Blockchain for Healthcare: Initial Thoughts and Emerging Issues
Updated: Jan 4, 2019
By Immaculate Motsi-Omoijiade, Research Associate - Blockchain for Healthcare
23 November 2018
A blockchain is a cryptographic protocol that allows a network of computers to collectively maintain a shared ledger of information without the need for verification by a trusted third party. This information is stored in a chronological, cryptographically secured ‘chain’ of data that serves as an immutable and irreversible record of transactions. These features of blockchain have led to increased interest in its potential use in addressing some of the process-oriented challenges that currently exist in a healthcare context. Interest has focused on healthcare data management applications, given that healthcare systems struggle to ensure that highly sensitive medial data is kept private, remains accessible only to appropriate parties, for appropriate reasons, at appropriate times. These challenges are especially acute when medical data is stored in decentralised silos.
A recent study by IBM (IBM: 2016) analysed these and other challenges (‘frictions’) and concluded that blockchain is likely to disrupt the healthcare industry in the areas of medical and health records, clinical trial records, medication and treatment adherence, medical device data integration and asset management, contract management, regulatory compliance and adverse event safety monitoring. These findings appear consistent with findings from my initial review of blockchain for healthcare literature. My survey to date indicates there are wide array of studies providing potential and current use-cases for the deployment of blockchain in a healthcare context in and around these areas. The academic literature has also critically analysed elements of blockchain use in healthcare that help provide much-needed contextual and conceptual clarity in seeking to distinguish hype from reality. Of interest to this study are the operational, governance, clinical, legal, ethical and technical challenges surrounding the use of blockchain in the healthcare sector. This briefing shall focus on the last three categories of challenges.
Global legal systems have been struggling to catch up with blockchain developments in multiple sectors. Healthcare is no exception. In the United States, modern forms of data collection, including medical records stored on blockchains (which fall under the designation of ‘non-covered entities’) are not protected by the federal regulation governing healthcare data privacy, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As the electronic sharing and storing of individual data increases and becomes more automated, organizations that are not regulated by HIPAA may collect, share or use individuals' health information, putting such data at risk of misuse. This has led to calls for the language of HIPAA to be expanded to consider technological developments such a blockchain. In the European Union context, one objective of the General Data Protection Regulation (GDPR), is to give individuals more control over their personal data. This is accomplished by imposing strict sanctions for misuse, and confers on data subjects several rights, including, among other things, a (1) right to contest “fully automated individual decision making” (2) requiring explicit consent for the collection and use of data in certain circumstances, and (3) conferring on data subjects a clear right of erasure. It is the latter ‘right to be forgotten’ that arguably presents the greatest challenge to blockchain for managing patient records. This is largely because blockchain is designed to ensure an immutable, unchangeable record of transactions that act as a ‘digital version of a wax seal’. Once an individual’s medical data is appended to a blockchain, their right to be forgotten is automatically compromised. This will become particularly relevant if public keys become universally designated as personal data attached to a natural person. In this case, the concern that pseudonymous identity markers on public blockchains can still potentially be traced back to the referenced individual need to be considered, because they are likely to constitute ‘personal data’ for GDPR purposes.
Further legal consideration concerning the use of smart contracts is also needed. A large proportion of proposed blockchain for healthcare application I have come across rely on the use Ethereum smart contracts. Smart contracts are pre-written coded protocols that determine how to act or interact depending on a situation. In this way, smart contracts allow for the auditability of each interaction, for example between doctor and patient, and serve to ensure the integrity of data through pre-defined access and control permission. However, it has been suggested that these protocols cannot handle all the intricacies that must be included in real-world, natural language contracts. Here, a sophisticated legal contract usually contains a number of legal phrases that are not well suited for coding. This include phrases such as “material adverse change” and “reasonable endeavours” that are questions of degree, whose formulation involves judgement. It is therefore likely that the smart contracts upon which a large proportion of blockchain for healthcare solutions are based would need to have appended natural language contracts and standards for the modality of such dual integration are yet to be developed. Beyond legal issues concerned with data privacy and protocol execution, there are likely to be further unanticipated legal challenges particularly given the difficulties in establishing data control and ownership obligations for medical records stored and accessed over blockchain when control is presumably handed over to patients themselves. Overall, the legal framework around blockchain for healthcare would require a series of fundamental reforms to enable the deployment of this technology in the healthcare sector.
Based on the bioethical principle of respect for persons, ethical reflection has focused on the use of patient data for research and quality improvement. Issues of privacy and informed consent for subsequent use of data have been emphasized, in addition to concerns about data validity, patient obligation to participate in the inputting of data, as well as ethics integration into training for all personnel who interact with personal health data. More fundamentally, it has been suggested that the digitisation of medical data disrupts moral orders governing the production, ownership, use of and responsibility for health records. Here, technological innovation which shifts power relationships among doctors, patients and the state through control and access to medical records have been described as “disruptive to established patterns of formalised rights and responsibilities” when not implemented in a consultative and discursive manner (Garrety et.al: 2014). Blockchain may therefore be a double-edged ethical sword in the healthcare sector. On the one hand, blockchain technology has potential as a tool to meet the ethical requirements of validity, quality and usefulness of electronic health records and other healthcare data through features such as immutability, encryption and cryptographic proofs. However, blockchain applications may give rise to concerns that data could be used in ways for which it was not intended and that these uses might generate risks for individuals or communities through unauthorised disclosure of accurate or inaccurate information. It is, therefore clear that measures must be taken to support safe data collection, storage, and use to reduce the ethical challenges of blockchain use in healthcare. As is the case for the legal ecosystem, an ethical framework around blockchain for healthcare is yet to be developed.
Technical and Operational Challenges
It is widely acknowledged that blockchain technology is still in its infancy. This presents several technical challenges to its widespread implementation and scalability in a healthcare context. Firstly, one of blockchain’s limitations is based on its strength of maintaining an authentic copy of information in the longest chain. Studies have shown that the total database size of unique patient identifiers in electronic health records to be extremely large in comparison to the amount of data that can be stored on blockchain. Furthermore, concerns have been raised about the possibility of data breaches in the use of blockchain for healthcare through a 51% attack where an inordinate amount of control over the network can provide the capacity to overwrite and disrupt immutability, at least in the case of unpermissioned blockchains. Blockchain might not be the optimal technical solution to store patient data. While blockchain is useful for recording continuous and steadily expanding transactions, patient-specific data has an upper bound limit to the number of records, which is the number of citizens in serves. In this instance, population growth is relatively slower than the case of monetary transactions therefore there is little justification in having a network of computer to compete to grow blocks on the chain through mining. Clearly, these technical challenges and considerations vary depending on the choice of architecture and type of protocol deployed by blockchain for healthcare solutions. For example, it has been proposed that blockchain solutions to enhance patient privacy by giving patients the ability to ‘own’, control and share data can be achieved using protocols such as MPC (Secure Multi-Party Computing) to enable untrusted third-parties to conduct computation over patient data without violating privacy, rather than rely on smart contracts. From identifying the operational and other implications of different types of blockchain implementation models will depend crucially on the chosen technical architecture. Consideration should also be given to whether there are other existing and potential non-blockchain solutions that might better address the problems which potential blockchain applications might seek to solve, and how proposed blockchain solutions integrate with existing legacy systems.
Our study seeks to, amongst other objectives, establish the extent to which these and other challenges affect the prospects for blockchain deployment in the healthcare sector.
Garrety K, et al. (2014) ‘National electronic health records and the digital disruption of moral orders ‘Social Science and Medicine 101: 70 – 77
IBM. (2016) ‘Healthcare rallies for blockchains: Keeping patients at the center.’ (online)