Despite the uptake and popularization of cryptocurrency, events like this one demonstrated the range of the market’s knowledge and variety of its interests. The audience’s questions ranged from the basic and fundamental to the complex and technical. They represented life sciences to health plans, and everything in between.
Many of the questions heard by panelists at the gathering centered around data privacy on a blockchain, a critical component for healthcare applications. The most frequent question I am asked is, “If the data is accessible and transparent to all users who have access to the blockchain, how can I use it to share private data?” Blockchains are a shared system of record, so by definition, all blockchain transaction data is transparent and cannot be private.
In healthcare, this means that blockchains should not contain private data. Instead, they should contain references to private data. Identifiable data, like a user’s name or the contents of their message, must be masked with standard cryptography and other methods before they are sent to the blockchain. This masking process, called “hashing”, creates a unique ID for the private data that applications can talk about without having to reprocess the underlying information.
Applications use a blockchain to agree and stay in sync with each other, without performing complex reconciliation. The blockchain acts as a permanent event log, happening in real-time behind many different applications. Because they can reference the exact same information, at the exact same time, applications that share data can coordinate more efficiently. When we talk about data privacy on a blockchain, we mean ensuring that this reference data doesn’t include Personal Health Information (PHI).
In addition to transparency, a blockchain creates a shared chronology of events and provides integrity and speed to workflows. Blockchains do not act alone but in concert with user applications, private databases, identity verification services, middleware, and so on. There are a number of ways to achieve a HIPAA-compliant, blockchain-enabled workflow for medical records, claims data, and other sensitive information, but none of them include putting PHI on the blockchain itself.
For example, a college athlete gets a physical exam in her home town. She has a PDF of the report on her laptop, and she registers the report to a blockchain, which creates an ID for the report (ex: Ax09nGt5F43bd6DsajU…). Using blockchain-enabled software, she shares the report with the athletic department; the blockchain captures this change. As she goes through orientation, the admissions office, the NCAA, and other non-medical parties need to confirm that she had a physical. Rather than sending them a copy of her personal record, she can share the blockchain ID (Ax09nGt…), and they can confirm that the record exists by viewing its chain-of-provenance to a trusted source, the university athletic department.
Despite the elegance of this concept, blockchains come with a bizarre set of personality traits with obvious data privacy implications.
To start, the blockchain network is paranoid. The servers on the network don’t fully trust each other and believe that the blockchain is constantly under attack. As a result, the blockchain is stored and replicated in real-time on every server—or node—that’s connected. Therefore, if someone wants to destroy the blockchain, they must convince all of the nodes to agree to do it at the same time, which is increasingly difficult as more users join the network and more copies of the blockchain are distributed.
This resiliency takes lot of work to maintain and limits what the blockchain can efficiently keep track of, but it provides unprecedented transparency and integrity to the events it does capture.
A blockchain can only handle “byte-sized” information. Forgive the pun, but blockchain transactions should only be a few hundred bytes, comparable to the size of a text message. Applications must limit the information they put in a blockchain transaction so it can be efficiently stored and replicated to the other nodes. This means that blockchains are not used to store files; they are used to store references to files.
A blockchain never forgets. Every single transaction is uniquely identifiable and permanently recorded. Each new transaction is cryptographically linked to previous transactions, which are bundled into cryptographically linked blocks, which form an unbreakable chain. Hence, the name. Anyone with access to the blockchain can use search, identify users, and view the entire history of their activities. That’s why user identities are anonymized in every transaction and transactions contain only minimally viable information.
A blockchain does not discriminate between confirmed transactions. It doesn’t know if the user is a surgeon or a school teacher. It doesn’t care if the transaction represents a medical record, a photo of your cat, or the deed to your house. The only thing the blockchain cares about is that the application’s digital signature is valid, and that the transaction follows the rules of the protocol, the code that dictates how transactions must be structured in order to be added to the log.
All blockchain transaction data is visible to the nodes that run the ledger, including all of the data within a smart contract. The exclusion of PHI and other private business data from the blockchain transaction is a design choice that can be carried out by the application or middleware to avoid revealing private or privileged information to the other nodes on the network.
Blockchain technology’s adoption in healthcare relies on “privacy by design,” a concept in software and systems engineering that prioritizes the privacy, confidentiality, consent, and agency of the actual people—the subjects—represented by the data.
The healthcare industry is discovering blockchain at an interesting time for both markets. In healthcare, the push for value-based care reimbursements, universal identity management systems, and revenue-cycle transparency creates a favorable climate for exploring new infrastructure.
While blockchains themselves do not securely transmit private data, they can serve as a backbone for data exchange. It is our responsibility, as an industry, to design for the benefits and limitations of transparent communication in healthcare.
Emily Vaughn is Product Development Director for blockchain at Change Healthcare, overseeing blockchain development and integration strategy. She is a founding contributor to Distributed.com and Distributed: Health, and an early contributor to the Hyperledger Healthcare Working Group.
According an article by Gregory Freeman of HealthLeaders Media, high deductible plans–where patients have more cost-sharing–do not encourage smarter healthcare decisions. Instead, they lead patients to avoid healthcare altogether.