Applying Blockchain Tech to Medical Records for Improved Security and Access

02/15/2017

The technology that forms the foundation for digital currencies like Bitcoin could be the technology that provides unprecedented security for and access to medical records.

The Blockchain

For years, online communities sought increased freedom and autonomy by shielding their economic activities from the government and corporate intermediaries. The problem, however, was how to quickly and securely exchange money, goods, or services online between unfamiliar—and potentially anonymous or even malicious—parties without a central marketplace operator (such as eBay or PayPal) to facilitate the exchange. The solution came in the form of cryptocurrencies—currencies that rely on decentralization and encryption (or cryptography), rather than a central intermediary such as a bank or government authority, to provide transparency and security.

Cryptocurrencies like Bitcoin are based on a technology called the blockchain, which, as the name implies, is simply a chain of “blocks.” Each block contains the data of all transactions within a period of time and a reference to the block before it. In other words, the blockchain is the cryptocurrency’s public ledger of past transactions. This differs from most e-commerce systems which typically maintain a centralized private ledger of all transactions. Since anyone can access the blockchain to verify or compile a list of every single exchange, anonymous strangers can trust each other while using Bitcoins to make transactions despite the lack of a supervisory or controlling authority.

More importantly, the blockchain is secure and practically tamper-proof since each transaction is uniquely time-stamped and converted into an alphanumeric value (called a “hash”) that is replicated across the entire network. Alterations to existing hashes would need to occur at every node of the network to be accepted by the system. This makes data stored on the blockchain extremely resistant to external modification such as hacking.

Bitcoin and other cryptocurrencies have been marked by value volatility and association with illicit activities. While some remain wary of Bitcoin’s checkered past, the underlying blockchain technology is increasingly accepted as having applications far beyond digital value exchange. This is especially true given the nearly endless list of activities that require some form of reliable transaction verification or a secure repository of information. Blockchain technology allows individuals to engage in such activities at greater speed, lower cost, and without having to rely on a central authority.

Factom and Medical Records

The healthcare industry is particularly sensitive to privacy concerns yet alarmingly susceptible to data breaches. In 2016, there were 324 reported breaches of unsecured protected health information ranging in size from 500 to over 3.6 million affected individuals. So, unsurprisingly, various startup companies are attempting to apply blockchain technology to medical recordkeeping. For example, the Bill and Melinda Gates Foundation recently awarded a grant to Factom, a blockchain technology firm based in Austin, Texas, to fund the creation of an electronic health records system that provides immutability and security in an affordable manner.

Factom distills collections of data into a single hash and then adds them to the Bitcoin blockchain. This allows the Factom framework to store vast amounts of information without slowing down the blockchain network. With medical records, the hash would serve as a fingerprint of the data for time-stamping and verification purposes. In other words, Factom serves as a mathematically provable auditing and notarization service.

The content of the records themselves would not be revealed to third parties or transferred from their original digital location. So, Factom-secured records likely would not contravene the privacy provisions of the Health Insurance Portability and Accountability Act of 1996. In fact, both the National Institutes of Standards and Technology and Department of Health & Human Services permit the de-identification of protected information by one-way conversion to hash values if certain requirements are met.1 Factom’s blockchain also will allow providers to keep pace with the big data revolution impacting the healthcare industry.

The Bill and Melinda Gates Foundation specifically envisions Factom-secured records benefiting developing nations in which paper-based medical records or information stored on local servers are often compromised by geopolitical instability. Technology that relies on distribution and decentralization is well-suited to maintain the privacy and security of medical records in an affordable and practical way, even in environments with poor web connectivity.

For example, Factom could digitize, store, and encrypt a hospital’s medical records in a decentralized fashion. Access to these records would not be dependent on a strong internet connection to a central server or database, which may be particularly unreliable in a destabilized region, since the data would be distributed across various nodes of the blockchain network. Medical providers and patients would then be able to access and share documents such as vaccination records and HIV viral load measurements on their phones to ensure they are providing or receiving the correct treatment. And because the records are being accessed via the blockchain, they can be easily tracked and authenticated as accurate and unchanged. Factom also plans to use biometric verification for an added layer of security. It is easy to imagine Factom moving medical recordkeeping from a fragmented, primarily manual process to a digital, automated, and secure framework.

Future Applications of Factom’s Blockchain Tech

The advantages of Factom’s blockchain technology—namely, time-stamping, immutability, and secure, decentralized storage of large sets of data—could be embraced by other facets of healthcare such as telemedicine and the pharmaceutical supply chain.

The Centers for Medicare & Medicaid Services recently amended federal regulations to include the use of “telemedicine, e-visits, and/or other evolving and innovative technological solutions” as criteria that states should consider when determining network adequacy standards. 42 C.F.R. § 438.68(c)(1)(ix). The application of blockchain technology to medical recordkeeping is a clear example of an evolving and innovative technological solution and soon could be viewed as another criterion for consideration. But this means projects by companies like Factom could raise conventional telemedicine issues regarding establishment of the physician-patient relationship, licensure, and reimbursement. Alternatively, Factom’s work may supplement traditional forms of telemedicine by automating and improving certain aspects, such as identity authentication and insurance verification.

Similar supplementation by blockchain technology could improve pharmaceutical distribution. The Drug Supply Chain Security Act of 2013 outlined a ten-year plan to build an electronic, interoperable system to identify and track drugs through all phases of distribution. The statute imposes a large documentary burden on drug manufacturers, distributors, dispensers, and repackagers by requiring the capture and sharing of product tracing and transaction information. But using blockchain technology to secure and verify this information, as Factom envisions with medical records, could introduce unprecedented visibility and transparency to the pharmaceutical industry. The technology could equally benefit electronic databases used to track the prescribing and dispensing of controlled prescription drugs to patients.

Applying blockchain technology to electronic health records, telemedicine, and drug distribution and monitoring will impact both the need for, and practice of, intermediaries such as lawyers. At the same time, the technology offers a great opportunity for firms and corporations willing to innovate, particularly in regions in which central databases and government infrastructure are unreliable. Entities that adapt and embrace blockchain technology may be able to provide more efficient and higher quality services.

See Dep’t of Health & Human Servs., Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Nov. 26, 2012).