Taking Stock of Blockchain in Healthcare, Part I

By | July 19, 2019

Source: IBM Institute for Business Value

Blockchain use is usually associated with the finance industry, but the healthcare industry is actually outpacing finance’s adoption [pdf]. There are so many opportunities for blockchain in healthcare that some cite it as the perfect use case. In this two-part blog post, we will describe the implications of blockchain-based health information technology from the patient, provider, insurer, and public health perspectives.

In many industries, blockchains are considered a superior platform for regulatory compliance. Blockchain shifts the nexus of the healthcare system [pdf] from dispersed pieces of personal information controlled by many different health system stakeholders to the life history of an asset. For pharmaceutical manufacturers, the asset is a bottle of medication as it moves through the supply chain; for patients, it is their health records.

Last month, we witnessed major announcements for blockchain in healthcare coming from both the private and public sectors. The US FDA announced that it has selected IBM, Merck, Walmart, and KPMG to participate in its pilot project to develop a blockchain system to monitor prescription drugs, as outlined by the 2013 US Drug Supply Chain Security Act (DCSA). Additionally, the National Cancer Institute announced a new project intended to build a blockchain-based information system on Hyperledger (the cross-industry, open-source blockchain business software sponsored by IBM, Intel, SAP, Cisco, UCLA, and Columbia, among others) geared towards medical image sharing that will aid in AI/ML applications for diagnosis and treatment. A few days before the announcement, the CEO of Ambra Health, the leading cloud-based medical image management suite, wrote in support of blockchain systems for exactly such applications.

Other very large players in the healthcare industry have created blockchain initiatives this past year. Aetna/CVS Health and Ascension joined a pilot project launched by Optum, UHG, Quest Diagnostics, MultiPlan, and Humana last year to apply blockchain technology to improve data quality and reduce administrative costs regarding changes to health care provider demographic data, citing the need to provide patients with accurate and timely information and the excessive costs of current reconciliation processes between patients, insurers, hospitals, and clinics. Aetna/CVS joined another such partnership with IBM, Anthem, and PNC Bank earlier this year to develop a blockchain-based ecosystem for the healthcare industry, focusing on claims and transaction efficiency.

Blockchain initiation in healthcare has caught on far beyond the United States. In fact, a 2017 survey of over 200 healthcare executives across 16 countries showed that 16% planned to have a blockchain platform at production scale by the end of that year, and an additional 56% planned to do so by the end of 2020. Among the additional 16% of firms who planned to do so before the end of 2017, just 8% of them were American. In Estonia, the National Health Information System and its e-Health Record and e-Prescription registries have transitioned to using blockchain networks and protocol [pdf] (as have its other governmental registries such as e-Police, e-Law, and e-Court [pdf]). It is conceivable that a system similar to this KSI blockchain, developed in Estonia and also used by networks of the NATO Cyber Defense Center, the EU IT Agency, and the US DoD, could make its way into the US public health system. Last month, Canada’s largest pharmacy chain announced a pilot project with a firm that has developed a blockchain platform to assure end-use quality in the country’s medical cannabis industry.

Why might we care about the above-mentioned initiatives? What added benefits and responsibilities manifest for the patient and provider? And what existing costs are reduced for private industry or the public health system? Before we look at how and why the above-mentioned initiatives are beneficial for the stakeholders deploying them in Part II of this post, we’ll focus on implications of a blockchain-based infrastructural shift in the healthcare system from the patient and provider perspectives.

Implications of Blockchain-based Health IT for Patients

The use of blockchain for medical records is only in its infancy, but there are already evident security benefits that prevent healthcare data breaches and frictional reductions that facilitate both the exchange of health data between providers and its access by patients, the owners of the data.

If you are one of the 77 million Americans who had PII, including social security numbers, names, birthdays, medical IDs, street addresses, and employment information stolen in the Anthem/Equifax breach just a few years ago, you may feel that HIPAA-covered private stakeholders and their business associates cannot always be trusted to securely handle massive amounts of data (including your personal health information) in their own, siloed IT systems. Perhaps the costs associated with the increased possibility of identity theft for the rest of the victims’ lives from this foreign cyberattack might be enough to convince patients of the benefits of keeping their information in a consensus-based, irreversible yet encrypted public ledger, where individuals ultimately have control of who has access to what information of theirs (and every access and change of this information is validated and recorded). A decentralized system could possibly be a better alternative.

  • Blockchain enables patients to control and own their records while creating a fully verifiable and accessible real-time audit trail of any transaction (or access) involving that asset (or data). It is precisely this property of blockchain, combined with those mentioned immediately below, that allowed Bitcoin to become the first digital currency to solve the double-spending problem without a trusted central authority such as the Federal Reserve.
  • With the blockchain, each data block in the chain is encrypted using public-key cryptography and can be unlocked with the use of a private password, which could be held by the patient. Public key-cryptography is a system that generates a public key to be distributed to permissible parties and privates key to be kept by the owner.
  • The public key encrypts medical information to be added to the chain, and the private key decrypts that information. Ownership of the private key is sufficient for security.
  • Rather than many healthcare providers storing their own copies of patients’ data, there would be one copy that is distributed on each participating node in the network, whose ownership is governed by the private key, and whose appendages (no deletions; all transactions have a permanent audit trail) are allowed via access to a public key.
  • Even if private entities could be entrusted with your data, some breaches are not preventable. On a blockchain system, it would not be possible to hack a single block (e.g. a new transaction such as a new prescription) of data, nor to change data blocks or have those changes be hidden.

Implications of Blockchain-based Health IT for Providers

Imagine a cryptographically secured public ledger holding all medical data and transactions (instead of financial transactions like the bitcoin chain) in the form of an immutable and append-only, chain of content. Researchers at the MIT Media Lab have developed a novel decentralized system for EHR management [pdf] called MedRec using a private blockchain based on Ethereum. MedRec automatically keeps track of who has permission to view and change a record of medications a person is taking. Together with Beth Israel Deaconess Medical Center, MIT has tested this blockchain system tailored for EHR applications using prescription medication records.

MedRec doesn’t store health records or require a change in current EHR procedures. It stores a signature of the record to assure an unaltered copy is obtained, and different EHR systems can be accessed via the blockchain for use on one decentralized ledger. MedRec then notifies the patient, who fundamentally controls where the record can travel with the private key.

MIT recognizes that the system will imply patients’ greater involvement in the management of their healthcare and aims to restore autonomy over their medical data. Patients are already burdened with many different provider portals, apps, and passwords. Service organizations could evolve to work as patient representatives for private key tasks by building specialized applications on the network for patients who do not want the responsibility of managing their data.

A prominent problem facing health care systems today is being able to share more medical information with more stakeholders, for more purposes, while ensuring patient privacy and data security. Reconciling data across parties does not work well because there isn’t a single list of all the places data can be found or the order in which it was entered, let alone a single consensus-driven protocol for sharing data. Using blockchain in electronic health care records avoids adding a third party between the patient and the records by serving as a decentralized control mechanism emphasizing patient privacy and autonomy, data security, and ease of distribution in which all parties hold an interest. Both the public and private sectors have shown by example that it is time for due consideration of a new architecture for medical records.

Stayed tuned for Part II of this series that will look at blockchain implications for insurers, other parties in private industry, and the public.

Justin Kirschner

Justin Kirschner

Justin Kirschner is a research analyst at RTI International, an independent, nonprofit research institute. Some of Justin's research interests lie within the intersection of health economics and information technology. Before joining RTI, Justin worked at the Federal Reserve as a research assistant focusing on Medicare, medical spending, and structural modeling. The views expressed here are the author's and do not represent RTI International.