Healthcare Information Security

Cybersecurity News

Health Data Privacy Discussed in ONC Blockchain Proposal

ONC and NIST announced a proposal to receive white papers discussing blockchain technology and how it can be applied to health IT, including its use for health data privacy and security.

By Elizabeth Snell

The Office of the National Coordinator for Health Information Technology (ONC) and the National Institute of Standards and Technology (NIST) submitted an “Ideation Challenge” proposal for the potential benefits of blockchain technology and how it could apply to certain areas of healthcare, including health data privacy and security.

Health data privacy and security part of ONC and NIST blockchain IT discussion

The “Blockchain and Its Emerging Role in Healthcare and Health-related Research” would gather white papers on blockchain technology, which proponents state can “address concerns regarding the privacy, security and the scalability of health records.” 

The white paper submission period began on June 20, and will take place through August 20. Winners will present their papers at an ONC and NIST workshop.

The goal of this Ideation Challenge is to solicit White Papers that investigate the relationship between blockchain technology and its use in Health IT and/or Health Related research. The paper should discuss the cryptography and underlying fundamentals of blockchain technology, examine how the use of blockchain can advance industry interoperability needs expressed in the Nationwide Interoperability Roadmap, patient centered outcomes research (PCOR), precision medicine, and other health care delivery needs, as well as provide recommendations for blockchain’s implementation.

Blockchain critics claim that the process would take a large amount of processing power and specialized equipment, the ONC explained, which would outweigh the potential benefits. However, ONC added that the majority do acknowledge that the blockchain potential “is still evolving and maturing, especially with respect to its applicability to the health care.”

Interoperability and health data privacy issues are hardly new topics for the industry, and both ONC and NIST have been working towards improving both.

For example, the ONC Interoperability Roadmap states that strong and effective safeguards are essential in the interoperability push. Greater transparency in how individuals’ data is used is also necessary, along with ensuring that individuals’ preferences in how their data is handled is properly considered.

“If we steadily and aggressively advance our progress we can make it a reality,” the executive summary said. “We must focus our collective efforts around making standardized, electronic health information securely available to those who need it and in ways that maximize the ease with which it can be useful and used.”

Between 2015 and 2017, ONC added that it “will consider where additional guidance may be needed to help stakeholders understand how HIPAA Privacy and Security Rules apply in an environment where ACOs and other multi-stakeholder entities permeate the landscape in support of value-based purchasing.”

Furthermore, NIST recently released the final draft of “NIST Cryptographic Standards and Guidelines Develop Process” (NISTIR 7977), which describes the channels for establishing cryptographic standards and guidelines.

This is important for healthcare data privacy and security for organizations that implement encryption options to remain HIPAA compliant.

“While our primary stakeholder is the federal government, our work has global reach across the public and private sectors,” NIST explained. “We want a process that results in standards and guidelines that can be used to secure information systems worldwide.”

Health data exchange can bring great benefits to organizations, but as Vice President and General Counsel and Privacy Officer at the Indiana Health Information Exchange (IHIE) Valita Fredland explained, secure information exchange is critical.

There is a tension between data availability and appropriate data protection and use, she told in June 2016.

“It is always the case that when one is the steward, when a company is the steward of sensitive data, it is responsible for ensuring that the data is only used, or disclosed, as is appropriate and allowed by governing law,” she said. “There are also the expectations of the individuals whose information it is.”

Having a privacy and security framework that appropriately addresses the complex privacy and security regulatory requirements that apply to exchanged data over a variety of jurisdictions, is an important step for the industry to take, she added.

“Once data leaves a particular state, it is probable that it will then fall under a different set of privacy and security regulations,” Fredland explained. “That is a key piece of ensuring appropriate information exchange as exchanges think about national and international interoperability.”

Dig Deeper:


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks