By Austin Freimuth and Wyatt Johnson
The 21st century has seen massive shifts in the landscape of healthcare-related data in the United States. With major developments in the fields of bioinformatics, genomics, and transcriptomics, and advancements in genetics and molecular biology, the healthcare industry has increasingly shifted towards precision medicine in the treatment of disease. This includes obtaining individualized patient genomic data and labs to treat underlying causes more accurately. While the utilization of precision medicine has the potential to revolutionize patient care, the exponential increase in sensitive patient data raises numerous security and data privacy risks.
Along with the increase in personalized medical data due to the development of precision medicine, there has been a worryingly large increase in medical data security breaches. In the United States, between 2009 and 2019 approximately 173 million people were affected by medical data breaches according to a study on health data leaks conducted by the Office for Civil Rights (a subdivision of the Department of Health and Human Services) (Koczkodaj et al., 2019). Personal health data is highly sensitive and therefore valuable for nefarious parties to obtain.
Today, personal health data is more valuable on the black market than personal information acquired from financial institutions, further incentivizing ransomware attacks and healthcare data breaches (Harkins and Freed 2018). Given these alarming shifts, it is imperative that we look for solutions to address the technical and organizational pitfalls medical institutions and patients are experiencing as a result of the increased collection of personalized data. One possible solution, utilizing emergent blockchain technology, is to increase individual oversight of sensitive data by standardizing repositories of patient information across all hospitals. These repositories are referred to as distributed ledger technologies, or DLTs. This would allow for patients to have much greater control over their own medical records, while also strengthening the security of intra-organizational data transfer to protect from ransomware attacks. Industry professionals like Steve Alder – editor-in-chief of the HIPAA Journal – have recognized these pitfalls: “As has been shown with the massive Anthem and Equifax data breaches, single entities cannot be trusted to hold vast quantities of data and keep it secure in a centralized system. Storing data in a decentralized system could be a viable alternative.” (Alder, 2017). Furthermore, the utilization of a private and permissioned blockchain network of medical institutions, combined with the tokenization of sensitive medical data, can afford the healthcare industry improved data security and integrity, provide patients with greater autonomy over personal data, and improve record transferability.
In healthcare, the integrity of patient information is critical for effective diagnosis and treatment protocols, yet medical errors are currently a leading cause of death in America (Oyebode, 2013). Blockchain technology offers a promising solution to strengthen the integrity of health records. Its core components—namely, an immutable ledger, robust cryptographic protocols, a system of distributed consensus, and the automation of decision-making afforded by smart contracts—collectively establish greater verifiability and tamper-resistance of data. These characteristics hold promise for significantly reducing the occurrence of preventable adverse medical events where patients are harmed because of medical errors. Furthermore, the absence of a unified national system for reporting adverse events leads to fragmentation, with various states employing disparate systems (Office of Inspector General, 2012).
Apart from reducing medical errors, the inherent transparency and traceability of blockchain technology could play a pivotal role in mitigating fraud and inaccuracies within billing and claims processing, thereby yielding cost savings for healthcare providers and insurers. In accomplishing this, the timestamping feature of blockchain is particularly crucial; it ensures that each record is indelibly marked with the exact time of entry, rendering any post hoc alterations detectable. This feature is instrumental in curtailing fraudulent practices, such as billing for non-delivered services or claim duplication. By establishing a singular, unalterable ledger of transactions open to all authorized entities, blockchain not only discourages deceitful activities but also enhances the efficiency of the auditing process.
Traditional methods of managing patient health information, characterized by manual handling of paper records, prescriptions, and lab reports, have become obsolete. The transition to digital records presents a fantastic opportunity to prevent patients from being relegated to a passive role with limited access to their own health records. Digital health wallets consolidate all pertinent health data into a single, easily accessible digital repository, thus enabling patients to efficiently share their complete medical history with any healthcare provider while ensuring streamlined and secure access to their records. This may not only save time but also offer a more accurate and comprehensive understanding of a patient's health history to practitioners who would otherwise needlessly waste time trying to patch together disparate records.
As a DLT, blockchain provides the necessary interoperability to facilitate the seamless exchange of medical records across various healthcare systems and platforms. This allows secure and efficient management of patient data, thereby fostering trust among all stakeholders involved – from clients to healthcare providers to insurers. Interoperability ensures that everyone has complete access to up-to-date patient information, regardless of its original source. Such a unified view of patient records provides the opportunity for more effective diagnoses, treatment planning, and ongoing care management. It also eliminates the redundancy and potential for error that often occurs when patient data is trapped in siloed systems.
For the healthcare system to see this kind of transformation, existing and future electronic health records must be tokenized. Tokenization is the process of taking a physical asset or piece of data and labeling it by creating a token, which is an arbitrary representation of that data or asset. These tokens are then issued to members of a blockchain in such a way that they indicate the data's location and the network members with access to it. In the example of patient data wallets, tokens could be issued to represent access to their data, which could then be passed on to providers and insurance companies. This system could be governed via the existing framework of smart contracts. Once tokens are issued the data would then be made available to the provider in an interoperable fashion so that no matter where the provider or patient are located, so long as they are both members of the network, they can both guarantee that the provided information will be accurate and complete. This two-way communication between patients and providers can effectively reduce fragmentation across institutions that plagues our current system. (Quinn et al., 2019). Upholding the record-keeping provided by the distributed ledger, however, must exist underlying data structures to securely store any data that will be accessed by patients and providers with issued tokens. There are a variety of ways to achieve this, and an outline of one possible data structure and encryption protocol is given later in this article.
One technical tool that could be utilized to protect individual health data in storage is the sequential use of data encryption followed by the hashed sharding of patient data files into fragmented, encrypted data which will be delocalized across a network of servers located at different medical institutions. A visual outline of this data storage and transfer procedure can be seen in Figure 1. Once the raw medical data file has been created, it is passed through an encryption function. The particulars of the encryption function may differ depending on the use case, however, once the patient data object has been passed through the function two outputs will be created. The first is the encrypted patient data object and the second is a key that will be used to decrypt the data later. The key is stored in the patient keys data object and the encrypted patient data file is then passed into the hashing function that is used to fragment the encrypted data into pieces and then determine the storage location where a particular fragment will be directed to. This process is referred to as hashed sharding. These locations, as seen in Figure 1, would primarily be medical institutions, but could include any facility with sufficient storage capabilities. Additionally, these locations could differ greatly in geographic proximity. A result of this kind of fragmentation is that when an individual sever is breached, the data that is gained is both encrypted and incomplete. This makes the data essentially useless without both the decryption key and the mapping key generated by the hashing function that points to the locations of all the individual data shards for a particular object. The file which contains these keys can be passed through a second encryption function if further security is desired.
The patient keys object or encrypted patient key object in this framework can then be tokenized and used to manage access to patient records, a process controlled by the patients and/or institutions. This process is seen in the centrally located box in Figure 1. The tokenized patient keys can be placed in a multi-signature wallet where the admin keys are sent once both parties agree to the smart contract with terms and conditions that define rules for usage. If either party violates this contract, then permission is revoked. This allows for streamlined patient consent management. These kinds of permissioned interactions between patients and providers or providers to other providers can be further customized through the stipulations written within a particular smart contract that is implemented onto the blockchain. In 2020 a group of researchers from the Tokyo Institute of Technology utilized a chain code they had developed, acting in a similar way to smart contracts, to handle the permission logic found in these kinds of interactions. Their chain code allowed doctors to access records off-chain by validating their access to a particular record with purpose-based patient consent data which was stored on-chain. This kind of interaction, using the existing framework for smart contracts, ensured that doctors would only be able to access patient data for which they had been granted permission (Tith et al., 2020). In a similar fashion, this logic could be handled by a smart contract to govern provider access to a multi-signature wallet where the tokenized patient keys object is placed.
Within healthcare data management, the concept of tokenization is a significant innovation. This method involves transforming the rights or permissions for accessing healthcare data into digital tokens within a blockchain network. These tokens can represent diverse elements of a patient’s medical record, from their complete medical history to specific details such as laboratory results or imaging studies. Tokenization essentially converts sensitive patient data into a secure, encrypted format, enabling its safe and effective sharing across a network. The key advantage of this approach is that during transactions, actual sensitive data remains protected; only tokens, which symbolize the data, are transferred, thus reducing the risk of data breaches through centralized access points.
Design issues concerning data privacy and decentralization must be overcome before the implementation of DLTs can be considered practical. The utilization of public and permissionless blockchains in healthcare raises significant privacy concerns. In these systems anyone within the network can access data under a pseudonymous identity. While the identity of each wallet owner in the network is obscured, there are obvious risks associated with making patient data visible on an open-access distributed ledger. It is therefore imperative that any blockchain-based model be furiously vetted before any wide adoption.
Private, permissioned blockchains are potentially more suitable for managing health records. These systems limit access to authorized individuals, thereby enhancing data privacy and confidentiality. However, this approach introduces its own set of challenges. The need for increased trust among network participants and the potential centralization of control and access can lead to overreliance on a single entity, which raises concerns about collusion and security vulnerabilities. In theory, private blockchains – due to their permissioned and less decentralized design – may be more susceptible to data breaches and other security risks compared to their permissionless, decentralized counterparts. Additionally, their classification as blockchains is a matter of ongoing debate, with some experts arguing that they should be classified as a different form of DLTs due to their distinct characteristics (Konashevych, 2021). Further discussion and research may be necessary to delineate the boundaries of blockchain-based DLTs, and to determine the most effective and secure ways to leverage this technology in sensitive sectors.
A more practical approach for managing electronic health records include implementing a federation or consortium of blockchains. When private chains are put together, they become a federation of private blockchains where influence over the network is shared across multiple enterprises that can collaborate over mutual interest. Concerning electronic health records, a federation of private blockchains may facilitate a more collaborative environment where diverse healthcare entities can jointly manage and oversee the secure and efficient exchange of health data. In theory, this collaboration can ensure a comprehensive approach to ensuring patient data privacy, regulatory compliance, and interoperability while significantly enhancing the quality and coordination of healthcare services. However, one caveat is that by reducing decentralization the network still requires trust between different members in the system than in public blockchains but less than individual private chains. While promising, the technology is still in its nascency, and the practicality of federations as the most viable long-term option has yet to be proven.
Overall, the utilization of patient digital wallets with the tokenization of medical records could provide new and more efficient verticals for individualized health data access management and transparency. Additionally, the distributed ledger system that manages record access through data tokenization would sit on top of the encrypted and sharded storage across servers of participating members in the network, ultimately leading to enhanced data security and reducing healthcare data breaches. Although the proposal systems may have some drawbacks and would require the upheaval of legacy infrastructure, these given examples show the potential of DLTs to revolutionize current health record systems.
Blockchain: A type of DLT that achieves decentralization of power over the system while tracking account balances and the transaction histories.
Digital Wallet: A computer application storing the private key to execute transactions.
Distributed Consensus: Ensures agreement between all participants in a distributed ledger system by establishing a verifiable record of truth absent a central actor.
Distributed Ledger Technology: A digital system that creates a common historical record by syncing all the transactions across independent computers (nodes) in the network to establish secure and accurate data.
Electronic Health Records: Digitized versions of a patient's medical charts.
Hashed Sharding: The creation of data fragments that are distributed across a network of servers using a hashing function. The hashing function uses a key for each shard of data to determine and locate where a particular data fragment is stored within the network.
Interoperability: The ability for separate systems to work together or exchange data.
Multi-Signature Wallet: Any digital wallet that requires two or more private key signatures to execute transactions.
Smart Contracts: Digital computer programs with the terms of the agreement between buyer and seller directly written into lines of code, which automatically enforce and execute the terms when predetermined conditions are met.
Tokenization: The process of taking a physical asset or piece of data and labeling it by creating a token, which is an arbitrary representation of that data or asset. These tokens are then issued to members of a blockchain in such a way that they indicate the data's location and the network members with access to it.
Alder, S. (2017, September 26). The benefits of using blockchain for medical records. HIPAA Journal. https://www.hipaajournal.com/blockchain-medical-records/
Koczkodaj, W. W., Masiak, J., Mazurek, M., Strzałka, D., & Zabrodskii, P. F. (2019). Massive Health Record Breaches Evidenced by the Office for Civil Rights Data. Iranian journal of public health, 48(2), 278–288.
Konashevych, O. (2021, October 2). Private distributed ledger technology or public blockchain? CoinTelegraph. https://cointelegraph.com/news/private-distributed-ledger-technology-or-public-blockchain
Office of Inspector General. (2012). Adverse events in hospitals: National incidence among Medicare beneficiaries. U.S. Department of Health and Human Services. https://oig.hhs.gov/reports-and-publications/archives/spotlight/2012/adverse.asp
Oyebode F. (2013). Clinical errors and medical negligence. Medical principles and practice: international journal of the Kuwait University, Health Science Centre, 22(4), 323–333. https://doi.org/10.1159/000346296
Quinn, M., Forman, J., Harrod, M., Winter, S., Fowler, K., Krein, S., Gupta, A., Saint, S., Singh, H. & Chopra, V. (2019). Electronic health records, communication, and data sharing: challenges and opportunities for improving the diagnostic process. Diagnosis, 6(3), 241-248. https://doi.org/10.1515/dx-2018-0036
Tith, D., Lee, J. S., Suzuki, H., Wijesundara, W. M. A. B., Taira, N., Obi, T., & Ohyama, N. (2020). Patient Consent Management by a Purpose-Based Consent Model for Electronic Health Record Based on Blockchain Technology. Healthcare informatics research, 26(4), 265–273. https://doi.org/10.4258/hir.2020.26.4.265