Blockchain making medical data more secure

Jonas Lundqvist, CEO at Haidrun, looks at how a blockchain-powered digital healthcare ecosystem can increase the security and privacy of sensitive patient and medical data

In the past decade alone, more than 200 million patient records have been exposed to data breaches in the healthcare ecosystem. Confidential heath information, genetic data and financial details have all been stolen. While breaches to sensitive patient data tends to hit the headlines, the security of pharmaceutical research and supply chain data is also a major challenge.

Another problem is the sheer volume of paper in health administration. According to Deloitte – a single healthcare provider will file in the region of 20,000 paper forms annually. And surprisingly, more than half of the 30 billion healthcare transactions performed every year will still be via fax, with more than half of these documents arriving with the doctor late. Of those that arrive on time, more than half will contain either insufficient or incorrect detail. There’s never been a more pressing case for an overhaul of the system by implementing safe and secure digital information technology.

While there have been numerous attempts at digital transformation in healthcare, a new generation of private blockchain has the potential to provide the industry with a new model for information exchanges (HIE), bringing with it widespread implications for all stakeholders. Implementing blockchain will connect fragmented systems, generating improved patient care and more reliable pharmaceutical supply chains. This means that in future a fully-integrated blockchain network could improve security and efficiencies and support better health outcomes for patients.

Private blockchain technology can help to identify, track and secure all types of patient-related data, as well as monitoring pharmaceutical products including medicines, to prevent fake products from entering the supply chain. As well as providing trust and transparency, blockchain is also suited to patient tracking and claims processing due to its property of chronological data storage. Medical events are stored in the order they occur and there is no potential for illicitly changing the data at a later stage by accident or for fraudulent purposes.

Drug fraud is a mounting problem, and the healthcare industry needs secure, auditable and transparent supply chains. In the US alone, more than $200bn is lost each year because of counterfeit drugs infiltrating insecure supply chains, says Deloitte.

Blockchain is essentially a digital system of recording information that is impossible, or at least extremely difficult, to alter, cheat or hack, and it is already changing digital world concepts such as ownership, privacy, uncertainty and collaboration. It is disrupting sectors as differentiated as financial markets, content distribution, supply chain management, distribution of humanitarian aid and even the way we vote in elections. We are now set to witness its potential in opening a new way of making the healthcare industry more secure as organisations face ever-increasing threats to the integrity of their data resources.

Although first-generation public blockchains had limitations of privacy, scale and interoperability, we now know that private blockchain is a secure and reliable way of storing data about other types of transactions. Recently, the Office of the National Coordinator for Health Information Technology in the US defined the critical policy and technical components needed for nationwide interoperability, stating a requirement for: a ubiquitous, secure network infrastructure; verifiable identity and authentication of all participants, and consistent representation of authorisation to access electronic health information. Private blockchain technology could fill this void by making and keeping data secure, interoperable and giving healthcare professionals real-time access to it.

Private blockchain platforms simplify data handling, which has the benefit of significantly reduced friction in the system while reducing operational costs. It can also eliminate suspicious and duplicate transactions by securely and chronologically logging each one in real time. Once verified, using an advanced consensus algorithm, and then cryptographically sealed into data blocks, the transaction or record is set in stone or ‘immutable’. The user can then verify the authenticity of data transactions or events. This means, for example, that no entity involved between a drug company and the retailer can alter the data to include counterfeit drugs, while the movement of drugs between the companies and medical facilities can be tracked in near real-time through the data stored on the blockchain.

Public v private
Although the mechanics of blockchain are extremely complex, the concept is straightforward enough: to decentralise data storage so that it cannot be owned, controlled or manipulated by a central actor. Blockchains come in three flavours – private, public and hybrid – with private blockchain technology rapidly gaining interest for enterprise applications in healthcare and other sectors. This is because private blockchain is a type of database or ledger where a single authority or organisation ultimately retains control. And although this raises the question as to whether private blockchains are aligned to the original core concepts of the technology, this is of less importance than the fact that blockchain technology delivers a distributed database that provides a single time-stamped version of the truth.

Blockchain uses mathematical and cryptographical techniques to provide trust and security – rather than through third parties – and relies on an accessible, open and transparent user structure to confirm all is well. While private blockchains adhere to the original principles of blockchain and offer all the distributed benefits, they retain some of the characteristics of more centralised, controlled networks. This provides a level of control to improve privacy and eliminate many of the illicit activities often associated with public blockchains and cryptocurrencies.

No one can enter this type of network without proper authentication. Private blockchains are, by definition, ‘permissioned’, making them more suited to enterprises due to factors such as performance, accountability and cost. The private blockchain platform can be run and operated by the enterprise or as a service called Blockchain as a Service (BaaS) and are usually set up for reasons of privacy, where it does not suit an enterprise to allow every participant full access to the entire contents of the database. Private blockchain platforms focus on organisations in which the blockchain empowers and supports the business rather than the individual users. In contrast, public blockchains are fully decentralised where, in addition to the distributed database, there is also no single entity in overall control. They typically involve their own cryptocurrency and anyone can download the software, view the ledger and interact with the blockchain. Public blockchains attempt to preserve an individual user’s anonymity and treat all users equally. Hybrid blockchains, as the name suggests, are a mixture of the two, with one foot in each of the public and private camps.

When it comes to safeguarding sensitive information, using private blockchains is the preferred option for many enterprises, especially as they will also need to demonstrate full accountability – often via external audits – on the running and operation of their systems. Private blockchains provide a higher degree of regulation, determined and set by the administrators in line with industry regulatory codes. Importantly, private blockchains do not need to use cryptocurrencies or native tokens for the network. Any association with cryptocurrencies, good or bad, is not part of the private solution. All of which means that, less energy, fewer resources and fewer participants are required to run the private blockchain, resulting in reduced cost on a far more predictable scale.


Join our audience of healthcare industry professionals

Join our audience of healthcare industry professionals