In my previous two blog posts, I provided a technical overview of Blockchain, a secure, distributed database technology. I used a Blockchain-based personal health record (PHR) system as an illustrative example to explain how the technology applies to healthcare. A PHR is composed of a series of documents, which fits well with Blockchain’s design, so it makes a straightforward example. However, as Matt commented in a previous blog post, a data storage technology is only useful to healthcare if it can enable the full gamut of use cases, including population health management.
To understand the relevance of Blockchain to the full gamut of healthcare use cases, it is necessary to go beyond the technology and understand how Blockchain’s organizing principles differ from traditional infrastructure. A great way to do that is with an example from the financial industry.
Bitcoin vs. Traditional Commerce
Money is a way of representing value, and it only works because there is broad agreement on how currency is valued. Historically, the way to gain this consensus was for a powerful central authority – typically a government – to establish and control the currency system. Over time, the central financial authority has grown to include a federation of governments, banks, and other powerful institutions that record, coordinate, validate, and ensure the accuracy of financial transactions. Trust in these institutions leads to a reliable infrastructure for conducting commerce.
Bitcoin, the electronic currency built upon the Blockchain architecture, demonstrates that a trusted infrastructure – not the centralized concentration of power – is the important part of that equation. Bitcoin provides all the same core services as the traditional financial system on a distributed, peer-to-peer infrastructure. Trust in technology, like trust in institutions, allows for a reliable financial infrastructure.
Blockchain vs. Traditional Data Structures
Commerce is not the only place that a trusted technology can replace a trusted institution to provide a robust infrastructure. Blockchain can power just about any database that requires authoritative record keeping without creating a centralized place to store and validate the transactions. But without the centralized transaction store, how can applications be built that efficiently operate on a large set of transactions? Or in the context or healthcare, how do you effectively manage population health if transactions are divided across a peer-to-peer network instead of stored in a centralized location?
Population health management has two components: measuring the outcomes of a group of individual patients (e.g., incidents of influenza) and influencing patient actions to help make the outcomes more favorable (e.g. recommending annual flu shots). Measuring outcomes requires a fairly small amount of data, but influencing actions typically requires more context – essentially the entire patient record. Population health management systems tend to be built on a centralized stack because that's the most convenient way to provide both types of data with currently available technology.
There is another way to use technology to achieve population health goals. Providers and payers can measure outcomes based on diagnosis or billing data. They don't need to have the complete, longitudinal patient record to construct these measures. The rules for managing an individual patient's health need to operate over the complete patient record, but those can be implemented in an app on the patient's mobile device, rather than in a proprietary system that holds a central copy of the data.
Under this model it's possible to essentially make the patient the “data platform.”
Putting the patient in control of their complete medical record has a number of benefits.
They always have their entire medical record available
They don’t have to trust an institution to be the steward of their data
They can still participate in population health initiatives
Patient engagement is increased
When will a shift like this occur? Time will tell. But now it's at least a possibility given new technologies like Blockchain.
My previous blog post mentioned the growing problem of ransomware attacks on healthcare institutions, where the perpetrator encrypts the organization's data and holds it for ransom. Cybercriminals usually request these ransom payment in cryptocurrency known as Bitcoin.
The criminals prefer Bitcoin as currency because it is easy to transmit anywhere in the world and difficult to trace. Blockchain is the breakthrough technology that powers Bitcoin, and it may one day also drive innovative solutions in healthcare that are secure, auditable, easily shared, and patient-controlled.
Blockchain is a new technology for storing data in a distributed way. It relies on a vast network of computers all over the world that cooperate to maintain the Blockchain database and make it available to anyone who wants to query it. Computer owners are motivated to participate by being paid with Bitcoins for the work their computer does in the service of the distributed database. The contents of each record are encrypted, so that only authorized users can read the data.
The Blockchain is analogous to a worldwide public ledger, where new entries can be added but never removed. Because the database is widely distributed, no central authority has control over the data. Virtually no amount of damage to the nodes can destroy the database. In the case of Bitcoin, the entries in the ledger are financial transactions that record the transfer of Bitcoin assets from one party to another. For healthcare, the Blockchain ledger would record different types of data, requiring the development of a new approach to facilitate participation.
Can Blockchain technology work for healthcare?
While it’s clear that a robust, encrypted, public general-purpose ledger like Blockchain could be valuable, the question of how to build useful healthcare applications on top of it remains unanswered.
John Halamka, M.D. recently posted a conversation among his colleagues in which they speculated that a health record bank might be the first facility built on Blockchain. Providers and patients could add records to the ledger. Everyone would be able to read the records they contributed, but only the patient would have access to all the records that pertain to him or her. This would become a complete patient health record (PHR) that the patient could share with providers anywhere in the world.
The idea of building applications atop the Blockchain infrastructure was built into the technology from the start. Blockchain was designed to be a general-purpose infrastructural component, with Bitcoin being just the first of many possible use cases. The healthcare industry is eyeing the technology, yet needs to create more use cases.
At least one major company, Philips Healthcare, has established a Blockchain research lab and is soliciting collaborators.
Although Blockchain-powered solutions are not imminent in healthcare, the technology seems poised to emerge as the preferred foundation for applications in all industries that require secure and liquid data. The healthcare industry has the potential to take the lead in adopting a promising new technology.
Remember a time when the majority of health records were paper-based, riddled with illegible, handwritten reports, and couldn’t follow the patient from one care setting to another? No one wants to return to those days. But in a world where electronic health records (EHRs) are becoming the norm, the industry is dealing with an unwanted consequence that didn’t affect paper records – data breaches.
From 2008-2014, hospital EHR adoption increased from less than 10 percent to more than 70 percent.
The enormous amount of stored electronic patient data has enabled a number of powerful use cases involving analytics, coordination of care, population health management, and precision medicine. Computerized records are the main force driving the U.S. toward a learning health system, but they have also produced a growing, undesirable side effect: a huge increase in the number of health record breaches.
Unfortunately, the rapid adoption of EHR technology has outpaced healthcare IT organizations’ capabilities to protect data.
The Black Market Value of Health Data
A health record is estimated to be worth $500 - $2000 on the black market, compared to $1 - $50 for a credit card record. Due to the high value of medical records, Accenturepredicts that 1 in 13 patients will be the victim of medical identity theft by 2019.
Why are health records so valuable? One reason is that health records contain considerably more personal information than a credit report, enabling more sophisticated forms of fraud. Second, the lucrative practice of medical identity theft allows perpetrators to receive treatment, get prescription drugs, or file fraudulent insurance claims. Third, it takes longer to detect the use of stolen medical data than it does with credit card, banking, or other financial information.
This is an enormous problem because victims of medical identity theft do not have the same protection as victims of credit theft (typically limited to $50 but often waived entirely). While it’s hard to imagine that a patient can be held liable for fraudulent healthcare charges, it’s certainly true that sorting out the problem would be even harder than it is in the case of a stolen credit card. And even if the legal and financial headaches are sorted out, how does a patient remove the fraudulent data from their medical records to avoid confusion in future healthcare episodes or make sure that it doesn’t affect future employment?
Ransomware: a New Threat
While everyone agrees that cybersecurity should be a top priority for healthcare IT departments, it looks as if the problem will get worse before it gets better. The past several months have seen an increase in ransomware attacks –hacks where data is encrypted, rather than stolen, and only decrypted after anonymous payment is made.
The Fiscal Times reports that many ransomware attacks may be executed by hackers that were recently laid off by the Chinese government, so they’re obviously sophisticated and able to avoid detection.
For a complete description of how ransomware works, how to avoid an attack, and what to do if you’re a victim, check out Adam Alessandrini’s excellent resource, theRansomware Hostage Rescue Manual.
Earlier this year, President Obama signed the Cybersecurity Information Sharing Act(CISA) that includes specific language for healthcare as it was included in the omnibus spending bill. CISA opponents continue to express concerns about the bill’s privacy provisions when it comes to information sharing.
My next post will examine a new technology that may help improve the security infrastructure throughout the healthcare industry.