Vanderbilt leverages blockchain, FHIR for secure sharing of medical records

Prototype meets standards established by ONC’s Shared Nationwide Interoperability Roadmap, but concept has not been tested in a clinical setting.


Engineers at Vanderbilt University say they have successfully developed and validated the feasibility of a blockchain-based architecture that leverages HL7’s Fast Healthcare Interoperability Resources standard for secure and confidential sharing of patient medical records.

Called FHIRChain, the technology meets the Office of the National Coordinator for Health IT’s technical requirements for sharing clinical data between distributed providers, according to Vanderbilt researchers, who developed it in collaboration with radiation oncology treatments and software maker Varian Medical Systems.

Specifically, FHIRChain uses FHIR data elements in conjunction with a token-based design to exchange data resources in a decentralized and verifiable manner without actually moving the data.

“We demonstrate a FHIRChain-based decentralized app (DApp) that uses digital health identities to easily authenticate participants and manage data access authorizations in a case study of clinical data sharing,” state Vanderbilt and Varian researchers in a pre-print paper that has been submitted for publication. “This DApp enables users to share specific and structured pieces of information (rather than an entire document), thereby increasing the readability of data and flexibility of sharing.”

According to Dana Zhang, a Vanderbilt computer science PhD candidate and lead author of the paper, FHIR standards use a popular form of data structure—called JSON (JavaScript Object Notation)—for exchanging clinical information, which is more compact and readable compared to XML used by other data formatting standards and enables more efficient transmission.

“FHIRChain’s design applies a smart contract to maintain health users’ identifiability without exposing personal information on the blockchain,” states the paper. “It also replaces the need for a traditional username and password authentication scheme with the use of a public and private cryptographic key pair for authentication. In a general clinical setting, these digital health identities—private keys—would be hard to manage for patients. FHIRChain, however, only creates these identities for clinicians to facilitate data sharing, which consequently enables more effective collaborative decision making for patients.”

Because blockchain has a data structure that can be timed-stamped and signed using a key to prevent tampering, the technology is seen as a natural fit for managing the accountability, authentication, confidentiality, and sharing of information.

“Our FHIRChain-based DApp demonstrates the potential of blockchain to foster effective healthcare data sharing while maintaining the security of original data sources,” concludes the paper. “The design of FHIRChain can be further extended to address other healthcare interoperability issues, such as coordinating other stakeholders (such as insurance companies) across the industry and providing patients with easier (and secure) access to their own medical records.”

Also See: Blockchain not a panacea for managing health records, fed expert says

However, Zhang emphasizes that so far FHIRChain has only been implemented as a prototype in the lab and has not yet been implemented in a clinical setting.

“It requires careful thought about architectures and design,” says Jules White, an associate professor of computer science in the Vanderbilt School of Engineering. “When you’re moving into a world where you have to get things right the first time, it makes you cautious moving forward. And, this is of course true with anything with blockchain—but I think particularly for healthcare data.”

More for you

Loading data for hdm_tax_topic #better-outcomes...