Healthcare Information Security

Patient Privacy News

Data Security Key Consideration for Healthcare Blockchain Success

The HIMSS Blockchain Work Group helped explain that healthcare blockchain can aid the industry, but interoperability, data security, and other factors must be reviewed.

healthcare blockchain data security and privacy

Source: Thinkstock

By Elizabeth Snell

- Healthcare data security, data storage, data availability, and confidentiality are some of the most important characteristics in the application of healthcare blockchain, according to the latest edition of Blockchain in Healthcare Today.

Featuring contributions from the HIMSS Blockchain Work Group, the article also explained that blockchain “is designed to establish trust, accountability, traceability, and integrity of data sharing,” in numerous industries, including healthcare.

The technology can also be disruptive, article authors noted. Blockchain can challenge legacy thinking with regard to data ownership and data use. Entities can benefit from its implementation, but certain considerations must be made.

“The encrypted distributed ledger has potential to improve the quality of patient care, as well as the economics and efficiency of healthcare operations, particularly considering growing data volumes with emerging data sources such as Internet of Things (IoT),” the authors explained. “Other blockchain characteristics, notably near-immutability, smart contracts, and off chain interoperability open up opportunities to tie in applications and services that extend beyond legacy boundaries of healthcare.”

Successful blockchain implementation can create a greater return on adoption for patients, healthcare consumers, and other participants in the ecosystem, the article maintained.

READ MORE: Why Blockchain Technology Matters for Healthcare Security

Healthcare data security can be improved with the technology, and data can be more easily stored and subsequently referenced to for lab results, medications, or allergies. The authors pointed out that federal privacy rules will still apply when personal data and PII are processed.

“Conceivably, a blockchain-enabled solution would provide innovative design opportunities to harden PII and PHI protection tied to smart contracts, data provenance, optimizing on-chain and off-chain data storage, and data minimization; coupled with individual’s governance over others access to and use of their data—in addition, of course, to the data and metadata encryption inherent in blockchain,” report authors wrote.

Cryptographic techniques also ensure that all shared information has an auditable trail, essentially a reliable “fingerprint” that can be traced.

However, confidentiality in healthcare blockchain cannot be taken for granted, the article cautioned. The risk in confidentiality is affected by what information is entered into the blockchain, which is why a “minimal, sufficient approach” is recommended.

“Whether a blockchain is private, permissioned, or public is another key design decision that affects privacy. Scope of access to the blockchain should be limited to authorized entities,” authors explained. “If a blockchain truly holds only non-sensitive information intended for public use, then a public blockchain is a reasonable approach.”

READ MORE: Healthcare Blockchain Key Component for Trusted Data Exchange

“However, in most healthcare blockchains, sensitive information will be stored on the blockchain and only authorized entities should be given access to this information, making private and permissioned blockchains more appropriate.”

Cybersecurity measures commonly encourage the minimum amount of data necessary be shared, and a similar approach can be used in blockchain implementation. Sensitive data can also be encrypted to further protect data confidentiality and privacy, the report authors stated.

Healthcare data breaches could also still occur within blockchain utilization, the article observed. Proper breach risk mitigation should include several considerations to ensure blockchain-enabled healthcare ecosystem participants can “establish, share, and maintain the trust” needed for the best blockchain adoption.

For example, a security risk assessment will help “detect vulnerabilities of all participating organizations,” report authors said. Additionally, any on-chain or off-chain data breach in a single node of one healthcare entity would impact the entire blockchain-enabled environment.

All the nodes running the decentralized ledgers, and all the non-blockchain systems of healthcare organizations that connect to the solution must be reviewed. Administrative, physical, and technical safeguards should be considered with regard to the blockchain solution as well, for a truly holistic cybersecurity approach.

READ MORE: Will Healthcare Blockchain Resolve Data Privacy Concerns?

The article also stressed the need for organizations to review any applicable compliance requirements. Entities storing PHI of Americans should consider HIPAA regulations, while organizations storing data of European Union organizations will need to review how General Data Protection Regulation (GDPR) requirements apply.

“Requirements such as a patient’s right to opt-out of sharing data and the right to be forgotten can have direct impact on what sensitive data can go on the blockchain and what sensitive data must remain off the blockchain,” report authors wrote.

“Designing blockchain-enabled solutions that connect healthcare ecosystem participants across multiple geo-political and geo-governance boundaries may explore the use of off-chain encrypted decentralized storage (such as InterPlanetary File System, ‘IPFS’), and storage zones for meeting compliance across GDPR, HIPAA, and other.”

There is lots of hype surrounding blockchain technology and its potential implementation options, report authors concluded. With healthcare specifically, blockchain’s encrypted distributed ledger could improve patient care quality and improve overall operations and efficiency.

“Going forward, we call for rapidly and broadly disseminating ‘low-hanging-fruit’ use-cases such as supply chain, medication ePedigree, medical device identity and certification, and claims management,” the team wrote. “Rapid prototyping of ‘how it works for the user’ (i.e., User Experience; ‘UX’), Proof-of-Concept pilots, and sharing of key learnings from early adopters are needed to keep the innovation and discovery momentum going.”


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...