Blockchain technology in health care: A primer for surgeons

Blockchain technology — the platform underpinning Bitcoin, a global digital payment system — has attracted more than $1.2 billion of investment from some of the world’s leading corporations for its security and immutability.

Blockchain technology  the platform underpinning Bitcoin, a global digital payment system  has attracted more than $1.2 billion of investment from some of the world’s leading corporations for its security and immutability.

1 More than 130 million secure Bitcoin transactions have occurred since the digital currency launched in 2009.

2 Today, Bitcoin can be used to make purchases from Microsoft, buy food in neighborhood cafes, book flights and hotel rooms, and even pay for medical care.

3–6 For the health care industry, blockchain technology stands to revolutionize the interoperability, security, and accountability of electronic health records (EHR) and health information technology (HIT), medical supply chains, payment methodologies, research capabilities, and data ownership. In fact, in the 2015 report “Connecting Health and Care for the Nation, a Shared Nationwide Interoperability Roadmap,” the Office of the National Coordinator for Health Information Technology set a goal of establishing full EHR interoperability by 2024.

As blockchain technology continues to develop, it is important that surgeons and other stakeholders understand both its capabilities and its limitations. This article describes blockchain technology’s implications for health care, research, and the practice of surgery, and introduces the term “electronic health chain” (EHC).

What is blockchain technology?

In the wake of the 2007 financial crisis, an anonymous individual or group of individuals, using the pseudonym Satoshi Nakamoto, published a white paper proposing a peer-to-peer electronic payment system.8 The proposed system eliminated trusted third parties, such as banks and credit card companies, from online financial transactions and replaced them with secure, peer-to-peer financial networks. The concept, called Bitcoin, was based on decades of advances in cryptography and network science, and incorporated secure digital signatures, timestamps, and a form of cryptographic “evidence of work” called an “unknown hash,” a process used to at once approve the legitimacy of transactions and generate new units of currency in exchange for the work of this validation (see “Bitcoin and digital currency basics” box below). The record of each peer-to-peer transaction was to be recorded on a digital “block,” a kind of digital receipt. By stringing together each of these receipts in a chain  a blockchain  a user could create a comprehensive history of every transaction involving a given unit of digital currency, something that is impossible with paper- and coin-based currencies.

Nakamoto proposed that these blockchains, rather than being stored in a single, central repository, should be distributed to multiple locations, thus making blockchain theft or alteration impossible. Each node, or computer system involved in supporting the blockchain network, holds its own identical copy of the blockchain, in what is known as a shared ledger. This distributed ledger offers a number of advantages over centralized banking systems:

  • Transparency: Centralized financial ledgers are subject to fraud and misuse, as evidenced by a range of recent financial scandals.9,10 Blockchains offer transparent, verifiable records for every transaction, both validating the underlying currency and protecting holders from counterfeit “coins,” pyramid schemes, and other forms of fraudulently duplicated value.
  • Immutability: In the current paradigm, centralized ledgers offer rich targets for hackers, who regularly attack such IT systems, costing the global economy hundreds of billions of dollars each year.11 With blockchain technology, an attack on a single node has little network-wide ramification. Because each member of the network, or node, holds an identical copy of the shared ledger, efforts to hack or change the ledger will be rejected by the broader network. As a result of this cumulative process, the historical record contained on a blockchain is immutable, meaning it cannot be changed. Blockchains provide a “common history” or “shared truth” that cannot be altered.
  • Anonymity: The data that exist in the blockchain are anonymous and encrypted, making the information of little value for coercion, extortion, or corporate espionage.

While Bitcoin is among the most widely known examples of blockchain technology, there is an increased focus on the use of this platform beyond secure financial transactions, and investment in blockchain technology is rising. A Price Waterhouse Cooper report published earlier this year showed that investment in novel uses of blockchain totaled $450 million in 2016, up 79 percent from the previous year.12 Several examples highlighting the diverse potential uses of blockchain technology, including the following: Walmart and the International Business Machines Corporation (also known as IBM) are collaborating to build a blockchain platform for tracking food procurement in China; BHP (also known as Billiton Limited), the world’s largest mining corporation, is testing a program to track mineral samples using the programming platform underlying Ethereum, the second most prominent cryptocurrency behind Bitcoin; and the startup Everledger has tracked more than 1 million diamonds from mine to consumer since May 2015.13–15

How could health care benefit from blockchain technology?

Interoperability: EHRs lack interoperability and are exceedingly costly. Because EHRs are unable to effectively communicate with each other, physicians and surgeons often treat acutely ill patients without access to medical histories, current medications, and prior imaging studies that could influence patient care.16 Achieving full interoperability has been projected to save the U.S. health care system $77.8 billion per year, largely by avoiding redundant tests and imaging studies, and by decreasing administrative expenses.17

An EHC that uses blockchain technology could be a convergence point for a patient’s health information (see Figure 1). In a truly interoperable network, data gathered over the course of a patient’s life through personal health and wellness activity, and diagnostic and therapeutic activities such as patient encounters, procedures, laboratory testing, radiology, smart devices, and even third-party genetic testing services, could all be securely incorporated into a patient’s unique EHC.18

Figure 1. An EHC as a convergence point for health information

Data gathered over the course of a patient’s life could be securely incorporated into a patient’s unique EHC

Personalized medicine: At the patient care level, common clinical data integration would allow providers to seamlessly use the entirety of a patient’s health data to provide individualized care quickly and easily. For example, blockchain technology could facilitate and streamline the use of tools like the American College of Surgeons National Surgical Quality Improvement Program (ACS NSQIP®) Surgical Risk Calculator, as the necessary clinical data inputs could be automatically gathered with access to a patient’s EHC.

Research: A health care data supply chain could revolutionize the next generation of scientific research. Surgical and medical research today is encumbered by the difficulty of building large datasets across existing silos of patient data.16 The cost, labor, and error associated with manually updating databases like ACS NSQIP, the National Trauma Data Bank, or the National Cancer Database can be avoided if clinical data are integrated into a common, searchable EHC. Moreover, the power of these data will be amplified in coming years if the troves of genetic data from public online sources and phenotypic data from wearable devices can be effectively incorporated into the EHC.

Security: Blockchain technology also stands to improve the security of health care delivery. Fraudulent Medicare billing, for instance, costs the health care system more than $60 billion per year.19 Establishing an immutable blockchain in which patients are informed of all changes to their health care records and bills would eliminate the possibility of such abuse. Establishing such a system would also increase the safety of drug and device supply chains. Counterfeit drugs are understood to pose both a public health threat and a significant cost to the pharmaceutical industry, costing the Eurozone 10 billion Euros per year.20 Blockchain-based systems that aim to track each step of pharmaceutical procurement and delivery  with each intermediary contributing a cryptographic key to a final product hash  are already being developed to eliminate this problem.21

There are also security issues related to the centralized nature of these records in their current form, making them frequent targets of cyber attacks. More than one-third of the U.K. National Health Services’ (NHS) trusts report coming under cyber attack, and more than 110 million U.S. citizens had health care data stolen in 2015 alone.22 In 2016, hackers targeted several hospitals in so-called “ransomware attacks,” where hackers locked EHR systems until ransoms were paid, with at least one hospital in Los Angeles, CA, admitting to paying to meet hacker demands.23

Data ownership: Moving from today’s information exchange paradigm to an EHC has the potential to return ownership of health care data to patients themselves (see Figure 2). Health care providers would need encrypted keys to request information from patients, and patients could, in turn, select who has access to their medical records and when. Patients could potentially preauthorize information sharing with legitimate providers in unforeseen emergencies without actually pre-sharing that data, and choose to which, if any, research entities to lend their data.16

Figure 2. Patients could choose when and to whom to authorize access to their medical records

Similarly, institutions (see Figure 3) could choose to share de-identified institutional-level data with the following: government agencies, such as the Centers for Disease Control and Prevention, to track pandemics, or the U.S. Preventative Services Task Force, to improve public health outcomes; research collaborators, to drive innovation and discovery; and with other organizations that seek to drive quality improvement.16,18,24

Figure 3. Institutions could choose to share de-identified institutional-level data with appropriate organizations

In its entirety, data gathered across a range of personal health and wellness activity, diagnostic and therapeutic services, procedures, laboratory testing, radiology, smart devices, and genetic testing services could all be securely incorporated into a patient’s unique EHC, accessible to both patients and health care institutions. Patients control their own data, while institutions control institutional-level data. Each party involved could give encrypted access keys to providers, researchers, or any other parties they choose, providing a range of access  from minimal amounts of de-identified data to individual-level full-chain access  that can be revoked at any time (see Figure 4). Every data interaction is appended to the chain in a time-stamped and immutable manner, adding to the system’s intrinsic security.

Figure 4. The Electronic Health Chain

Data gathered through personal health and wellness, diagnostics, therapeutics, procedures, smart devices, genetic testing, and other sources could all be securely incorporated into a patient’s unique EHC, accessible to both patients and healthcare institutions. The EHC could be patient-controlled data and institutional-level data, each with encrypted access keys for selected sharing and access levels  from minimal level de-identified data to individual full chain access. Every interaction is time-stamped and immutably appended to the chain, adding to its intrinsic security.

What needs to be done to build the healthcare blockchain?

Significant challenges and limitations to implementing health care blockchains remain. These challenges are most pronounced with regard to EHR. To achieve a universal EHR blockchain, the following must occur: common data standards must be adopted, appropriate software or “middleware” must be built to interface with blockchain ledgers, incentives must be aligned to attract the processing power for the network, and important decisions must be made with regard to how much data will be fully incorporated into an individual’s EHC.

Common data standards: To achieve interoperability, it is imperative that health data generation and storage become standardized.25 Such a system, in which every health update  such as new prescriptions, clinical diagnoses, test results, medication reactions, and so on  are sent to a trusted, encrypted ledger, could yield a real-time perfectly reconciled personalized record.26 Although common data protocols have been proposed, there is not yet a uniform, interoperable data system for the healthcare industry.16,26 There are likely to be strengths and weaknesses across different platforms, and experimentation and testing must occur before a standardized EHC can be established. Only then will the healthcare industry achieve meaningful interoperability, allowing for industry-wide development and scalability.25

Middleware: The Internet currently rests on platforms such as the transition control protocol/Internet protocol (TCP/IP) and domain name system protocols networking foundation for applications like e-mail, voice-over-IP, and web content; and blockchain technology offers a new platform with a new networking infrastructure.25 For health care, as with other industries, the adoption of blockchain will rely on the development of innovative applications, or middleware, that harness blockchain-based coding infrastructure and create meaningful user interfaces  in this case, for patients and providers.24 As with any developing technology, this barrier to adoption will fade as more middleware applications are developed for the EHC and it is used more widely.

Processing power: Furthermore, it will be important to incentivize those that might invest computer processing power to the support network. Bitcoin and other cryptocurrencies continue to run by offering those who contribute processing power the ability to earn currency. For a healthcare blockchain, a similar incentive will be necessary to promote a distributed network and realize the true security and speed of blockchain applications. A working group at Deloitte has suggested that this incentive could be achieved through government incentives, similar to the Centers for Medicare & Medicaid Services EHR meaningful use program.27 Others have argued that participants may be attracted to the idea of supporting a blockchain network by offering access to chain data for research purposes in exchange for lending processing power to the network.24Regardless of how these incentives are offered, their success is fundamental to the development of a health care blockchain.

Data storage: The volume of data included in a modern EHR (including computed tomography scan files, magnetic resonance imaging files, and, increasingly, genomic and epigenomic data) makes having shared, common ledgers impractical and likely impossible. Establishing a comprehensive, common ledger would mandate that the totality of every individual’s health data be stored on each node of the network, an impossible feat with existing processing power. Some argue that even the inclusion of a full physician’s note within a single block could create unnecessarily large blocks and adversely affect the overall system performance.27 To solve this problem, some have proposed creating “data lakes” or off-chain data stores, whereby health information is encrypted and deposited in data warehouses that live off of the blockchain.18,25 Each deposit would be accompanied by the addition of a new block to a patient’s EHC, noting the timestamp of the patient’s interaction with the health care system and the type of data that was deposited into the lake (such as an encounter summary, a pathology report, and so on).18

What will be the role of government?

The federal government can and should play an active role in ushering forward blockchain innovation. The U.S. Department of Health and Human Services (HHS), under the leadership of Vindall Washington, MD, held a contest in August 2016 for innovative ideas related to blockchain technology.28 The contest generated white papers on an array of potential blockchain applications, including clinical trials, claims processing, patient-reported outcome measures, records, and alternative payment methods.29 Moving forward, HHS has a critical role to play in developing administrative policy objectives that clearly define how the HHS Health Insurance Portability and Accountability Act policy rule might govern over the distributed networking essential to a blockchain health record system. Clearly delineating how existing legislation might be amended to conform to a securely encrypted but distributed system will provide a powerful signal to those considering substantial investment in blockchain technology. The federal government should not shy away from playing a role in funding pilots and experiments to further explore blockchain applications.


Several industries, from finance to food to mining to education, could adopt blockchain technology in the coming years.2–6,30 In health care, opportunities exist to not only revolutionize electronic health information, supply chains, and data ownership, but also to assimilate expansive tranches of data for research purposes by creating EHCs that are transparent, digital, immutable, secure, and controlled by institutions and, more importantly, by patients.

This is the beginning of the blockchain revolution, and significant obstacles to implementation remain. It is imperative that further research and advocacy efforts led by clinicians underscore potential advances in research and innovation as a result of blockchain technology. Similarly, the federal government must shepherd innovation and standardization in this space so that patients and providers alike can benefit from blockchain technology’s enormous potential. For its part, the ACS can play a role in promoting the use of blockchain technology to improve access to quality surgical care, education, and research.

Bitcoin and digital currency basics

What is Bitcoin?

Bitcoin is the original and most widely known cryptocurrency. Launched in 2009, more than 9,000 nodes (or computer systems) are actively involved in its network.31 As of August 2017, Bitcoin’s market capitalization was more than $45 billion.32 Bitcoins can be purchased on an open market like any currency, received as payment, or earned through “mining” (see sidebar continuation, next page). In recent years, other cryptocurrencies have proliferated, each of them built atop blockchains. They include Ethereum and Ripple and, most recently, Bitcoin Cash.

Every Bitcoin transaction is recorded as a block. Blocks include information about both buyer and seller, a timestamp, and proof of the legitimacy of the transaction, referred to as the hash. These blocks are strung together in a “chain,” which records the history of every transaction involving the given unit currency.

What is a shared, public ledger?

In centralized data networks, data are vulnerable to failure at a single focal point or node.33 Decentralized data networks are vulnerable at branch points, but no one nodal failure dooms the entire network. In distributed data networks, however, data are stored securely across many interconnected nodes, so that individual nodal failures are contained and no single failure can affect the network, much in the way a single line outage does not take down an entire power grid.

Blockchains are shared publicly as ledgers, or record books, across peer-to-peer distributed data networks. Each node of the participating network holds its own identical copy of the ledger, detailing every transaction that has ever occurred. Because new data are added by extending the chain, rather than overwriting it, any attempt to change the history of the chain (for example, by a hacker) will be immediately invalidated by the rest of the distributed network. This makes theft, destruction, or unverified changes to the blockchain impossible.

What is a cryptographic hash?

Blockchains rely heavily on hash algorithms, which allow for data inputs of any size to be converted into a coded sequence output of fixed length, called a hash. When new data transactions are recorded to the blockchain ledger, a new hash algorithm must be created that incorporates the new data, a timestamp, and information from the previous block. To function securely, a hash algorithm must do the following:

  • Generate outputs that are entirely unique.
  • Generate outputs that are irreversible, meaning that inputs cannot be derived by computing backward from the resulting hash.
  • Be deterministic, meaning the same input generates the same hash, no matter when, where, or by whom the inputs are plugged into the algorithm.

Solving the hash takes significant computing power. So-called miners who solve these hashes are rewarded for their hard work in the form of bitcoin currencies and cryptocurrencies.

What is Bitcoin mining?

New bitcoins enter circulation through the work of miners, nodes that lend their computational power to the network. These miners validate new data transactions on the blockchain by competing to solve the hash. If the solution is recognized and validated across the network, the transaction is executed and a new block  a record of the transaction on the ledger  is added to the chain. The miner earns new units of currency as a reward for its work and contributed computing power.

ALEXANDER W. PETERS, MD, BRIAN M. TILL, JOHN G. MEARA, MD, DMD, MBA, FACS AND SALIM AFSHAR, MD, DMD, FACS, Blockchain technology in health care: A primer for surgeonsBulletin of The American College of Surgeons, 2017, V102 No12

by Alexander W. Peters, MDBrian M. TillJohn G. Meara, MD, DMD, MBA, FACS and Salim Afshar, MD, DMD, FACS



Join our audience of healthcare industry professionals

Join our audience of healthcare industry professionals