and one that’s been discussed less than the blockchain proper.
If the software is going to give control back to patients, client applications will need to be easy to use yet secure. They’ll have to present complicated choices in an understandable way.
Inevitably, there is a lot of hype in blockchain healthcare development, and not everyone using “blockchain” as a buzzword even meets its basic requirements. Hopes are high, but results that patients and providers can use in regular practice will take years. Developers who find the key solutions will have huge opportunities.