On a recent wander through Quarry House in Leeds (the HQ of NHS England) I was startled by the sounds of clinking and scraping. When I asked what they were, I was told:
“(Hoh! Ah!) (Well don't you know)
That's the sound of the men,
Working on the chain, ga-ang
That's the sound of the men,
Working on the chain, gang.”
It’s seemed to me that putting those responsible for past NHS IT fiascos on a chain gang was a reasonable alternative to the usual punishment of transportation to Australia.
So I was disappointed to find that this particular gang was in fact the Block Chain Gang, working on the most recent technology to reach the “peak of inflated expectations” on the Gartner Hype Cycle.
Don’t get me wrong, blockchain technology (the technology behind bitcoin and smart contracts) has some potentially important applications in digital health.
As do some other, related cryptographic technologies like homomorphic cryptography and distributed computing; for which blockchain technology can be an enabler.
However, yet again, I see people in the NHS caught up in the hype of the latest fad and becoming easy prey for its snake oil salesmen.
What is this blockchain?
As it happens, my son is a software engineer working for a leading blockchain company. As a result of this, I probably know much more about this technology than most people in the NHS – certainly enough to know that I know sweet FA, but maybe that puts me in a good place to try and explain what I do know.
There are a number of related technologies that are described as blockchain tech. They all rely on cryptography and share some common features, but beyond this they take different approaches and have different potential applications.
The cryptography used by block chains is complex and I don’t have the space to explain it here. I am going to concentrate on what blockchain tech can do not how it does it (if you want to know more I provide some references at the end of this piece).
Blockchain tech provides verifiable transparency about transactions in a network without the need for a root of trust. Take as an example the best known application of blockchain technology, the cryptocurrency Bitcoin.
Traditional currencies require that you trust the issuer of the currency to uphold its value and banks to process it safely and honestly. Without this trust, the stack of paper money you have under the bed or the electronic balances in your savings account could become worthless.
The root of trust with these currencies is a central bank (the Bank of England, The European Central Bank, the Federal Reserve, and so forth). Whereas with Bitcoin there is no need for a central bank, no root of trust, trust is distributed across the network.
Similarly, traditional democracies rely on a root of trust (returning officers, the Electoral Reform Society, and so on) to ensure the integrity of the ballot. Closer to home, current systems to manage consent and protect privacy in health records often require a trusted third party or safe haven.
All of these systems are vulnerable to corruption or coercion in a way that alternatives based on blockchain technology are not. Therefore, while these new technologies have other potential vulnerabilities (as graphically illustrated by the recent $79 million hack of the DAO), they offer a robust alternative approach that is attractive to many.
Homomorphic cryptography
So where might we use blockchain technology in health? In considering this, it important to understand a couple of things.
Firstly, the difference between applications based purely on blockchain technology and those that might use it as an enabler. Secondly, that there are different types of blockchain appropriate for alternative purposes.
Let’s start with important technologies where some implementations can or do use blockchain tech as an enabler. I want to consider two, which have particular relevance to health and care in the area of privacy and confidentiality; homomorphic cryptography and distributed computing.
Homomorphic cryptography is described by MIT, which is currently pursuing its use in its Enigma project as “a technology to put the toothpaste back in the tube”.
The maths behind homomorphic cryptography is way beyond me, but put simply it allows a query to be run on encrypted data without the need to decrypt it first, and returns an encrypted result that when decrypted yields the same result as would have been obtained had the query had been run on the unencrypted data.
If MIT can make this work practically at speed and scale (and its beta programme has been a long time coming) the implications are significant.
No need for trusted third parties, virtual elimination of the risk of unlawful or coercive access to the data, and researchers see only the result they need (much reducing the re-identification risk). It’s certainly something we need look at when considering where we go after the debacle of care.data.
Distributed computing
Distributed computing can mean many things, but what I want to highlight are approaches emerging as Web 3.0. These move away from centralised servers and the Cloud, which concentrates power and control of the Internet in the hands of a few, large, cloud providers and internet giants, and returns control over where data is stored and who has access to it to data subjects.
These ideas are still in the early stage of development but are being led by those who helped create the Internet as we know it today, including Tim Berners-Lee.
He is leading Solid a proposed set of conventions and tools for building a decentralised Web and, in particular, giving you control of your ‘Social Graph’ the list of people you know and trust (which is probably owned by Facebook and LinkedIn at the moment).
More radical are companies like the UK based start-up MaidSafe, which does away with the need for centralised servers by replacing them with a peer-to-peer networks using the spare capacity of user computers.
MaidSafe, and approaches like it, promise an internet where we can do every we can do today with Internet and more, but in a way that safer more secure and returns personal autonomy over your data.
It is clear that these technologies have applications in health and care, where privacy and personal autonomy are key concerns. They also play a critical role in avoiding a new kind of vendor lock-in as the internet giants start to replace the traditional ‘Megasuite’ providers as the dominant players in digital health.
Watch the hype trap
It not possible in 1,000 words to do more than scratch the surface. The links in my piece above provide more information about the projects and technologies I mention. For those who want to know more I have put together a set of references on my blog.
Nevertheless, it is clear that understanding these technologies is hard. Yet, if our policy makers are going to make informed decisions and critically appraise proposals to use them they need to get beyond the hype – otherwise the NHS is going to swimming in snake oil it doesn't need and can’t afford.