Can blockchain revolutionise EPRs?

March 2016

Chain linkGareth Baxendale FBCS CITP, Head of Technology at the NIHR Clinical Research Network, asks whether bitcoin’s blockchain technology can revolutionise electronic patient records (EPRs).

The debate about where patient records are stored, how they are accessed and how they might be used often becomes both adversarial and emotive, and rightly so, after all, it’s your data and likely to be your most private and personal data at that.

The government’s Care.data vision is a case in point, where all medical records in England would be centrally stored in a single database along with other health data sets that would provide ‘a picture of care’ in England. It was technically a great idea...

However, in practice it raised a torrent of resistance from those with genuine concerns about the security of the data and who would be granted access beyond that of the GP surgeries. Oh, and do patients need to opt-in or opt-out of the programme?

Valid arguments from patient groups, privacy groups, and equally valid arguments from government representatives seemed to create a stalemate which, not surprisingly, resulted in public distrust of the scheme.

But let’s step down from the soap boxes for a moment and consider whether there could actually be a better way to provide technical assurance, security and robust management of EPRs; a method that could genuinely change the way data is managed and accessed by healthcare professionals and, in fact, keep the current decentralised model.

So I’d like to invite on stage, to rapturous applause, the remarkable concept of blockchain, as used by the crypto-currency bitcoin. For those not yet in the know, Wikipedia offers the following excellent summary ‘a blockchain is a permission-less distributed database that maintains a continuously growing list of transactional data records hardened against tampering and revision, even by operators of the data store’s nodes.’ Sound good to you?

Well, before you excitedly order your T-shirt emblazoned with ‘On the blockchain nobody knows you’re a fridge’ (and yes, it’s a real T-shirt you can order that I assume parodies bitcoin’s purchasing transactions...) let’s consider what this could mean for the future of health and medical records systems.

Is this a good idea?

The notion of using blockchain technology for EPRs, and for other record keeping purposes, has been around for a while; however, only recently are we seeing real-world examples and proof-of-concepts.

So what would be the key benefits for a health records system or EPR? Well, essentially the same as those enjoyed by BitCoin...

  • Decentralisation, ensuring that the integrity of stored data remains intact, providing complete transparency;
  • Encryption and tamper resistance, so altered blockchains are rendered invalid;
  • Global accessibility;
  • Verifiable and immutable transactions.

So how could EPR systems exploit the benefits of blockchain technology and apply it to the real-world? Let’s consider some examples.

In the search for innovative ideas a Blockchain Hackathon, sponsored by Fidelity Investments, Deloitte and Citi, took place in November. The winner was MedVault who won €5,000 by demonstrating a proof-of-concept that would allow patients to record medical information on a blockchain.

Now there are some technical good-practises to adhere to as the blockchain itself, by design, is kept as small as possible so any data held would essentially be metadata rather than a full medical record and would sign-post a transaction to be applied to a record held elsewhere.

This metadata would use a hash value in the blockchain, demonstrating data existence and confirming the data integrity without revealing the actual data itself, which is a key requirement in the world of patient records.

This metadata technique is known as ‘coloured coin protocol’ as it was originally used by crypto-currencies. The metadata could then be used to manipulate the actual patient record, which would itself be stored in a decentralised way. The MedVault example mentioned suggests that P2P BitTorrent technologies could be a solution.

The blockchain process remains encrypted; verifiable and immutable at all stages and would allow a health professional to access and update your patient record from anywhere in the world using your patient identifier or public encryption key or other unique key.

On the subject of P2P hosting the physical patient record, a company called BitHealth is doing exactly that. They are using blockchain technology for storing and securing healthcare data in a distributed way using peer-to-peer file sharing technology similar to BitTorrent.

BitHealth says, ‘So even in the case of an internet outage we can retrieve data from local nodes. Users can generate public and private keys and encrypt data using public keys to store records in a blockchain. Patients can use it for securing their data and doctors can use it to retrieve medical records.’

Another initiative is factom.org. Factom is a data layer for securing millions of real-time records in the blockchain with a single hash to improve efficiency and prevent ‘bloating’ the blockchain. Factom have partnered with Health Nautica to secure medical records and audit trails using the blockchain.

They envisage this will provide better efficiency for claims and billing and prevent fraud as the records cannot be altered. Technically the blockchain method meets the HIPPA standard by protecting patient confidentiality and ensuring the actual medical records are not revealed to third parties, including Factom, nor transferred from their original location as they reside on Factom’s P2P service.

Even big players like Philips Healthcare are rumoured to be getting in on the act by exploring the use of Blockchain technology for record keeping purposes. No doubt we will start to see more proof-of-concepts in 2016 from other major vendors.

Technically it’s a great idea... honest

Like the Care.data vision, patient records managed by blockchains is technically a great idea and in many respects creates an honest, unchangeable record that remains secure. However, adoption of such a radical approach that would de-centralise the data, no matter how encrypted and managed, would likely meet with significant opposition from privacy groups, patient groups and would certainly be subject to public opinion who ultimately have the final say.

But it must be said, it’s still a great idea that perhaps one day will revolutionise the EPR and health records industry.

Other blockchain T-shirts are available.

Image: iStock/470631193

Comments (2)

Leave Comment
  • 1
    Sunil de Silva wrote on 17th Mar 2016

    However the privacy could be guaranteed with this technology as it uses very higher level of security. In addition this will enable the further development of Blockchain technology.

    Report Comment

  • 2
    Fran wrote on 4th Apr 2016

    It is however recognised that the acknowledgement of the presence of the data could be a breach of confidentiality. For example the pr spence of a record on a mental health database, so would a permissionless scenario always be secure?

    Report Comment

Post a comment