Blockchain opportunities and advancements are changing the global face of healthcare – innovative leaders are quick to identify the change.
Healthcare Digital Transformation
Every industry is nowadays going through a digital transformation journey and technologies like cloud, IoT and mobility are speeding up that process. Healthcare is no exception to that. As everything gets connected digital transformation will disrupt current value chains and enable new eco-systems, but a big challenge for this vision to materialize is trust and security. Add privacy concerns to that and you might end up in a situation where opportunities in the healthcare industry are not realized because we have concerns from both, the patients as well as the service providers. This is where blockchain comes in handy, and its impact on healthcare could be particularly significant.
What is Blockchain and why does it matter?
So what is blockchain? In its simplest definition, blockchain is a distributed public ledger; a database of transactions with a set of rules as to how the ledger gets appended, achieved by distributed consensus of participants in the system. You keep track of transactions in a distributed way, where all participants have a copy of the ledger and can potentially validate any future transactions. An important element of the Blockchain implementation will be signatures to validate the integrity of the data. Historically, Public Key Infrastructure (PKI) has been one of the fundamental technologies to power such data signatures, but it does not scale. The dependency on a central authority to stamp and validate signatures creates serious limitations for large-scale scenarios and is also vulnerable to attacks involving quantum computation. This is where Keyless Signature Infrastructure (KSI) comes to the rescue. It is designed to provide scalable digital signature-based authentication for electronic data, machines and humans. Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash-functions and the availability of a public ledger commonly referred to as a blockchain. So with KSI blockchain we can have a strong infrastructure that can secure the integrity, the validity of data and transactions. Let’s see how we can apply that to healthcare.
Securing Integrity of Electronic Health Records (EHR)
As standards for Electronic Health Records have matured, they have specified what can be shared and how, but they haven’t really solved the issue of securing the transactions and how to make that process open and transparent. And more and more data is produced every day.
With the evolution of technology, there will be more and more connected devices that will collect data about us, our health and wellness. A research report from Enterprise Service Group from 2012 had estimated that by now the average hospital would generate about 665TB of data. 80% of this information would be unstructured data in the form of videos, images and emails. The amount of data is huge and largely untapped. To put things in perspective a single CT scan represents about 1GB of data, while an X-ray takes about 30MB.
All this data will be available in digital format, and lead to massive amount of data, which if mined properly will dramatically improve healthcare. But mining the data also means sharing that data, aggregating data sources and providing access to stakeholders anywhere and anytime. Doctors around the world could for instance benefit from instantly accessing patients records, comparing them with records from other patients.
A key question then is where do you store this data and how do you share it in a secure and reliable way. Now, part of this answer is given by hyperscale cloud technologies which will allow you to provide storage at unbeatable costs, but then, can you trust that data? What if it is compromised? What if your healthcare data leaks outside the circle of trusted physicians? What if that data is altered? These are some of the reasons why healthcare providers tend to keep the data on their own data centers and within their own closed eco-system.
Blockchain and KSI will secure that data cannot be tampered. You will have a full chain of records of who created the data, who accessed it and who modified it. Each data piece in the cloud data center will be signed and transactions on that data can be audited. As mentioned earlier, blockchain and KSI will be used to provide a hashed signature of an EHR when it is in a known good state. By monitoring the time-stamped hashes, the system can then verify that the EHRs have not been altered. Any change means something about the EHR itself has changed, and that might represent an attack that can be checked by security staff. So combine KSI, Blockchain, EHR policies and even Open Data, and you have a solid and distributed infrastructure where data can be shared and its integrity secured. With Open Data you can even expose the data to third parties if there is consent and you can create new transactions that could be linked to that blockchain.
Enabling Health Information Exchange and Settlements
The benefits from blockchain are that you can now reliably share information between service providers, decide who gets access to what data, have a trace of all transactions and make sure nobody has tampered the data. You can now easily link Doctors, Hospitals, Pharmacies, Insurance companies, and anybody who is related to the healthcare eco-system.
Doctors will have seamless access to your health records as well as your insurance policy. When the doctor writes a prescription the pharmacy will not only have access to the prescription and your insurance information, but also information about allergies or other conditions that might interfere with the prescribed medicine. This will reduce the risk of bad treatment and fraud, and also speed up the claims process. Since all information is available and all transactions are linked, that whole process can be automated and settlements could be done automatically without even having to ask for a claim.
Securing IoT Device Configurations and Software
We have been talking so far about the validity and integrity of data in the context of EHRs. Our concern about integrity needs to go beyond that. It is not only about EHR data but also about machines and operating systems, software and configurations.
Of course you will have plenty of security measures in place to create security perimeters and policies, encrypting connectivity, but you will never be able to prevent against everything.
For instance, all the medical devices and connected objects that will provide healthcare data. How do you protect these? And how do you know these devices have not been tampered with? What if the device measuring your heart rate is compromised? What if somebody had replaced the software on your connected insulin dispatcher? The consequences could be lethal and you might not even be aware that a crime has been committed.
What matters for IoT devices is protecting what’s inside it – ensuring that the software operating inside the device and its configuration have not been compromised. If the device is compromised then securing the communication from it won’t matter.
In a recent report by AT&T, “Exploring IoT Cybersecurity”, the company logged that they have seen an increase by 458% of IoT vulnerability scans over the last two years. The threat is real and it is only going to increase.
Here with blockchain and KSI, we have a way to deal with the real problem and that is not to protect against all attacks, but to make sure that you are fully aware of the integrity of a system and its connected IoT devices.
With KSI Blockchain you can link the software producer with the device producer, the service staff, the device and the service provider. You can link all transactions made on the device, you can sign the software, the configurations and the transactions. This means that breaches can be detected almost instantly as long as you monitor signature changes. You can also use these mechanisms to certify devices and to void warranties if an unauthorized person reconfigures a device. The auditability and traceability will greatly reduce insider threats.
The Future of Blockchain and Healthcare
I believe the convergence of technologies will further increase the number and variety of use cases that will benefit from blockchain. Looking at the healthcare system, our focus here was primarily electronic healthcare records, IoT devices and data exchange, but there are many more that I could think of. Much of the paper work done today as part of the administrative process could be simplified; it is not only about registration and basic data, but even for signatures, like the signature required from a legal guardian to perform surgery on a child. You can connect various databases, for instance, connecting organ donors across the globe could be simplified. Notarizing documents would probably not be needed anymore. The possibilities are endless.
It is also interesting to observe how this will evolve here in the UAE. I had the opportunity to participate in a few meetings of the Global Blockchain Council in Dubai, and I can say that the interest and traction around this topic is tremendous. Almost every industry is represented. The UAE’s agenda for blockchain is aggressive and they want to pilot a number of projects to ensure faster adoption. Telecom operator Du recently announced that they will run a pilot on EHR using blockchain infrastructure. Monitor these pilots closely.
I would like to hear more from other experts! What projects do you know of that use blockchain in the healthcare context? What type of adoption do you see of this very hyped technology? Do you think healthcare will be an early adopter or do you see other industries moving faster with blockchain?