When healthcare technology companies rely on generalized accounting technology, security is one of the main reasons they do so. But to say that blockchain is inherently safer than other technologies would be a dangerous over-simplification.
In reality, blockchain is a new technology to solve some security problems. But to be truly useful in health care, it will need to be approached intelligently and combined with other security technologies.
Beth Israel Deaconess Medical Center IOC Dr. John Halamka, who is also the editor-in-chief of the online magazine "Blockchain in Healthcare Today," sees two important security-related blockchain use cases: data integrity and patient consent.
"How can you show that a medical record has not been changed, deleted or modified?" Halamka wrote to MobiHealthNews in an email. "When a meeting is complete, create a & # 39; hash & # 39 ;, or a one-way mathematical summary of the record, and write that hash into the blockchain.) If anyone has questions about the completeness or integrity of a record, it can be provided by comparing the hash with the historical hash recorded the blockchain. "
Syed Abrar, CEO of Azaad Health, a startup that uses blockchain for medical records, pointed out that blockchain makes it very difficult to tamper with data.
"If someone tries to tamper with any record, the hash of the relevant system goes to query their data, he says," Yes, this data has been tampered with, "he said." If you change data, you have to do it for whole hash, one by one. And you do not have to do it for just one knot, you have to do it for 10 or a thousand or how many knots you have. And that kind of computing power that you have to change all the data does not exist at this point. I read somewhere that it would take a supercomputer at least a year to change data on a blockchain network. "
As for the patient's consent, Halamka pointed out MIT Media Lab MedRec project as an example of how blockchain can support such applications.
"The United States has 50 states with 50 different privacy and consent policies," wrote Halamka. "We believe that registration accepts the blockchain rather than in each CED will allow the transfer of patient data respecting the patient's preferences through the interrogation of a public ledger before each exchange".
How to use the blockchain safely
What makes the blockchain work is that the data is stored not in one place, but in many places. In the case of public blockchains used for most cryptocurrency applications, such nodes can be on any computer, anywhere. Even with encrypted data, this is not a reassuring proposal for health data security.
So most of the health blockchain users are turning to private or hybrid blockchains, where all the nodes are inside a secure network.
"The market was stunned by many of the early blockchain capabilities and used cases involving data democratization, total information distribution, and so on," Anthony Begando, whose company uses Blockchain for health credentials, told MobiHealthNews. "And there's a lot going on, but if you want to create industrial-level solutions for which blockchain is ideal, things like we're doing, you have to be able to ensure privacy. able to isolate transaction sets so that a competitor does not know what another competitor is gaining in. This type of business reality in the real world. "
The use of non-public blockchain also has the advantage of not requiring an economic system or incentives to operate.
"So [our product runs on] a permit blockchain, "said Abrar." It's a hybrid between private and public. It is specifically designed for this purpose. So, in public blockchain, which is what most companies are trying to do right now, public blockchains require cryptocurrencies and tokens or coins to essentially rely on those processes. But in an authorization blockchain all processes are executed by the nodes inside that network. So it does not require coins or cryptocurrencies. Traders do not require a whole new economy for execution and distribution, they can simply execute them and distribute them in existing systems. "
A number of entrepreneurs, including Tatyana Kanzaveli, CEO of Open Health Network, told MobiHealthNews not to store health data on the blockchain.
"A, Blockchain is publicly available and B, there could be performance problems," Kanzaveli said. "So it's not a good place where you actually want to store your health data, but it's really great that if you use blockchain as a ledger, it allows you to see who does what with your health data."
Particle Health's CEO Troy Bannister made a similar distinction.
"We're just a dividing layer at the top of the silo," he said. "But because we have a shared authorization book, we can now aggregate all of this data together."
Blockchain is not enough
In the case of Nebula Genomics, Chief Strategy Officer Dennis Grishin and his team saw the blockchain a way to enable a piece of their genome-sharing platform.
"What the blockchain allows is to establish a unique source of truth, irrevocable data ownership," he said. "What we do, for example, is to associate data owners with data hashes and store that information on the blockchain, and this is added once, and blockchain is our only database, it can not be substantially revoked. kind of control over data access, that's what it's blockchain. "
But the blockchain alone would not allow the company to do what they did. To protect data, they also use distributed computing to limit and control data access and homomorphic cryptography to keep data safe but calculable.
Likewise, in Azaad Health, Abrar has built redundant protections in its offering blockchain.
"In addition to blockchain, the entire data is actually encrypted," he said. "So if someone gets it, they can not read it, because they do not know which key was used and that key is stored separately on a private card for that particular patient, so this data will be essentially useless for them, because encryption can not be interrupted without access to the public key. "
Not only does the blockchain need to be enhanced with other security technologies, but companies must also keep an eye on potential security issues that the blockchain will not touch. Karolina Starczak, whose startup Nutrimedy decided to transfer to blockchain for now, noted that human error is still responsible for a high number of health data breaches.
"There's just so much technology to explain and you can still have some of those mistakes you currently have with human errors," he said. "There will be a process and workflow on how these data will be shared and how you access information, and not everyone will follow that process, so we have some training issues, ensuring that we are incorporating some of these work in the health sector at this time and perhaps there is much room for improvement.The mere fact of launching another solution on it might not remove some of the main causes that we know exist and that sometimes can be a worrying ".
When blockchain is used for better and more advanced things with other technologies, it can be an important part of health data protection.
"Blockchain is only part of the story," Grishin said. "It's an important part, but it's not the only part."