Dr. Senthil

In the real world however, block chain use poses many challenges. The challenges range from security to accessibility perspectives, some of which are unique to health care. In a healthcare blockchain, each unique identifier is a human being, not a piece of cryptocurrency. So, anyone with access to a blockchain can see how many transactions a patient has had and their timestamps, then extrapolate how healthy or sick a person has been. 

The timestamps as well as the names and inferred locations of hospitals and doctors who are granted access expose some amount of personal information about the age of a person, what provider he/she has seen and when, and possible diagnoses, location or travel patterns. So, it becomes critical to control access to the blockchain itself, not just the records that the blockchain entries point to.

It would be naïve to assume that all patients can manage authorizations to their blockchain if they have a mobile application, considering we have been struggling with patient education and patient compliance for years in the real world. 

Many patients struggle to understand their health conditions and to comply with treatments or preventive interventions, let alone being able to afford and use a mobile device effectively. I can see that mobile devices with simple screens can ask a patient whether they want to allow “Dr. X at hospital Y to access their medical record,” but the questions become complex if the access is for specific documents or specific purposes for specific periods of time. Furthermore, if the data access is for research, the authorization questions become even more complicated.

It is just as complex to help users revoke complex access patterns. When mobile phones figure out how to provide an easy mechanism to grant or revoke specific hardware or data access permissions to the umpteen number of apps in a usable manner, I would think it is possible to do so with blockchain access control.

Another challenge for patient privacy is to define a way to protect sensitive data categories (HIV, mental health or substance abuse records, for example). We need a way to protect the blockchain entries for these categories through effective use of authorization records in the blockchain. 

Authorization records will need to specify the authorized individual at applicable document and accessing healthcare provider levels rather than allowing access to the patient’s entire blockchain and accessing healthcare organization levels. The blockchain entries need to have sufficient metadata to describe sensitive data categories and the blockchain service needs to return appropriate responses when there are redacted sensitive data categories to which a provider is not allowed access.

Currently, some of the challenges in creating a longitudinal, interoperable medical record are the unique identification of patients across multiple systems and merging duplicate identifiers reliably in Enterprise Master Person Index (EMPI) systems. This becomes even more challenging with blockchains because we would require patients to provide their blockchain identifier rather than their name, date of birth, driver license or social security number. 

We would need to find each patient’s blockchain identifier to avoid creating multiple blockchains for a single patient, and we need the ability to merge or unmerge blockchains to reconcile cases where a patient ends up having multiple blockchains or when the blockchains of different patients are erroneously merged. Such capabilities are required before the technology can be adopted in health care.

Additionally, we need to consider the ramifications of a security breach and develop measures to reduce the risk or mitigate the consequences. Due to the replicated nature of blockchains, the blockchain services will potentially have blockchain entries of individuals from all over the country or the world. There are both pros and cons to allowing or disallowing global replication of blockchain entries. 

Ideally, the blockchain service should not have any personally identifiable information (PII) in order to reduce the risk of this information being compromised in a breach. Not having PII would mean that one cannot search the blockchain using a patient’s PII. So, a patient’s blockchain would need to be replicated to all trusted blockchain services so that the patient’s entire medical record can be reconstructed without knowing any PII. 

Now, if methods to identify patients become available in the future, we cannot limit the exposure of past entries that are already added to a patient’s blockchain and could get replicated globally. There is no way to guarantee the security of all the distributed blockchain services, and one breach would mean that the blockchain entries of all patients are out in the open. 

The authorization entries in the blockchain would be invalid. This would place undue burden of security on the off-blockchain medical record stores. They may have to resort to measures such as one-time passwords (single use keys) that the patient gives to the provider to further authenticate the access request, or we may need a separate trust relationship system that is outside the blockchain.

Modern medicine is “modern” due to the adoption of new technologies, while it remains “medicine” due to the almost fanatical devotion to the guiding principles of ‘primum non nocere’ and the scientific method. As practitioners and supporters of modern medicine, it behooves each of us to think through all the unintended consequences that are unique to health care, as well as applicable to other domains while we create new breakthroughs to make medicine even more modern.

This made me think about unintended consequences of new technologies in health care, and how those consequences could affect health care. One of the new technologies that has been popular in the medical informatics literature recently is the use of blockchains (like the ones used in bitcoin).

A blockchain is a log of all transactions that sequentially link what happened to a specific piece of digital currency. The blockchain is transparent and is replicated to multiple servers almost immediately. So, when you use a digital cryptocurrency such as bitcoin, one could verify if you are the rightful owner of that piece of currency by checking its blockchain, and maintain the log by adding the new transaction to the blockchain service.

There have been many articles recently in medical informatics/healthcare IT literature that describe how blockchains can be used to both compile a patient’s longitudinal medical record as well as manage authorization to a person’s medical record. Many of them seem to cite the article “Decentralizing Privacy: Using Blockchain to Protect Personal Data” (PDF link) by MIT researchers Zyskind et al., which describes how blockchains can be used to have data stored in decentralized stores (think hospital EMR systems), while using a blockchain service to link them all and control authorization (think health information networks).

Various articles describe how the blockchain will contain records for all data and authorization transactions for a patient’s medical record. Every time a new document is created for a patient, whether by a clinician, laboratory, pharmacy, billing system or  wearable medical device, a new record is added to that patient’s blockchain, which contains a pointer to an off-blockchain location where that record is stored, such as a specific document identifier in a hospital’s electronic medical record.

Each patient owns their blockchain, and grants or revokes access to those who can add new records to their blockchain or who can read the documents referred to by the blockchain. These data are stored in the blockchain itself as authorization records. It is easy to see that a patient could also say who can query their blockchain itself. Healthcare providers with the proper authorization can access a patient’s blockchain or add new transactions to it.

As with standard practice in medicine, I can see that healthcare providers without authorization can “break glass” during a medical emergency to treat a patient. In addition to providers, wearable electronic devices can also add transactions to a user’s blockchain to track data from their biosensors. Patients can use mobile applications or rely on a healthcare provider to grant and revoke access to their blockchain. 

Technologies like FHIR can come in very handy since every document referred to by the blockchain entries can be a FHIR resource, and the FHIR resource directory for a patient can be integrated with a blockchain service to get a distributed medical record that provides the benefits of both FHIR and blockchain technologies.

While this sounds like a great application in the ideal scenario, it is not without its challenges. Look for part two of my blog where I will discuss the challenges of implementing blockchains in health care.