Blockchain makes medical data more secure

  • 23 March 2022
Blockchain makes medical data more secure

In a piece for Digital Health, Jonas Lundqvist, CEO at Haidrun, looks at how a blockchain-powered digital healthcare ecosystem can increase the security and privacy of sensitive patient and medical data.

In the past decade alone, more than 200million patient records have been exposed to data breaches in the healthcare ecosystem. Confidential health information, genetic data and financial details have all been stolen. While major high-profile breaches of sensitive patient data tend to hit the headlines, the problem is widespread and also includes the compromise of pharmaceutical research and cyber-attacks on the healthcare supply chain.

The problem is compounded by the sheer volume of paper in health administration. According to Deloitte, a single healthcare provider will file in the region of 20,000 paper forms annually. And surprisingly, more than half of the 30 billion healthcare transactions performed every year will still be via fax, with more than half of these documents arriving late. Of those that do arrive on time, more than half will contain insufficient or incorrect detail. There’s never been a more pressing case for an overhaul of the system by implementing safe and secure digital information technology.

HIE concept

Many health authorities have now introduced the concept of Health Information Exchanges (HIEs). The idea is to enable patients, doctors, nurses, pharmacists and other health care providers to securely access and electronically share the patient’s medical information. Not only should this significantly improve the speed, quality, and safety of patient care but also deliver a reduction in costs. However, so far it has proved very difficult to make this simple concept a reality. Multiple challenges in data security and privacy, as well as the many operational inefficiencies surrounding IT architectures and standards, have all conspired to hold back much needed progression.

All of this serves to impede patient engagement with limited cooperation between different departments and providers, the minimal ownership of patients’ own health data, and a real blocker to individual caregivers simply exchanging insights effectively and securely.

While there have been numerous attempts at digital transformation in healthcare, there is now a technology that has the potential to provide the industry with a new model for secure and efficient HIEs, with widespread implications for all stakeholders.

Changing the digital world

Blockchain technology is essentially a digital ledger or database for recording information. It is extremely difficult to alter, cheat or hack, and it is already changing digital world concepts such as ownership, privacy, trust and collaboration. Although the mechanics of blockchain are extremely complex, the concept is straightforward enough: to decentralise data storage so that it cannot be controlled or manipulated by a single actor. Records or transactions are verified using an advanced consensus algorithm, and then cryptographically sealed into data blocks, to provide a time-stamped and immutable, single version of the truth.

With certain types of blockchain, data access can be limited by the patient who can then chose to share relevant parts of their personal information with providers. In this way, a potential hacker cannot simply use a single patient’s private key to access broad sets of data. Instead, the bad actor would need to steal multiple users’ private keys to obtain any significant volume of valuable information. All users within one blockchain can keep their own copy of the ledger or database. If any block needs changing a consensus of at least 51% of network participants must approve the change. This inherent feature of blockchain improves security and limits the risk of malicious activity since any change is broadcast within the network.

Another feature of Blockchain is the use of smart contracts, scripted code that follows pre-determined business logic for consistent authorization to access data. Smart contracts act as a gateway to store standardized information, which users can immediately access thanks to Application Programming Interfaces (API) architecture. APIs enable seamless integration with existing systems, so different providers can focus on their own internal systems.

Changing perceptions

While many people associate blockchain with the arrival of bitcoin and the management of cryptocurrencies, the technology is now being widely adopted across sectors from banking and finance to telecoms, insurance, supply chain management and even election voting systems.

The use of blockchains in healthcare can be envisaged in five primary areas:

  • Managing electronic medical record (EMR) data
  • Protection of healthcare data
  • Personal health record data management
  • Point-of-care genomics management
  • Electronic health records data management

The pharmaceutical industry is also exploring the use of blockchain to reduce the problems of drug fraud by helping to deliver more secure, auditable and transparent supply chains. In the US alone, more than $200bn is lost each year because of counterfeit drugs infiltrating insecure supply chains, says Deloitte.

With a blockchain, for example, no entity involved between a drug company and the retailer can alter the data to include counterfeit drugs, while the movement of drugs between the companies and medical facilities can be tracked in near real-time through the data stored on the blockchain. And when it comes to patient tracking and potential claims processing, medical events are stored and locked in the order they occur and there is no potential for illicitly changing the data at a later stage by accident or for fraudulent purposes. Blockchain can create a single system for stored, constantly updated, heath records for secure and rapid retrieval by authorised users. By avoiding miscommunication between different healthcare professionals involved in caring for the same patient, mistakes can be prevented, faster diagnosis and interventions become possible, and care can be personalised to each patient. The same information on the blockchain could also allow individual patients to easily unlock and share their health data with other providers or organisations.

The advantages of blockchain technology, according to the National Institute of Standards and Technology (NIST), include its tamper-resistant nature, the decentralised nature of the digital ledgers, and the impossibility of changing a published transaction subsequently within the user community that shares the ledger without everyone knowing about it.

The Office of the National Coordinator for Health Information Technology in the US recently defined the critical policy and technical components needed for nationwide interoperability, stating a requirement for a ubiquitous, secure network infrastructure, verifiable identity and authentication of all participants, and consistent representation of authorisation to access electronic health information. Blockchain technology appears to meet these requirements.

Public v private

Blockchains come in three flavours – private, public and hybrid. Public blockchains are fully decentralised where there is also no single entity in overall control. They typically involve their own cryptocurrency and anyone can download the software, view the ledger and interact with the blockchain. Public blockchains attempt to preserve an individual user’s anonymity and treat all users equally. For many enterprises including healthcare organisations, this is difficult to accept. That is why private blockchain technology is rapidly gaining interest in healthcare and other sectors.

Private blockchain allows a single authority or organisation to retain control and while offering all the distributed benefits of public blockchains, they retain some of the characteristics of more centralised, controlled networks. This improves privacy and eliminates many of the illicit activities often associated with public blockchains and cryptocurrencies.

No one can enter this type of network without proper authentication. Private blockchains are, by definition, ‘permissioned’ and are usually set up for reasons of privacy, where it does not suit an enterprise to allow every participant full access to the entire contents of the database. They offer performance and accountability and cost less to operate. All of this means that far less energy, fewer resources and fewer participants are required to run the private blockchain, resulting in reduced cost on a far more predictable scale. Much has been written about public blockchains and the huge power consumption used by ‘data miners’, working on the Proof of Work (PoW) consensus protocol and creating the next block for bitcoin chains. Simply not acceptable in a sustainable world.

When it comes to safeguarding sensitive information, using private blockchains makes it easy to demonstrate full accountability – often via external audits – on the running and operation of their systems. And private blockchains provide a higher degree of regulation, determined and set by the administrators in line with industry regulatory codes.

One example of blockchain in healthcare is the US company, MediLedger, which enables companies across the prescription drug supply chain to verify the authenticity of medicines, as well as expiry dates and other important information. Customers can track each package’s end-to-end provenance, with integration with manufacturers, wholesale and shipping.

While it is clear that blockchain applications are at an early stage in healthcare, this emerging technology looks set to enhance the management and protection of healthcare data.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

NHS England to adopt new cyber security framework

NHS England to adopt new cyber security framework

The National Data Guardian and NHS England have announced a new cyber resilience framework for health and social care organisations.
Advanced fined £6m over stolen patient data in 2022 cyber attack

Advanced fined £6m over stolen patient data in 2022 cyber attack

The Information Commissioner’s Office has imposed a £6.09m fine on Advanced for failing to protect personal information during a cyber attack.
Norfolk and Norwich University Hospitals investigating cyber attack

Norfolk and Norwich University Hospitals investigating cyber attack

NHS England’s cyber security operations centre is investigating a cyber attack at Norfolk and Norwich University Hospitals NHS FT.