Healthcare Information Security

Cybersecurity News

Why Data Security is Critical with Healthcare Blockchain

Healthcare blockchain technology could be greatly beneficial for the industry, but data security regulations and a layered security approach are also essential.

Blockchain technology can be strengthened with data security considerations

Source: Thinkstock

By Elizabeth Snell

- Healthcare organizations are utilizing more electronic data than ever before, and many are working toward interoperability and connecting to HIEs. Data security measures cannot be an afterthought, and must be a top priority as covered entities work to remain innovative and properly care for patients.

Blockchain technology is quickly becoming an option for healthcare, as it gives the ability for entities to organize data so transactions can be verified and recorded through the consensus of all parties involved.

Data entered into a computer system or EHR/EMR could have each transaction or entry validated, including financial transfers or an update to an individual’s personal health record. New actions are verified against an authoritative ledger of previous events. 

Additionally, blockchain members can enter information and have their own copy of the ledger, as opposed to the data being held in one location. It is important to note though that new transactions can only be approved if a majority agrees that the requested action is indeed accurate.

Hyperledger Executive Director Brian Behlendorf said in an interview at HIMSS17 that there is a value to private chain over public.

READ MORE: Why Blockchain Technology Matters for Healthcare Security

“Even when all your data is encrypted, sometimes we make mistakes,” Behlendorf stated. “A private chain of entities that are all covered entities and duly authorized by the patient is a governance mechanism that everyone understands.”

He added that in a public chain, organizations are left to the code to protect their privacy. The same goes for all of the individual actors who otherwise have no contractual obligations towards each other and no regulatory framework to operate in.

“You can enforce permissions to make changes to the registry, but you can’t stop someone from copying and pasting the data into a separate document if they’re a bad actor,” he explained. “That’s why you need outside regulatory enforcement, like HIPAA, that doesn’t rely on algorithms to manage your privacy.”

Good healthcare data security happens in layers, Behlendorf maintained. Furthermore, the outermost layer of a highly secure health data sharing network has to be the boundaries of a consortium chain. 

“You can say that if an organization is a bad actor, they will get cut out of the network,” he stated. “That might be fatal for them, so they have every incentive to stay in the network and be a good member of the community.”

READ MORE: Health Data Privacy Discussed in ONC Blockchain Proposal

From there, Behlendorf said that there are additional layers of encryption, so organizations can set different sharing parameters for different types of data.

For example, someone’s blood type might be shared with every organization, he proposed. When that patient is on vacation, and then arrives unconscious at a hospital he or she has never been to before, that patient can still receive the necessary emergency care.

“With something like HIV status, you might not even want the network to know that there was an HIV test performed, let alone post the result in clear text to every member of the chain,” Behlendorf added. “There’s a big range of privacy considerations. The patient should play a role in defining when certain elements get shared and how widely that sharing goes.”

Successful healthcare blockchain technology will not work if there is just one company saying that everyone needs to jump on board, he said.

“But if it’s a collection of companies brought together by a consortium, professional society, or a shared pilot project, then it could really gain some traction.”

READ MORE: ONC Reviews HIE Security, Interoperability under HIPAA

An IBM study found that blockchain technology could be gaining greater traction in healthcare. Out of 200 surveyed healthcare executives, both payers and providers, said they expect to have a commercial blockchain solution at scale in 2017.

Additionally, 56 percent reported that they plan to have blockchain in production and at scale between 2018 and 2020.

Of the respondents who planned to have blockchain in 2017, approximately 60 percent said they predicted blockchains would assist in accessing new markets, and new and trusted information they can keep secure.

“First-mover advantages for healthcare organizations include the opportunity to influence the business and technological standards that others may have to follow,” the report’s authors wrote. “Early collaborators may also have the chance to lock in new partnerships and new ecosystems for mutual advantage.”

Two-thirds of the early adopters also said that decision making being impeded by inaccurate, misleading, or incomplete information was a top barrier that could reduce blockchain implementation. Sixty-six percent of those respondents also said that the risk of technology breaches and tampering are difficult to plan for in blockchain.

“Privacy concerns and the prevalence of cyber-attacks put information at risk and constrain how it might be shared,” the report explained. “The lack of interoperability standards further shuts down the exchange and accessibility of information.”

A patient may be given the ability to authorize all data sharing transactions in private blockchains, which would make it easier for that patient to manage where data is going and who has access to sensitive information.

“When data is trusted and protected, collaboration takes off,” the survey stated. “Blockchains could replace the intermediaries that once existed to secure this data, perform these tasks. Smaller organizations could join ecosystems to take on larger competitors. Private sector participants could gain access to and create new sources of data, whether that’s wellness data streaming from personal devices or information collected by home caregivers.”

IBM researchers maintained that an organization’s circumstances, capacity, and ambition will affect how they can properly respond to blockchain technology.

“As with any new technology that has the potential to transform, there is no ‘cookie-cutter approach,’” the report’s authors wrote. “However, the plans, priorities and investments of the Trailblazers that are poised to enter the market today do illuminate a direction.”

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks