Protecting medical records

Stacks of paper filesJanuary 2019

Professor Mike Smith explains how and why he created his own species of blockchain to ensure children’s mental health records are kept safe and trustworthy.

‘Technology was something I began playing with as a boy,’ says Professor Mike Smith, ‘I started tinkering and fixing TVs after school and playing with amateur radio. At 14, I worked all summer to buy the parts to build a computer.’ The machine in question was a 4-bit counter with a rotary telephone dial for input and #47 lightbulbs for output.

These days, Smith is involved in developing online psychiatric screening systems, such as the SDQ (strengths and difficulties questionnaire) and DAWBA (development and well-being assessments). Along with programming the assessments, Smith is also deeply involved in keeping the resultant data secure. With the screening systems focussing on children and their mental health, Smith says, the data’s sensitivity is profound. To keep the data safe and to ensure it can’t be tampered with, Smith designed a layered security system that, in part, relies on blockchain.

Around the career houses

‘I’m not sure what my career is, or has been,’ Smith says. ‘It’s been quite varied.’ As a professional, he never encountered a computer until his late twenties. Instead, when he started out in medicine he was drafted into the military, passed through geology, completed a PhD in oceanography and then worked in the oil industry. And it was during this phase that Smith discovered computers and computing. From there he eventually landed a lectureship in computer science at Reading.

‘In 1990, rather out of the blue, the amazing Sir Brian Fender offered me a joint professorship in computer science and medicine combined with an information directorship of North Staffordshire NHS Health Authority,’ he explains. ‘It was a fantastic time, a dream come true.’

Greed is good

And where, or how, did blockchain come into Smith’s life? ‘It was all to do with reasons of greed,’ he admits. ‘I read the first part of the Satoshi paper, the kick-off paper. I read as much as I could understand and attempted to invest in bitcoin. I thought about mining them but worked out that wasn’t going to work financially.’

Mining, in Smith’s opinion, is fairly obscene. ‘Purely and simply, it wastes energy,’ he laments. ‘The principle is to make it exceedingly hard to prevent and control inflation. The problem is, the process is entirely negative. The miners are competing with each other. Basically, the person willing to waste the most electricity the fastest is likely to be the winner.’

So, he decided to invest. But, sadly, Smith sent his first investment stake to Mt. Gox, the week it collapsed and tumbled into bankruptcy. Mt. Gox, for those unfamiliar with the tale, was a website that exchanged bitcoins for traditional currency. The site rose to fame and fortune and then crashed when it was the victim of an alleged theft.

Finding inspiration in a loss

Though Smith received his money back he, Bitcoin and blockchain went their separate ways and he returned his energies to his mental health assessment project. ‘It’s a psychiatric and diagnostic system,’ he says, referring to SDQ and DAWBA. ‘I’ve been working on the systems for getting on for 20 years now. And the thing is, we designed it to be secure from the start. When we put it on the web, we didn’t put it on the web and then make it secure. We made is secure and then put it on the web. That’s important.’

Though the project enjoyed success, it received a challenge from a Scandinavian data authority. A complaint had been submitted, suggesting that the team had been altering data after collection. ‘From my perspective that’s a very serious allegation,’ he recalls, clearly choosing his words carefully. ‘I have a principle that the original data should never be altered. You can process it and you can make derivatives, but you don’t alter the original data. So, I was quite indignant.’

This indignation made Smith determined to increase the project’s levels of security and to put its data integrity beyond similar accusation. ‘My mind turned back to blockchain. I went back to the Satoshi paper and swallowed the Kool-Aid! It’s a fascinating paper. Quite brilliant. It’s both a clear technical paper, but it’s at least fifty per cent political. If you’ve not read it, you should... Or at least as much as you can before your brain expires!’.

Guided by the Satoshi paper he initially implemented a blockchain that concatenated a whole day’s worth of database content. ‘At midnight we generated a hash,’ he explains, ‘and we distributed it out to three computers from where the Scandinavian data protection authorities could monitor it.’

The theory was, of course, that it would be very difficult to alter the database’s contents when three copies of the hash existed. ‘So, they sat and watched this for a while and they said: “yes, that looks okay. It looks like you’re not altering the data and sorry for the bother”.’

The whole experience convinced Smith there was a need for a system, designed specifically for healthcare, that went beyond just storing data in a database. ‘If data is stored on my database I can get at it and indelibly alter it,’ he observes. ‘From my perspective, that’s highly desirable and easy to do. From your perspective, it’s not desirable at all. You have to trust me. Utterly. What I became interested in was the idea of an independent proof-method of data being stored and not altered. That method was blockchain.’

Moving toward a solution

With the decision to investigate blockchain established, he set about learning more through developing his own implementation further. The experience taught him a lot, he says, and he learned some valuable lessons. ‘A lot of things in the paper weren’t that feasible,’ he explains. ‘Peer-to-peer communications, for example, is impossible-ish without involving a third party to swap IP addresses. In an environment of minimum trust, which is what the paper tries to address, peer-to-peer isn’t really practical. Even those file-sharing services, they’re not really peer-to-peer. They work via a middle man.’ This might sound like technical hair-splitting but, when the data being shared is highly sensitive, relying on an unknown intermediary to carry information across a network isn’t an option.

‘It is practical to do peer-to-peer communication across your own servers … Servers where you know the IP address,’ he explains. ‘Updating servers bidirectionally is relatively easy too. The problem is, as you increase the number of servers, the complexity involved in updating them increase more than exponentially.’

Smith began to feel disenchanted with the Satoshi paper. For one thing, he recalls, he wasn’t interested in developing and implementing a currency. Rather he was trying to implement a system designed to keep healthcare data safe and to put the data’s integrity beyond question or contention.

‘There’s a lot of hype around blockchain,’ he states. ‘The problem is people confuse blockchain with Bitcoin. People are trying to store data on cryptocurrency blockchains. This means you have to buy Bitcoins to store your data and the amount of data you can store is very small. You’re talking kilobytes. Worse still, the transaction time on systems like Bitcoin is minutes. This means it impractical for storing large volumes of data at present.’

Personal data and a blockchain

This all led Smith to create his own blockchain implementation focussed purely on the business of storing data and not, as with Bitcoin, storing wealth. But, Smith’s system doesn’t actually store the patient record in the blockchain. ‘I handle enormous amounts of very sensitive data… Data about children’s mental health,’ he reveals. ‘You’d have to search far and wide to find data that’s more sensitive than that.

But, we do not store personally identifiable data.’ This means, from a user’s perspective, which could be a doctor, all they receive from Smith’s project is a cryptographic hash or key. ‘It’s the clinician’s job to make sure that the key is correctly assigned. The problem is, of course, humans don’t work well with long numbers. Just think about telephone numbers.’

This does mean, from a procedural point of view, if the client wants to delete a patient’s record all they need to do is delete or throw away the hash. If that’s destroyed, the patient data remains inaccessible. It also means, of course, Smith’s clients need to be careful with how they store and protect their cryptographic keys.

Summing up his whole system, Smith says, he sees his blockchain as an aircraft style black-box recorder. It’s the faithful scribe that records information about the integrity of the sensitive records. The patient records aren’t themselves stored in the blockchain, they are generally stored elsewhere. ‘The blockchain proves that the patient record is intact,’ he says, by way of a summary. ‘And it proves that is hasn’t been altered.

The typical application simply acts as a pointer to a record and it says: “if that file is hashed to this value then nobody has touched it since it was stamped on the blockchain”’. But, he says, it’s not enough to simply hash the file in question once. These hashes need to be distributed.

Image: gettyimages/nirat