“The privacy and integrity of healthcare data must be protected not only from external attackers, but also from unauthorized access attempts from inside the network or ecosystem (e.g. employee of the healthcare provider, or cloud service provider). The attacks (e.g. leakage or modification of data) can be intentional and unintentional, and organizations may be penalized or held criminally liable for such incidents, for example under the Health Insurance Portability and Accountability Act,” say Christian Esposito, Alfredo De Santis, Genny Tortora, Henry Chang, and Kim-Kwang Raymond Choo, authors of “Blockchain: A Panacea for Healthcare Cloud-Based Data Security and Privacy?” (login may be required for full text)
The Internet of Things accelerates the risk with ubiquitous wearables and other sources of acquiring health data.
“Recently, the pervasiveness of smart devices has also resulted in a paradigm shift within the healthcare industry. Such devices can be user-owned or installed by the healthcare provider to measure the well-being of the [patients] and inform/facilitate medical treatment and monitoring of patients,” the authors say.
To find out how blockchain can keep our medical information private, we must first know how it works.
What is Blockchain?
A blockchain is a digital ledger of verified transactions locked together chronologically in an encrypted chain. The ledger is updated with new transactions every few minutes, allowing each computer to access the same current shared ledger.
The chain of transactions in a block is encrypted so that, in order to tamper with a document in the block, hackers would have to tamper with ALL the transactions in the block.
In addition to financial transactions, blockchain can secure and verify any personal, legal, and business document—wills, trusts, patents, contracts, notarizations, marriage certificates, death certificates, anything.
And now medical records.
“When new healthcare data for a particular patient is created (e.g. from a consultation, surgery), a new block is instantiated and distributed to all peers in the patient network. After a majority of the peers have approved the new block, the system will insert it in the chain. This allows us to achieve a global view of the patient’s medical history in an efficient, verifiable, and permanent way,” the authors explain.
What are the benefits?
The authors offer four specific benefits to using blockchain for storing the health and medical history of patients:
Agreement can be reached without the involvement of a trusted mediator; thus, avoiding a performance bottleneck and a single point of failure.
Patients have control over their data.
Medical history as a blockchain data is complete, consistent, timely, accurate, and easily distributed.
Changes to the blockchain are visible to all members of the patient network, and all data insertions are immutable. Also, any unauthorized modifications can be trivially detected.
What are the drawbacks?
The authors identify at least two challenges in implementing a blockchain-based system for storying medical records. Besides a cost-benefit analysis, healthcare providers must be aware of regulations concerning medical records and patients’ rights.
In particular, the authors say “Article 17 of the soon-enforceable General Data Protection Regulation in the European Union has strengthened the rights of individuals to request personal data to be erased. One of the principles of the Organization for Economic Cooperation and Development privacy guideline, on which many data protection laws are based, provides the right-to-erasure to individuals. Given the sensitivity of healthcare data, anyone planning to use blockchain to store them cannot ignore this legal obligation to erase personal data if warranted.”
Secondly, while financial transactions are small bits of data, medical records can be quite lengthy. Storing an entire record in the blockchain can be cumbersome.
“In order to deal with these challenges, many have suggested the notion of off-chain storage of data, where data is kept outside of blockchain in a conventional or a distributed database, but the hashes of the data are stored in the blockchain. This is said to be the best of both worlds, as healthcare data is stored off-chain and may be secured, corrected, and erased as appropriate,” the authors say.
Related research on blockchain and Bitcoin from the Computer Society Digital Library
Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at firstname.lastname@example.org. Follow her on LinkedIn.