While blockchain has a number of potentially promising healthcare applications, including the management of electronic health records, the technology has certain pitfalls that may inhibit its utility.
That’s the message delivered on Wednesday to lawmakers by Chris Jaikaran, a cybersecurity policy analyst in the Government and Finance Division at the Congressional Research Service.
Blockchain technology employs a data structure that can be time-stamped and signed using a private key to prevent tampering; many experts in the healthcare industry see the technology as a natural fit for managing the accountability, authentication, confidentiality and sharing of information.
“Blockchain is currently being tested by industry, but at this time does not appear to be a complete replacement for existing systems,” testified Jaikaran before a joint House subcommittee hearing. “One such example is to manage electronic health records. In this example, actual medical records are retained on provider systems but a record of that record is published to the blockchain."
In this scenario, patients may use the blockchain to authorize who has access to those records, according to Jaikaran. “What the blockchain may publish are permissions to that record; so rather than a patient having to drive across town to pick up a disk of that record to take over to another provider, those providers could talk amongst themselves to transfer that record.”
Although technically feasible, he contends that this blockchain-EHR solution has pitfalls. “All the providers have to be on the same blockchain, so they all have some kind of identity—a public and private key—and users have to take a more active role in managing that record for themselves.”
In addition, Jaikaran notes that providers must maintain the electronic health record “in a manner that is consistent with federal and state laws” including HIPAA and the HITECH Act. The application of blockchain to EHRs would “still face” both federal and state privacy laws “as well as a lack of standards, data processing and storage—which may inhibit its adoption,” he adds.
Further, because EHRs would be retained on provider systems, Jaikaran makes the case that “the record itself is still relying on the security measures” of those healthcare organizations. “If the provider is not implementing defense-in-depth or some other cybersecurity strategies, an attacker—instead of attacking the blockchain—would attack the data store of the provider and the record would still be vulnerable,” he concluded.
Still, healthcare organizations and federal agencies are examining potential use cases for the technology. For example, the Office of the National Coordinator for Health IT has sponsored competitions in the last couple years to seek suggestions for how the technology could be used within healthcare.
Most recently, three of the four finalists in ONC’s Data Provenance Challenge are leveraging blockchain technology to address the accountability, privacy and security issues associated with sharing electronic health information. Data provenance involves the ability to trace and verify when and who created information, how it has been used or moved among different data sources, and how it has been modified throughout its lifecycle while it has been exchanged.