Heavy lifting ahead as healthcare works to achieve blockchain’s potential

While healthcare is in the early phases of experimenting with blockchain, trailing behind other industries such as the financial services sector, health systems are beginning to explore the technology despite slower adoption because of regulations, security concerns and a lack of data standardization.

Asked when they expect blockchain will be integrated into their organization’s systems, 32 percent of providers and 48 percent of health plans said in one to two years, according to a survey by consulting and professional services firm Accenture.

In addition, 91 percent of health executives who were surveyed indicated that blockchain and smart contracts will be critical for their organizations over the next three years, according to Accenture’s Digital Health Technology Vision 2018 report.

Studying options

Despite those optimistic expectations for the future of blockchain, much work lies ahead before the technology is ready for use by providers. However, research is underway.

Mount Sinai Health System in New York has launched the Center for Biomedical Blockchain Research to solve healthcare challenges using technology that underlies the Bitcoin cryptocurrency and provides a data structure that can be timed-stamped and signed using a private key.

In particular, the center will focus on developing apps by evaluating blockchain-enabled solutions, partnering with vendors that are working on the technology, as well as building and testing systems within Mount Sinai.

Mt Sinai-CROP.jpg

The venture—managed by the Icahn School of Medicine at Mount Sinai and the Institute for Next Generation Healthcare—is the first of its kind at an academic medical center, its executives say.

“We’re very early in the blockchain hype cycle and there are a lot of promises being made about how it will save healthcare,” says Noah Zimmerman, assistant professor of genetics and genomic sciences and director of the Health Data and Design Innovation Center. “Fundamentally, for us, blockchain is about building large-scale open networks and incentivizing people to participate in them. That’s what really excites us.”

“We expect that some early use cases could emerge from areas where existing systems and approaches fall short,” adds Joel Dudley, executive vice president of precision health at Mount Sinai and director of the Institute for Next Generation Healthcare.

“The fragmented nature of regional and global healthcare systems prevents the flow of vital information and creates barriers to access for underserved groups,” Dudley says. We see the potential for blockchain and related technologies to enable applications that support more unified healthcare ecosystems and serve the greater goals of realizing national and global precision health networks.”

Making the case

By 2020, research firm IDC predicts that 20 percent of healthcare organizations will have moved beyond pilot projects and will be using blockchain for operations management and patient identity.

Blockchain is seen by advocates as critical to creating trust in the authenticity and accuracy of shared data. In particular, they see the potential for blockchain in health IT interoperability as an emerging use case.

“While interoperability and HIE frameworks evolve to address a range of challenges in health IT, blockchain could deliver an alternative for where these technologies may fall short,” says Mutaz Shegewi, research director for provider IT transformation strategies at IDC. “The ability to feasibly exchange data across and beyond the enterprise level with far greater degrees of decentralization, distribution, and immutability makes blockchain a noteworthy proposition for exploring new ways of shaping the future of health IT interoperability.”

Towards that end, engineers at Vanderbilt University say they have successfully developed and validated the feasibility of a blockchain-based architecture that leverages HL7’s Fast Healthcare Interoperability Resources (FHIR) standard for secure and confidential sharing of patient medical records.

Called FHIRChain, the technology meets the Office of the National Coordinator for Health IT’s technical requirements for sharing clinical data between distributed providers, according to Vanderbilt researchers, who developed it in collaboration with radiation oncology treatments and software maker Varian Medical Systems.

Specifically, FHIRChain uses FHIR data elements in conjunction with a token-based design to exchange data resources in a decentralized and verifiable manner without actually moving the data.

“We demonstrate a FHIRChain-based decentralized app (DApp) that uses digital health identities to easily authenticate participants and manage data access authorizations in a case study of clinical data sharing,” state Vanderbilt and Varian researchers in a pre-print paper that has been submitted for publication. “This DApp enables users to share specific and structured pieces of information (rather than an entire document), thereby increasing the readability of data and flexibility of sharing.”

According to Dana Zhang, a Vanderbilt computer science PhD candidate and lead author of the paper, FHIR standards use a popular form of data structure—called JSON (JavaScript Object Notation)—for exchanging clinical information, which is more compact and readable compared to XML used by other data formatting standards and enables more efficient transmission.

“FHIRChain’s design applies a smart contract to maintain health users’ identifiability without exposing personal information on the blockchain,” states the paper. “It also replaces the need for a traditional username/password authentication scheme with the use of a public/private cryptographic key pair for authentication. In a general clinical setting, these digital health identities—private keys—would be hard to manage for patients. FHIRChain, however, only creates these identities for clinicians to facilitate data sharing, which consequently enables more effective collaborative decision making for patients.”

Blockchain’s potential

Because blockchain has a data structure that can be timed-stamped and signed using a key to prevent tampering, the technology is seen as a natural fit for managing the accountability, authentication, confidentiality, and sharing of information.

“Our FHIRChain-based DApp demonstrates the potential of blockchain to foster effective healthcare data sharing while maintaining the security of original data sources,” concludes the paper. “The design of FHIRChain can be further extended to address other healthcare interoperability issues, such as coordinating other stakeholders (e.g., insurance companies) across the industry and providing patients with easier (and secure) access to their own medical records.”

However, Zhang emphasizes that so far FHIRChain has only been implemented as a prototype in the lab and has not yet been implemented in a clinical setting.

“It requires careful thought about architectures and design,” says Jules White, an associate professor of computer science in the Vanderbilt School of Engineering. “When you’re moving into a world where you have to get things right the first time, it makes you cautious moving forward. And, this is of course true with anything with blockchain—but I think particularly for healthcare data.”

IDC makes the case that with the advent of FHIR and open application programming interfaces (APIs), blockchain could provide a “lattice to accelerate clinical data distribution.” However, the research firm concludes that “whether blockchain will truly empower the industry with new ways of doing interoperability or is just market buzz, for the most part, remains to be seen.”

For his part, Kaveh Safavi, MD, head of Accenture’s global health practice, doesn’t see blockchain as a “panacea” for healthcare. “We think it’s unrealistic to use the blockchain as a way to transport protected health information,” he contends. “Delivering PHI in a blockchain is unlikely. It will have some uses largely around identity but less as a primary transport mechanism.”

Likewise, Chris Jaikaran, a cybersecurity policy analyst in the Government and Finance Division at the Congressional Research Service, believes blockchain is not particularly well suited for managing electronic health records because EHRs are retained on provider systems and are still potentially vulnerable to cyberattacks.

“Blockchain is currently being tested by industry but at this time does not appear to be a complete replacement for existing systems,” testified Jaikaran at a House subcommittee hearing earlier this year. “One such example is to manage electronic health records. In this example, actual medical records are retained on provider systems but a record of that record is published to the blockchain.”

In this scenario, patients may use the blockchain to authorize who has access to those records, according to Jaikaran. “What the blockchain may publish are permissions to that record, so—rather than a patient having to drive across town to pick up a disk of that record to take over to another provider— those providers could talk amongst themselves to transfer that record.”

Roadblocks ahead

Although technically feasible, at the same time, he contends that this blockchain-EHR solution has pitfalls. “All the providers have to be on the same blockchain so they all have some kind of identity—a public and private key—and users have to take a more active role in managing that record for themselves.”

In addition, Jaikaran notes that providers must maintain the electronic health record “in a manner that is consistent with federal and state laws” including HIPAA and the HITECH Act. The application of blockchain to EHRs would “still face” both federal and state privacy laws “as well as a lack of standards, data processing, and storage—which may inhibit its adoption,” he adds.

Further, because EHRs would be retained on provider systems, Jaikaran makes the case that “the record itself is still relying on the security measures” of those healthcare organizations. “So, if the provider is not implementing defense-in-depth or some other cybersecurity strategies, an attacker—instead of attacking the blockchain—would attack the data store of the provider and the record would still be vulnerable,” he concluded.

IDC’s Shegewi concurs with Jaikaran that blockchain technology, in and of itself, “does not enforce any sort of security, privacy, or compliance measures by default,” such as HIPAA and the GDPR.

Further, he observes that “early testers of blockchain are realizing that it might not be a good idea to go on to a public blockchain network just yet—and some may want to look at testing with private, restricted-access blockchain networks.”

Shegewi also points out that another limitation of blockchain is that it’s largely an “incentive-based architecture that is the sum of its parts—its users.” As a result, he warns that “malicious activities could arise if incentives for participants to act maliciously on a blockchain are greater than incentives not to.”

For reprint and licensing requests for this article, click here.