Even though paper records for most medical practices have evolved to digital, all of that data currently resides in silos, where consumers attempt to reconcile data among their providers and health payors.
This can be challenging, as there is no single source that identifies where all of an individual’s health data resides, let alone the order in which it was entered.
From the proliferation of digital health data comes a second challenge: that of keeping the data secure. The past few years have seen an explosion of data breaches and medical identity theft. Consequently, health care providers are looking for the most effective ways to secure the personal health information they hold.
Could blockchain technology provide an answer? Blockchain is one of the hottest topics related to data security today, but beyond the inherently sensitive nature of health data are the persistent challenges of interoperability, patient record-matching, and health information exchange.
Up to this point, providers have exchanged health data via one (or more) of these three models:
- Push: medical information is sent from one healthcare provider to another
- Pull: Providers request information from other providers
- View: Providers can view data inside another provider’s record
Blockchain offers a fourth model – one which has the potential to enable secure lifetime medical record-sharing across providers. Several InsurTech startups and incubators are already investigating how to use blockchain technology to secure, store, and access medical data, both for underwriters and healthcare providers.
What is Blockchain?
Blockchain technology is far more than a buzzword: in simple language, it is a generic tool that enables data to be recorded and stored in an authoritative, distributed, encrypted and secure ledger. The technology enables control of who can have access to that ledger.
Blockchain is also a write-once and append-only system, which means the records comprising the database, once uploaded and accepted, cannot be changed: records can only be added to the ledger. Multiple parties with access can share data and the structure ensures these participants that past records have not been altered15.
The term “distributed database” refers to the fact that the data as well as the devices in the chain are not in one central location or controlled by one gatekeeper. Rather, the system is decentralized: a constant and growing list of ordered records, or “blocks,” are stored in secure sequences, or “chains,” on all participating systems. Each block in a chain is time-stamped when it is created and contains a link to a previous block in the chain, so it is clear when a record was uploaded and in what order.
There are three types of blockchains: public (bitcoin is the best-known example), private, and consortium. For bitcoin, the data is organized so that transactions can be verified and then recorded into the system through the consensus of every party in the network (essentially, a peer-to-peer network). This distributed infrastructure translates to the highest degree of security – even if one device is compromised, it does not affect the rest of the computers in the chain.
In a private or consortium network, an individual entity controls the blockchain and determines which entities can participate as nodes.
Since records in a blockchain are decentralized, each individual participant in the chain holds a copy of the record and each copy constitutes a block in the chain. Each member of a blockchain network (known as “nodes," or “miners” for public networks) contributes to the collective process of validating and certifying digital transactions for the network. Potential revisions to a record must be compared against each and every participant’s copy before being approved, which strengthens security and reduces the likelihood of unauthorized changes. Once a change has been approved by all participants, the revised block/record (copy) is redistributed to each participant (or node)13. Since all members of a network have a complete copy of all updates, no single member has the power to tamper or alter the data as no single entity exclusively owns the data.
Cryptography ensures that participants can only edit the parts of the blockchain for which they have privileges. This is accomplished through the use of private keys which are needed to confirm that the information sent comes from a particular user, prevents the information from being altered once the information has been sent, and allows only authorized individuals to alter data. It also ensures that everyone’s copy of the distributed records are synchronized. For example, in the case of an electronic health record, each entry to a chain is time-stamped at creation and becomes a permanent part of the record – it cannot be changed retroactively or removed. Therefore, original records of test results, diagnoses, and treatments, once uploaded, are preserved and will remain unmodified. Each transaction is digitally signed by authorized users to ensure its authenticity.
How Blockchain Technology Could Benefit Healthcare
“EHRs were never designed to manage multi-institutional life time medical records. Patients leave data scattered across various organizations as life events take them away from one provider’s data silo and into another.”
Dr. John Halamka, CIO, Beth Israel Deaconess, Boston, Massachusetts.2
The average individual in the U.S. has approximately 19 distinct medical records from seeing 18.7 different doctors during their lives18. This is problematic for a number of reasons, but most importantly, because the U.S. has no unique patient identifier. Therefore, it is nearly impossible to aggregate every individual’s encounters into a single, longitudinal health record.
Blockchain could benefit the health care space in a number of ways:
- Identity Management: Could be resolved since every transaction must be validated by all members of a chain before it is approved.
- Managed Consent: Patients could authorize all data-sharing, allowing them to specifically manage who is accessing their information.
- Data Preservation: Multiple health care providers could view, edit, and share data while safeguarding records of diagnoses, medications, and services rendered.
- Privacy: Unauthorized individuals could be prevented from accessing patient records.
- Health Information Exchanges (HIEs): Rather than relying on intermediaries for data exchange such as public exchanges or private provider networks, participants could join a network without building specific interfaces between entities.
- Health Care Claims Processing/Validation: Current processes could be simplified to eliminate a series of validations and multiple third parties acting on behalf of other entities.
- Public Health: By creating shared streams of de-identified patient information, authorities could more readily identify epidemiologic trends or threats, e.g. pandemics.
- Patient-Generated Data: Could easily be uploaded and stored securely with all other medical data.
Challenges / Remaining Questions
“It’s psychology that’s a challenge. We still have the culture where every health care provider thinks of themselves as the single steward of the data that is deposited in that organization.”
Dr. John Halamka, CIO, Beth Israel Deaconess, Boston, Massachusetts17
Before a health care blockchain system could be adopted nationwide, several technical, organizational, and environmental challenges must be addressed. These include: uncertainty, scalability, data standardization and scope, operational costs, and regulatory considerations.
- Uncertainty: One of the biggest challenges in implementing blockchain in health care is that there are few successful models of blockchain-based initiatives to follow.
- Scalability: A distributed blockchain that contains health records, documents, and images would have significant data storage implications and transaction limitations. Conceptually, every member in the blockchain would have a copy of every health record for every individual in the U.S. This volume far exceeds the storage capabilities of current blockchain technology.
- Standardization: There are no established standards for the use of blockchain in healthcare – especially in terms of protocol which dictates how the technology can be implemented.
- Costs: The costs of developing and operating a blockchain-powered healthcare network are currently unknown.
- Regulatory: There are no regulations that address the unique properties of blockchain data exchange and there is uncertainty around how it might conform to current privacy regulations like the Health Insurance Portability and Accountability Act (HIPAA).
Finally, two critical issues facing health care today that present significant barriers to blockchain adoption are:
- Data ownership – who owns health data, and who can grant permission to share it?
- Since each blockchain relies on a unique identifier to link events together, one of the fundamental requirements for blockchain adoption will be the use of a unique patient identifier.
Adoption and Real-World Examples
Despite these hefty challenges, InsurTech players are forging ahead. Major corporations currently operating in the health care blockchain market are Philips AG, IBM Corporation, and Deloitte. Others are also emerging, including Microsoft Corporation, Blockchain Tech Ltd., and Digital CC Ltd.
Health care and life sciences have the most aggressive deployment plans of any industry: According to a survey by IBM, 35% of health care and life science respondents plan to have blockchains in production within the next calendar year5.
Following are some notable examples of current efforts:
- In the U.S., the Office of the National Coordinator for Health Information Technology to introduce a blockchain-based infrastructure which healthcare companies can leverage to build their own proprietary systems (ONC) recently released a paper on the applicability of blockchain technology in securing and recording medical record components. In the near future, the ONC plans to introduce a blockchain-based infrastructure which healthcare companies can leverage to build their own proprietary systems.
- The information technology department of Beth Israel Deaconess Medical Center in Boston, along with researchers at MIT, conducted a six-month test of blockchain in the real world. They entered patient’s medication data, prescriptions, and vaccination history, on separate sites and then used blockchain technology to see if specific doctors could easily access those records. The project was a success and they are planning additional pilots with larger networks of hospitals.
- IBM has supported blockchain implementations for more than a year. It recently announced a beta version 1.0 of a new service, Hyperledger, which has the potential to process up to 1,000 transactions per second.
- Patientory, a new provider of blockchain solutions for healthcare, has launched a blockchain-based electronic medical storage service. Users create an individual profile using the company’s mobile app, and their medical information is stored in
a secure, HIPAA-compliant blockchain platform. The platform allows users with similar health issues or concerns to connect with one another, their physicians, and their care teams. Users can then actively learn more about their overall health and wellbeing. In addition, users and clinicians can utilize the platform to better manage patient care across multiple teams. The technology is compatible with a number of EHR systems, including Epic, Cerner, Allscripts, and Meditech.
- IBM Watson Health has partnered with the U.S. Food and Drug Administration (FDA) to define a secure, efficient, and scalable exchange of health data using blockchain technology. This initiative will explore the exchange of data from several sources, such as electronic medical records, clinical trials, genomic data, as well as health data from mobile devices, wearables, and the Internet of Things. The initial focus will be on oncology-related data.
Estonia has partnered with the data security startup Guardtime for a new blockchain initiative aimed at electronic patient records. It has issued one million personal identity smart cards. The blockchain files and signs the data (new signatures are generated whenever the information is altered). The actual records aren’t stored on the blockchain; only the hash values (tags/identifiers) indicate when files have been updated, thereby creating an audit trail of all transactions.
The United Arab Emirates-based telecom company, du, has partnered with NMC Healthcare to introduce blockchain technology to store patient information. Additionally, the government of Dubai aims to have all of its documents on a blockchain platform by the year 2020.
Thailand is headed for widespread adoption of blockchain technology within two years. In anticipation, the government amended its Electronic Transaction Act 2001 to support the use of smart contracts and is implementing new privacy laws that will take into account the sharing of personal data for public use via blockchain such as for patient records in hospitals.
The United Kingdom’s chief scientific officer, Sir Mark Walport, recently issued a report calling for government investment in blockchain. He asserts the technology has potential application in the NHS where it could open up new ways to share patient records. Sir Walport’s key recommendations are that the Government Digital Service and Digital Economy Unit at the Department of Business, Innovation and Skills should lead work on researching these technologies and their applications.
What Blockchain Can Mean for Insurance Underwriting
Insurance underwriters also have a vested interest in comprehensive, secure medical records and interoperability. Underwriters have long been concerned with “chain of custody” – that is, which entity or individual possesses underwriting (health) data and whether individuals can alter that data for purposes of anti-selection.
Even though blockchain appears to create a clear chain of custody and complete audit trail for medical data, questions remain related to access and data-sharing: First, who will assign access permissions and designate which parties can query and write data to their blockchain? At a minimum, a user should be able to view an audit log of who accessed their blockchain (including when and what data was accessed) and also be able to grant and revoke permissions for access. However, will owners be able to grant selective access to some records and not others, e.g., would users be able to decide what data is collected and how it can be shared?Finally, would an insurer be an actual participant in a blockchain or would it merely be a recipient of information?
When it comes to blockchain technology and its applications there are still many questions remaining for the insurance industry. However, the potential for opportunity is great and almost limitless.