The debate about where patient records are stored, how they are accessed, and how they might be used often becomes both adversarial and emotive, and rightly so. After all, it’s your data; and it’s likely your most private and personal data at that.
The government's care.data vision is a case in point. The idea was that hospital episode statistics, GP information and all kinds of other data drawn from medical records across England would be centrally stored in a single database.
It would provide ‘a picture of care’ in England. It would drive research and industry. It was technically a great idea…
However, in practice it raised a torrent of resistance from those with genuine concerns about the security of the data and who would be granted access once it left the hospital or the GP surgery.
Oh, and it never got to grips with the question of whether patients needed to opt-in or opt-out of the programme.
Valid arguments from patient groups, privacy groups and equally valid arguments from government representatives seemed to create a stalemate which, not surprisingly, resulted in public distrust of the scheme.
But let’s step down from the soap boxes for a moment and consider whether there could actually be a better way to provide technical assurance, security and robust management of electronic patient records.
A method that could genuinely change the way data is managed, accessed by healthcare professionals, and validated by patients; that actually keeps the current, decentralised model.
I’d like to invite on stage, to rapturous applause, the remarkable concept of block chain as used by the crypto-currency Bitcoin.
For those not yet in the know, Wikipedia offers the following excellent summary: “A block chain is a permissionless distributed database that maintains a continuously growing list of transactional data records hardened against tampering and revision, even by operators of the data store's nodes."
Sounds good to you? Well, before you excitedly order your T-shirt emblazoned with “On the Blockchain nobody knows you’re a fridge” (and yes, it’s a real T-shirt you can order that, I assume, parodies Bitcoin’s purchasing transactions…) let’s consider what this could mean for the future of health and medical records systems.
Is this a good idea?
The notion of using block chain technology for EPRs and for other record keeping purposes has been around for a while. However, we’ve only recently seen real-world examples and proof-of-concepts.
The newly respectable status of the technology behind a peer-to-peer cash system once associated with the Silk Road and the ‘dark net’ was confirmed this week, when the government’s chief scientific officer, Sir Mark Walport, put out a report calling for government investment in the idea.
Ironically, the report came out just as one of the developers closely associated with Bitcoin itself announced that he was quitting. But the government thinks the underlying technology could be revolutionary, and the NHS was named as one of the potential users.
So what would be the key benefits for a health records system or EPR? Well, essentially the same as those enjoyed by Bitcoin. Such a system would be:
- Decentralised, making sure that the integrity of stored data remains intact, providing complete transparency
- Encrypted and tamper resistant, because altered block chains are rendered invalid
- Accessible globally
- Made up of verifiable and immutable transactions.
And would it work in the real world?
So how could EPR systems exploit the benefits of block chain technology and apply it to the real-world? Let’s consider some examples…
In the search for innovative ideas, a Blockchain Hackathon, sponsored by Fidelity Investments, Deloitte and Citi, took place in November. The winner was MedVault, which won €5,000 by demonstrating a proof-of-concept that would allow patients to record medical information on a block chain.
Now, there are some technical good-practices to adhere to as the block chain itself, by design, is kept as small as possible. So any data held would essentially be metadata (data about data) rather than a full medical record; it would sign-post a transaction to be applied to a record held elsewhere.
This metadata would use a hash value in the block chain, demonstrating data existence and confirming the data integrity without revealing the actual data itself; which is a key requirement in the world of patient records.
This metadata technique is known as ‘coloured coin protocol’, as it was originally for use by crypto-currencies.
The metadata could then be used to manipulate the actual patient record which would itself be stored in a decentralised way. The MedVault example mentioned suggests that peer to peer BitTorrent technologies could be a solution.
The block chain process remains encrypted; verifiable an immutable at all stages and would allow a health professional to access and update your patient record from anywhere in the world using your patient identifier or public encryption key or other unique key.
Companies are working on this already
On the subject of P2P hosting the physical patient record, a company called BitHealth is doing exactly that. It is using block chain technology for storing and securing healthcare data in a distributed way using P2P file sharing technology similar to BitTorrent.
BitHealth says: “So even in the case of an internet outage we can retrieve data from local nodes. Users can generate public and private keys and encrypt data using public keys to store records in a block chain. Patients can use it for securing their data and doctors can use it to retrieve medical records.”
Another initiative is factom.org. Factom is a data layer for securing millions of real-time records in the block chain with a single hash to improve efficiency and prevent ‘bloating’ the block chain.
Factom has partnered with Health Nautica to secure medical records and audit trails using the block chain. It envisages this will provide better efficiency for claims and billing and prevent fraud as the records cannot be altered.
Technically, the block chain method meets the HIPPA standard – the US standard for protecting medical records that was introduced during that country’s medical insurance reforms of the late 1990s, and which healthcare IT companies are careful to abide by.
It does this by protecting patient confidentiality and ensuring the actual medical records are not revealed to third parties, including Factom, nor transferred from their original location as they reside on Factom’s P2P service.
Even big players like Philips Healthcare are rumoured to be getting in on the act by exploring the use of block chain technology for record keeping purposes. No doubt we will start to see more proof-of-concepts in 2016 from other major vendors.
Technically it’s a great idea… honest
Patient records managed by block chains are technically a great idea. In many respects, they should create an honest, unchangeable record that remains secure.
However, adoption of such a radical approach – one that would de-centralise the data, no matter how encrypted and managed it would be – would likely meet with significant opposition from privacy groups and patient groups.
It would certainly be subject to public opinion on whether it would go ahead. But with that proviso, it could indeed revolutionise the EPR and health records industry. Other block chain T-shirts are sadly available…
 | Gareth BaxendaleGareth Baxendale has worked in the technology industry for over 20 years in both the commercial and public sectors. He is currently head of technology for the NIHR Clinical Research Network. Gareth is also a Chartered Fellow of the BCS and vice chair of the BCS Health Executive. |  |