With technological innovations continuing to find a place in the healthcare industry, health data security must remain a top priority for organizations of all sizes. More electronic data is available than ever before, and covered entities are looking to find the most efficient and secure ways to manage it all.
Blockchain technology organizes data so transactions can be verified and recorded through the consensus of all parties involved. It is perhaps best known for being used in the Bitcoin world and has an authoritative ledger that records events.
For healthcare, this means that any data entered into a computer system or EHR/EMR can have each transaction or entry validated. This could include anything from a financial transfer to an update to an individual’s personal health record. Each new action is verified against an authoritative ledger of previous events.
With blockchain, each member who can enter information has his or her own copy of the ledger instead of the data being held in one location. However, no new transaction can be approved unless a majority agrees that the requested action is indeed accurate.
This could greatly affect healthcare as providers often have their own versions of a patient’s record and these records are not always validated against one another. If a patient visits four different providers and each provider makes a separate error in the record, then that patient could encounter issues when it comes to his or her personal care.
- Is Blockchain the Answer to Healthcare’s Big Data Problems?
- Could Blockchain Control Population Health Management Costs?
How does blockchain affect healthcare data security?
In terms of health data security, blockchain technology can also have a great impact. A patient’s differing interactions in the healthcare system can not only be repaired, but having multiple checkpoints rather than one single gateway for sensitive data can also improve security.
There could also be an impact on how patients monitor their own health information. Patients who are part of the blockchain would then be able to approve or deny any sharing or changes to their data, helping to ensure a higher level of privacy and greater consumer control.
While this is similar to how health information exchanges may operate (and several HIEs are already using a decentralized approach to their data architecture), there is an important difference. The validation aspect is what will set blockchain technology apart.
Patients and providers will need to trust that the HIE is accurate about the records moving between hospitals and other organizations. However, blockchain participants will also know that the information has undergone validation.
Furthermore, patients would not have to take the time to gather their own records from multiple providers to send to their new specialist. With blockchain, the new specialist would simply be added to the chain. From there, he or she can access the same information as everyone else already participating.
“It's fair to say that for a privacy professional in this day and age, he or she needs to be familiar with not only the state expectations and regulations on sensitive data, but national and international, because data can travel.”
Health information exchange security is a crucial area in healthcare currently, especially as data sharing becomes more popular. The push toward interoperability, along with population health and accountable care, means that the information is going to be exchanged across a legal landscape that has varying degrees and various levels of privacy and security rules and regulations.
Vice President and General Counsel and Privacy Officer at the Indiana Health Information Exchange (IHIE) Valita Fredland told HealthITSecurity.com last month that patients want information readily available, but it is important to ensure that the data is only used, or disclosed, as is appropriate and permitted by governing law.
“It's fair to say that for a privacy professional in this day and age, he or she needs to be familiar with not only the state expectations and regulations on sensitive data, but national and international, because data can travel,” Fredland said.
Another important consideration for health data security professionals is how HIPAA regulations would potentially apply to blockchain technology. Patient information would need to remain secure through any data transfer process, so covered entities should consider the necessary physical, technical, or administrative safeguards that may need to be implemented as well.
For example, data encryption could be essential for the process. However, covered entities should ensure that they are using methods such as NIST cryptographic standards. NIST recently released a draft of updating standards, which address the importance of encrypting sensitive data by transforming it into an incomprehensible format until a recipient with a private key can unlock the information.
“Our goal is to develop strong and effective cryptographic standards and guidelines that are broadly accepted and trusted by our stakeholders,” NIST’s Chief Cybersecurity Advisor and Associate Director for the Information Technology Laboratory Donna Dodson said. “While our primary stakeholder is the federal government, our work has global reach across the public and private sectors. We want a process that results in standards and guidelines that can be used to secure information systems worldwide.”
Are there current blockchain regulations?
As the blockchain approach is newer to the healthcare industry, federal organizations are working to see how it could be best applied.
The Office of the National Coordinator (ONC) recently issued a challenge to industry stakeholders to submit white papers on the potential role of blockchain in areas such as EHR development, big data analytics tools, research, and the management of Internet of Things (IoT) devices.
Called “Blockchain and Its Emerging Role in Healthcare and Health-related Research,” its proponents claim it will “address concerns regarding the privacy, security and the scalability of health records.”
“The paper should discuss the cryptography and underlying fundamentals of blockchain technology, examine how the use of blockchain can advance industry interoperability needs expressed in the Nationwide Interoperability Roadmap, patient centered outcomes research (PCOR), precision medicine, and other health care delivery needs, as well as provide recommendations for blockchain’s implementation,” ONC explained.
Scott Gottlieb, MD, Resident Fellow at the American Enterprise Institute recently said in a hearing before the House Committee on Energy and Commerce that blockchain could also help payers create risk adjustment strategies that properly match a patient’s individual health status.
While the risk adjustment system is based on examining the severity of chronic diseases among an insurer’s patient pool, Gottlieb explained that the blockchain might help create a more personalized approach to distributing these incentives.
“It is conceivable that risk adjustment could be enabled through a scheme that prospectively bakes some of this assistance into the tax credits provided to consumers to help them buy coverage,” he said.