Can Blockchain Technology Secure Electronic Health Records Systems?

A doctor reviews health records

Using blockchain technology for EHR can open up new possibilities for secure patient and provider access.

Blockchain technology entered the public consciousness with the 2008 launch of Bitcoin, the revolutionary digital currency that’s spawned imitators and competitors in the global financial markets.

But the diffuse nature of verification and the robust cryptographic mechanism inherent in blockchain technology makes it ideal for countless secure data applications, and no industry other than defense relies on information security quite as much as the healthcare sector.

Though an IBM poll showed healthcare leaders predict blockchain applications will improve management of clinical trials and regulatory compliance in future applications, providers are already applying the technology to the exchange of electronic health records (EHR).

Blockchain is uniquely suited to answer the problem of public distrust in health information systems. High-profile hacks of patient data have demonstrated that the trusted third party (TTP) model of information storage isn’t ideal. If a central authority like a hospital system or insurance company is responsible for data security, there are always openings for enterprising hackers with enough resources.

Hence, the “trusted third party” isn’t fully trustworthy because the high velocity of development in enterprise technology is often exceeded by the speed with which black hats and fraudsters adapt to it.

Blockchain, however, replaces trust with digital proof of veracity, opening all kinds of options for secure sharing and access of health records.

Why Is Blockchain So Secure?

With blockchain technology, encoded proof of each transaction is recorded and added as a “block” to the “chain” of all transactions in a digital ledger that is stored on multiple computers and servers (nodes) throughout a network. Each node verifies the transactions recorded on every other node to ensure the veracity of the system, as a whole.

The node performs a mathematical hash function to encrypt a starting variable; a number only used once (nonce), producing a code or “hash” of uniform length. Bitcoin uses a “proof-of-work” algorithm to do this; volunteer “miner” nodes verify the chain by performing the calculation, proving the provenance of the blockchain (mining).

If a node drops out of service for a time, it will simply check upon its return the other nodes for the longest chain related to a particular record in the system to update its own records. (The longest version of a particular blockchain is always the most recent, as it contains the largest number of transactions).

Because of the way blockchain technology is organized, a hacker would have to not only fake a particular transaction, but also upload that fraudulent transaction to all nodes, alter all subsequent transactions, and continue building new, fraudulent transactions on the chain until the fraudulent chain’s length eclipses the length of the honest chain. Only then would the other nodes in the network update their ledgers with the fraudulent information.

Though this may be mathematically possible to accomplish, practically speaking, it discourages most black hats intent on compromising the system. The resources it takes to defraud a blockchain system are so vast and the returns so meager it effectively discourages bad actors, at least for the foreseeable future.

As long as the majority of the nodes in a blockchain network are honest actors, it’s nearly impossible for a hacker to overtake their chain length with a fraudulent chain.

How Do Healthcare Providers Use Blockchain Technology?

Pictured is a patient undergoing an imaging procedure in an open MRI machine.

Imaging centers, pharmacies, physical therapy clinics, outpatient facilities and other providers can all be involved in caring for one patient’s single health condition. With blockchain-based records, patients and physicians can access the same files securely from anywhere.

Irvine, Calif.-based Guardtime first launched its blockchain-based patient information platform for the UK’s National Health Service in 2018, according to the company website. This was the first of its kind.

These days, companies like Guardtime are marrying AI applications with blockchain technology to get a full picture of how much each patient pays for their care, which medications they use and their prices, and the health outcomes that result from that spending.

Measuring health outcomes like this will be a crucial step in transitioning from the costly and inefficient fee-for-service model in the U.S. healthcare system to a more outcome-based model that is cheaper and leads to healthier patients.

Before blockchain, collating all that disparate data from different systems and providers – clinic, insurance company, pharmacy, testing lab, imaging center, etc. – would have been logistically impractical given the stringent health record security regulations outlined in HIPAA.

Blockchain, however, can allow patients and all their providers easy, secure access to the same health records from anywhere in the world. Because of all the security problems with a TPP system and the many disparate providers one patient may use while caring for a single condition, transferring health records takes up a huge amount of staff time and resources to support a system still vulnerable to hacks.

Now, as opposed to a crowded keychain of login passwords for various clinics, test labs and insurance companies, it’s possible for all those actors and the patients, themselves, to access medical records securely from anywhere with just one access key.

“The ability of the blockchain to provide reliable and decentralized storage of all patient data makes this technology optimal for security,” according to the International Journal of Telemedicine. “In addition, the blockchain allows hiding the patient’s identity with the help of complex and secure codes that can protect medical data. The decentralized nature of the technology also allows patients, doctors, and healthcare providers to share the same information quickly and safely.”

What Kinds of Blockchain Configurations Are Best for Healthcare Providers?

Blockchain technology as it’s used for cryptocurrencies relies on vast, diffuse public networks of record-keeping nodes, or computers on the network where the ledgers are stored.

For medical records applications, this exact setup isn’t always desirable. There are three types of blockchain setups characterized by who has permission to write and read blocks in the chain.

  • Public Blockchains: This setup is used for cryptocurrencies. Anyone in the network has permission to write and read blockchain data and contribute to the consensus.
  • Consortium Blockchains: Consortium blockchains are the most used by healthcare systems, according to a 2020 meta study in the International Journal of Medical Informatics. In these systems, a “limited number of selected groups of entities” have access to read, write and participate in consensus.
  • Private Blockchains: These systems have an even more restrictive set of permissions. The nodes are often all centralized under the administration of a single entity.

What Are Smart Contracts?

Blockchains used for this kind of recordkeeping use a system of “smart contracts,” which are code scripts that determine who has permission to change what attributes in the chain.

“These are self-executing contractual agreements where pre-agreed upon provisions are formalized in source code,” the International Journal of Medical Informatics article states. “Since smart contracts are automatically enforced based on these pre-agreed provisions, they work without any third party or intermediate.”

For instance, a patient should be able to access all their own medical records, with some exceptions like psychotherapy notes and physician intellectual property. Smart contracts appended to the electronic health record blockchain govern this access.

What Are Problems with Blockchain-Based EHR Technologies?

One problem with using existing blockchain technology for health records is the necessity of mining – that is, volunteer computer nodes that dedicate processing power to solving the proof-of-work algorithms that guarantee the veracity of the chain.

It’s this requirement that makes cryptocurrency systems so energy hungry – every transaction must be recorded throughout a coin’s history and appended to the chain, and independently verified by the majority of nodes in the network.

For Bitcoin, Ethereum, Dogecoin and others, miners effectively sell their processing power for more bitcoin. Miners are rewarded with a small amount of currency for each hash their computer solves and adds to a particular coin’s blockchain.

What Incentivizes Mining for Health Records?

Researchers theorize medical schools and research institutions could be rewarded for mining blockchain health records with anonymized patient data from a particular health system. This incentive scheme was outlined in a 2016 MIT whitepaper theorizing about the implementation of a MedRec system.

Image of SkillsetGroup healthcare IT data sheet

For more information, download this handy, succinct summary of SkillsetGroup healthcare IT services.

Anonymized health data is extremely valuable in the research community; researchers can parse this data to discover insights about public health and the function of the health system.

In the absence of a widespread healthcare record mining scheme, health record systems using blockchain technology rely on other methods of verifying data, namely older cryptographic technology. Private and consortium record-keeping blockchains don’t necessarily need the extra security of proof-of-work calculations required by cryptocurrencies because the basic hash function, smart contracts and other verification measures are sufficient protection in a closed system.

And, because there is no consensus definition of what constitutes “blockchain,” many of the systems in the burgeoning healthcare blockchain market are simply extra-secure databases with “blockchain” appended as a marketing gimmick. A better description of some of these systems might be “hash-linked, time-stamping” technology.

How Should Healthcare Providers Implement Blockchain EHR Technology?

Upgrading your medical records system is a huge undertaking, however you decide to implement it. As a healthcare provider, every case is different and requires different tools.

As mentioned above, many vendors offer “blockchain” solutions that aren’t really blockchain. That may not matter, depending on your needs as a provider, but you don’t want to pay for a technology you’re not really getting.

At SkillsetGroup IT, we not only have access to the experts who know how to institute a secure EHR management system, but we’ll guide you in writing requests for proposals to different software vendors so you get the best information. With SkillsetGroup IT, you’ll always have an array of well-researched options for your EHR system, or any other IT challenge you face as a provider.

To learn how we can partner to secure and upgrade your electronic health record system, call 800-774-1603.

REFERENCES:

A Case Study for Blockchain in Healthcare:
‘MedRec’ prototype for electronic health records and medical research data”
Ariel Ekblaw et al
IEEE Open & Big Data Conference
August 2016

Blockchain Technology in Healthcare: A Systematic Review
Cornelius C. Agbo et al
Healthcare (MDPI)
June 2019

Research on the Application of Blockchain in Smart Healthcare: Constructing a Hierarchical Framework
Xiaomin Du et al
Journal of Healthcare Engineering
January 2021

The Recent Progress and Applications of Digital Technologies in Healthcare: A Review
Maksut Senbekov et al
International Journal of Telemedicine and Applications
December 2020

Blockchain in healthcare and health sciences—A scoping review
Anton Hasselgren et al
International Journal of Medical Informatics
February 2020

Bitcoin: A Peer-to-Peer Electronic Cash System
Satoshi Nakamoto
2008
Bitcoin.org

Guardtime
https://guardtime.com/

The Trillion-Dollar Prize: Using outcomes-based payment to address the US healthcare financing crisis
McKinsey & Company
February, 2013

’Blockchain’ Is Meaningless
Adrianne Jefferies
The Verge
March 2018

SkillsetGroup

SkillsetGroup

SkillsetGroup Staffing and Consulting company's mission is to build a culture of retention.
Translate »