The library catalog is a relic of days gone by, but in its prime, it was the best way to find what you were looking for at the library. The Dewey Decimal System (DDS) was a simple, yet specific classification system. A book gets an identification number based on its subject, author, title, and version. The number indicates its location on the shelf. To find the book, you’d go to the catalog and look up its card. If the card wasn’t in the catalog, the book wasn’t available. Simple.
The blockchain is the catalog, and medical records are the books that it references. It can perform the basic functions of a registry and a resource lookup. Nobody wants to “put” medical records on a blockchain by actually publishing that raw private data onto a public database. What we can do, instead, is publish references to these records so patients and doctors can know where to look for critical information, and so we can keep an authoritative record of who has permission to access and/or modify which records.
So what can this catalog do? It can keep a permanent log of all interactions and replicate it across every connection point on the network—whether it’s a hospital’s server, a doctor’s computer, or a patient’s smartphone, everyone sees the same catalog and discrepancies about records are minimized. It can guarantee that the item you’re looking for hasn’t been forged, duplicated, or tampered with.
A blockchain-based catalog can store user permission lists, which allow us to restrict and selectively authorize access to information based on the credentials of a connection point on the network. If your credentials don’t have permission, then it’s as if there’s no card in the catalog–the record is not available to you or your institution.
A blockchain is like a library catalog that can point you to any book in any library, anywhere in the world with guaranteed integrity, but only if you have permission to check it out.
Well-Intended Regulation Has Unintended Consequences
Healthcare data is private, sensitive data. Regulation can enhance data security but it can also, because of unintended consequences, put our privacy at risk. Blockchains, as public catalogs for anonymized data, could help ensure that regulatory objectives are met, without jeopardizing the privacy of patients.
HIPAA provides a framework for patient privacy, including guidelines for digital health records. The HITECH Act of 2009 and the Affordable Care Act (ACA) have both placed emphasis on digitizing health information for improved quality of care, data mobility and patient protection. However, the services and solutions developed in response to these acts have proven inadequate in keeping data secure. They leave many gaps in the protection and transmission of medical data, largely because they are digital services built on top of a paper-based infrastructure.
Without infrastructure for streamlining secure data exchange, the result of digitization is the creation of massive “honeypots” of health data, left vulnerable, unencrypted and siloed behind weak passwords. Today’s channels for storing and sharing health data cannot support the influx of new information, which we see played out in regular data breaches in IT systems across the industry.
Beyond silos and honeypots, there’s the problem of needless duplication. When data cannot easily be located or shared, providers collect and store the same information over-and-over again. This needlessly adds to their burden of liability, and it increases the likelihood that this information will be mismanaged, because there are now several different parties who could be negligent.
Transparency and Truth for Regulators
Blockchains can support the original intent of HIPAA and HITECH by uniting health data silos with shared catalogs for information exchange. Increased adoption of digital health services has strengthened the demand for interoperability. As services become more interconnected, the implications of privacy and data security are paramount. The solution is not to revert back to paper, obviously, but it is to strike at the heart of the issue: the tradeoff between data availability and data security.
In healthcare, regulators are primarily concerned with protecting patient privacy and using technology to create a more transparent ecosystem for health services. By using the blockchain as a distributed registry of externally stored data, we have the beginning of a trusted log. From there, we can explore how blockchains and their applications can be used to achieve a fully interoperable network of highly available, yet protected data.
Similar to how libraries organize resources, we can explore how blockchains organize data and how blockchain applications add new layers of functionality that empower the patient, the providers, and the organizations that seek to protect them.
The library catalog is a simple registry of resources stored throughout the library. It doesn’t do much more than that. A blockchain is similar in that regard, because it is simply a log of events running over a relay network. It doesn’t do very much either.
To make the blockchain useful for health professionals, we need to build interfaces and applications that connect and utilize the underlying registry.
Gem is one of the companies building and supporting these applications. GemOS, its blockchain “operating system,” uses the blockchain as the common network repository. From there we can build applications with layers of logic and security on top of that repository. These blockchain applications communicate with the underlying ledger to facilitate information queries and exchange between the multiple parties who use these applications.
This is an important distinction for policymakers, because while the underlying blockchain protocol may be the shared utility, it is the applications that carry out the blockchain’s instructions and must therefore be compliant with relevant regulations and standards. It’s also important to know that blockchains don’t “fix” health records out of the box, these applications will need time to be developed and companies need the freedom to experiment safely with these new technological tools.
Like the library catalog, the blockchain itself is fairly basic in form and function. It only records the data we put into it, and could be configured to record just about anything. In the next few sections we’ll look at some of the possible health applications we could build:
Unique Identifiers for Medical Data
A library catalog classifies more than just books. It classifies all types of resources including papers, journals, magazines, articles, and notes. A blockchain can do this as well. On-boarding documentation, prescriptions, patient interactions, and payment requests are all examples of the types of “events” we can register on a blockchain.
Similar to the Dewey Decimal Number, everything that is registered on the blockchain is assigned a unique ID number, called a “hash.” The hash is not a randomly generated number; it is unique to the content of the event file.
For example, a study was performed on Julian by Dr. Madeline on July 5, 2016. This is a unique event, so Dr. Madeline’s report will have unique information about the doctor-patient interaction.
In the blockchain application, we use a cryptographic algorithm to create a hash based on this specific data. Every time we apply the algorithm to this document it will produce the same hash. If any data changes, the algorithm will produce a different hash. The hash of a file cannot be used to recreate the content of that file. So if this number is exposed to an unauthorized party, the information it represents is still a secret.
It’s useful to think of a hash as a digital fingerprint that we can use to identify things on the blockchain. It’s the resource lookup.
A Dewey Decimal Number cannot tell you if a book is damaged or altered, but a hash can.
Because the hash is unique to the file’s contents, it can guarantee the integrity of the file. When we record the hash of Dr. Madeline’s report, we enable future users to verify that the contents of the report have not been modified. If the document has been modified, it will produce a different hash, and the values will not match.
The hash is not only an identifier; it’s an integrity check.
Data Access Management
When we record an event on the blockchain, not only can it include the hash but it could also include an access permission list. These lists can be stored on the blockchain (contained within the hash), and they can act as instructions for the blockchain applications. They can tell the application if a party has access rights to the document.
Patients, doctors, nurses, or anyone can control access to data by storing user permissions on the blockchain. The hash of the file, along with the user identifiers and permissions, is recorded in a single event on the blockchain. Now, when applications search for that file using the hash, they read the user permissions, check it against the credentials of the end-user, and authorize access to that information.
So, when Dr. Madeline registers Julian’s visit report on the blockchain, she gives him permission to add and remove other doctors. When he visits Dr. Duong, a rheumatologist, he adds a new viewer to that record. When Dr. Duong searches the blockchain for the record, the application will confirm his credentials and authorize access.
A Path for Patient Control
Technically, the patient is the owner of the medical data that results from an episode of care. Patients entrust the storage and management of their health data to their provider, just like they store money with a bank and for similar reasons. In health care, providers end up being the custodians of this data. As patients seek more transparency, and as doctors require better access to provide care quality, this dynamic presents significant issues around data ownership, security, and control.
Using the blockchain, ownership or administrative rights can be shared between individuals across disparate IT systems. Using multi-signature technology, control over a record could be divided between multiple parties with authorizing credentials. So patients could co-manage their health records with their doctors, building up a universal electronic health record (EHR) with granular information access controls. Patients could connect wearables and fitness applications and integrate them into their health record, limiting or sharing access to that data with providers on a need-to-know basis.
In this model, payers and providers could mitigate perimeter security risk by adding multi-signature access controls to personal health information, including adding keys for the patient. By registering and distributing access to this information, we can reduce the amount of duplicated data stored and its associated costs.
Adding multi-signature to EHR systems empowers the patient by making them present in their data management. This technology can also support EHR interoperability, empowering disparate provider networks across multiple IT systems.
A Collaborative Version Control
Managing health data between multiple providers is messy. Today, each party maintains their own copy of the health record, making changes and updates to it that no one else can see. Then they each devote an enormous amount of resources to reconciling all the different versions of that health record.
Blockchains can facilitate data reconciliation. Instead of each party maintaining their own locally stored version of the truth, there is only one local copy of this health record stored by one provider. There is only one record registered to the blockchain, and the owner shares access to it by administering rule sets over the blockchain.
Once a file’s hash is recorded to the blockchain, the contents of that file cannot be changed without leaving evidence of that change. So, we can build an application that looks for inconsistencies in those hashes, and ensures that when a user wants to update or append that record, she must create a new record on the blockchain that references the original.
When Julian visits Dr. Duong, this is a new episode of care with a different doctor on a different IT system. Just like Dr. Madeline, Dr. Duong records this visit report to the blockchain. He also orders labs, creating a new event on the blockchain.
Dr. Duong gives “editing” permissions to the laboratory, allowing them to update the order with the lab results. When the lab results are added, they are attached to the order as a new version. The application built on top of the blockchain can be programed to ensure that either document’s hash number will deliver the most recent version of the file. We can also program the application to notify Dr. Duong when the lab results are registered so that he can view them immediately.
In this example, we have two collaborators on the same medical record (three if you include Julian). Any interaction with the record is recorded to the blockchain, so we always have a record of who added what changes and when.
A Tamper-Proof Audit Log
A key component to the organization of a library is keeping a record of what is checked out, when it’s checked out, and who has possession of it. The librarian keeps a ledger, which is the ultimate indicator of a book’s availability.
At its very core, a blockchain is a ledger. The blockchain is a log of every single interaction, including when a record is created, accessed, appended and shared. Every interaction is recorded as a unique event and is given a time-stamp and a hash. Attaching hashes together sequentially creates a permanent chain of events. This is where the word “blockchain” comes from.
One very important feature of blockchain technology is that the full ledger is replicated across every connection point – or node – in the network. This means that the complete registry and its user activity is shared by all the participants. If one node goes down, the network stays on.
Because the ledger is replicated everywhere, it becomes tamper-proof. If a bad actor tried to change a historical event, the hash would change, and it would break all the subsequent events in the chain. Every node has a living copy of the blockchain and would identify this as an attempt to break the network. The change would be rejected.
This highly-redundant, tamper-proof ledger becomes the irrefutable audit log for the entire network. This matters because blockchains are a shared utility that can connect non-trusting parties, and those parties need guarantees that their data cannot be tampered with by other actors.
When combined with strong identity, the ledger becomes the ultimate indicator of who did what, when on a blockchain. It is the basis of truth for every interaction that every party can agree on.
Rather than trusting a single authority, the librarian, to maintain the ledger, the users can trust the catalog itself.
A Universal Library Catalog for Health Data
In healthcare, information is not only private; it is proprietary. While doctors and patients alike yearn for a digital and unified patient record, the infrastructure required to accomplish this doesn’t exist yet. But we’re getting close.
A blockchain can be a public catalog of health records that references databases, fitness and medical devices, mobile phones, laptops and equipment. It connects every doctor, patient, pharmacist, service provider and caregiver to a secure, yet public network.
It connects private data systems to shared infrastructure. And users trust the infrastructure because they can guarantee the integrity of the data it secures. Not only can we know if data is manipulated, we can see who did it.
This technology is in its infancy, but it has the potential to connect a universal library of private health data. Imagine the services we can build on top of that.
This topic was first published in-part by Gem on their blog, “A Universal Library for Health Care: Health Data Meets Blockchain Technology,” on July 20, 2016.
Emily Vaughn is Director of Client Services and Marketing at Gem. She directs client services at Gem and leads Gem Health, the healthcare blockchain initiative. She oversees client education, partnerships, public relations and marketing.