chevron-down Created with Sketch Beta.
August 10, 2023 Feature

How Blockchain in Healthcare May Revolutionize the Digital Health Data Marketplace by Putting the Patient in Control

Ashfin Islam

Blockchain technology (BCT) has a chance to significantly shift how we as a society interact with our own healthcare data. Blockchain platforms, at their core, allow for the development of decentralized applications where data transfers are not subject to control by any third parties. The data transactions of the entities are kept in a decentralized database in a verifiable, secure, immutable, and transparent way, along with a timestamp and other pertinent information. Blockchain technology can potentially change many aspects of the healthcare data industry, including data sharing, log management, medication, biomedical research and teaching, remote patient monitoring, and health data analytics. While there are several benefits and obstacles to widespread adoption of blockchain technology in healthcare, the most interesting and paradigm-shifting concept is patients acting as the stewards of their own data. This potential revolution is not without its equally troubling drawbacks. These issues primarily include data protection, privacy, confidentiality, and consumer protection. Additionally, there are concerns around smart contracts, liability, intellectual property, financial regulation, jurisdiction, and enforcement. The reason for this is that the healthcare system is highly complex, containing several domains, comprising physicians, researchers, practitioners, supportive staff, management employees, and patients. Organizing, securing, categorizing, and transmitting health data is an already daunting task, further complicated by the lack of an efficient interchange of healthcare data among the various healthcare domains. The legal and regulatory landscape is complicated but does not preempt the application of blockchain to provide major benefits to how patients control, store, and interact with their own health data. To understand the benefits, a cursory understanding of the technology is required, followed by an analysis of some of the overarching legal issues, and finally a review of the paradigm-shifting concept of patient data ownership.

What Is Blockchain?

There are many applications of blockchain that can provide significant benefits to healthcare such as prevention of drug counterfeiting, research/clinical trials, insurance claim adjudication, healthcare records, and wearables. Benefits include decentralization, data security and privacy, health data ownership, availability, robustness, transparency and trust, and data integrity. This article will focus on its use in healthcare records. Blockchain, at its core, is a database that can be managed by the network of authenticated members or nodes and stores fixed information blocks that can be efficiently exchanged without interference by third parties. With cryptographic signatures and the use of consensus algorithms that are implemented as key enablers in their application, data are stored and registered. The capability of preserving data is a major aim for using the BCT, particularly in healthcare, which is subject to massive sharing and dissemination of a significant amount of data. More specifically, the technology is a decentralized, unchangeable database that simplifies the tracking of assets and recording of transactions in a corporate network. A blockchain is made up of an expanding chain of documents, known as blocks, that connect to one another using encryption. This encryption is a unique code called a cryptographic hash. Each block contains transaction information, a timestamp, and a cryptographic hash of the preceding block. The timestamp shows that the transaction data were there at the moment the block was produced. The blocks effectively create a chain since each block holds information about the one before it, making them interconnected. Each transaction is irreversible since once a transaction has been recorded, it cannot be undone without also undoing all following blocks. Data in the blockchain are transferred without any involvement of third parties, theoretically providing a significant reduction in the risk of data theft or alteration. Blockchain allows for easy auditing and tracing from a new block to a previous one because as previously mentioned, entries can no longer be deleted once they are attached to the blockchain. These features can be revolutionary for the healthcare space.

Blockchain in Healthcare

Currently, Electronic Medical Records (EMR) solutions do not provide a streamlined user experience for patients, effective data sharing capabilities, or advanced analytics. The application of blockchain technology to EMRs has already begun. There are several blockchain-based EMRs in development or use across the US and Europe. One example is MedRec, which grants patients and providers access to EMRs stored across many different providers. The European Union has developed another program called MyHealthMyData. This platform facilitates information exchange between healthcare systems, providers, government organizations, and patients. Since the data are immutable and assuming that the data added to each chain are correct, these platforms create a reliable record of events that make it nearly impossible for malicious third parties to alter the information in the record. Additionally, the cryptographic designs built into blockchain technology make any information that is in the wrong hands difficult to interpret. This technology allows any individual in any location with an internet connection and appropriate credentials to access required health data. This could significantly reduce the transaction costs of exchanging information. The Office of the National Coordinator for Health Information Technology (ONC) states:

Cross-institutional sharing of healthcare data is a complex undertaking with the potential to significantly increase research and clinical effectiveness. First and foremost, institutions often are reluctant to share data because of privacy concerns and may fear that sending information will give others a competitive advantage. Next, even if privacy concerns could be addressed, there is no broad consensus around the specific technical infrastructure needed to support such a task. Finally, healthcare data itself is complex, and sending information across institutional boundaries requires a shared understanding of both data structures and meaning. Even assuming data can be shared efficiently and securely, these interoperability issues left unchecked will limit the utility of the data.

These issues can be somewhat mitigated with the blockchain. However, several technical and legal challenges must be addressed before diving into the most prominent feature of patient data control.

Legal and Technical Challenges to Blockchain in Healthcare

The key difference between blockchain in healthcare and general applications of blockchain is that in the healthcare sector, the key usage of blockchain is to create safe and secure systems for patients or, so to say, user data management. However, blockchain technology does not guarantee the authenticity or accuracy of the data; it simply verifies that data have been appended to a blockchain from a particular source at a particular time. As a result, several legal and technical challenges create obstacles to widespread adoption of the technology. Take the General Data Protection Regulation (GDPR), for example. Healthcare blockchain platforms are data controllers and data processors under the GDPR, with the patients as the data subjects. However, one of the major benefits of healthcare blockchain is that patients may be able to selectively share and control access to their medical data, creating an interesting situation where the patient is both the data subject and data controller. Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules also impact any legal analysis of healthcare blockchain technology. The privacy rule establishes Standards for Privacy of Individually Identifiable Health Information, representing the first national standards in the United States to protect patients’ personal or protected health information (PHI). The security rule establishes national standards for securing patient data that is stored or transferred electronically, requiring physical and electronic safeguards to ensure the secure pass, maintenance, and reception of PHI. However, blockchain technologies represent a significant jump from how the traditional healthcare industry’s covered entities work with patient information. HIPAA does not apply to noncovered entities. Many of the blockchain technology platforms continuing to further automate the sharing and storage of PHI are not regulated by HIPAA. Legal jurisdictions have geographic boundaries, whereas blockchains do not. Any electronically stored health records might be subject to laws of incompatible jurisdictions.

Distinguishing between data ownership and right of access is the primary legal and ethical challenge. A review of barriers for information exchange within the context of the Health Information Technology for Economic and Clinical Health (HITECH) Act showed that a hospital is more likely to exchange clinical summaries with outside hospitals if they each use the same electronic health records (EHR) vendor. A 2018 review of the barriers to growth in health data exchange within the context of North American laws concluded that there are some critical legal barriers, but some major issues seem illusory. The authors of the study stated that healthcare providers view health information privacy laws as obstacles to the growth of a thriving electronic health data exchange. Some perceived factors are the inconsistency of patient consent laws, special treatment for sensitive health data, and a lack of a unified patient indexing system.

Another prominent regulatory challenge involves blockchain systems scaling across state or national borders and the potential for triggering conflicting laws. Although blockchain operates by defining and applying a set of rules for the network, sufficiently large blockchain EHR systems could begin to function like the internet. This causes an issue where defining the appropriate jurisdiction is increasingly challenging. There is precedent for such cyberspace cross-border issues—although not in current EHR systems. One potential solution is to apply the most rigorous set of regulatory rules, like the GDPR, to the blockchain network to try and optimize compliance. While the spread of a public blockchain like Bitcoin or Ethereum is difficult to predict given that any user can sign up, higher degrees of control exist in a private or consortium model, which would allow policy makers to develop systems prior to involving new jurisdictions.

Technical challenges also impact the adoption of blockchain EMR technology. Technical limitations such as “throughput” present an issue. Throughput is the speed at which transactions occur on a chain. It is finite due to the current technology. For example, the Bitcoin network processes about 7 transactions per second, while non-blockchain stalwarts like Visa and Twitter perform approximately 10,000 to 15,000 transactions per second. Transactions are also impacted by file size. Many medical files are extremely large data packets, such as high-resolution imaging studies like CT scans and MRIs. The size of the data as well as the speed of the transactions impact the utility of sharing the information on the blockchain. Some of the fundamental benefits of the technology are undermined by the current limitations of the technology. Despite these legal and technical challenges, the concept that patients can keep their personal data and in turn specify with whom their PHI can be shared is a significant paradigm shift from the traditional model of the healthcare providers acting as data stewards.

Patient Data Ownership and the Digital Health Data Marketplace

This paradigm shift introduced by GDPR to the service providers also brought opportunities for individuals to monetize their medical data by selling data to medical researchers or tech companies. Similar to Airbnb, which enabled individuals to monetize their spare accommodations, patients with their new ownership and other rights bestowed by GDPR can now monetize their personal health data through a “Digital Health Data Marketplace” (DHDM) using a shared economic model. However, with the current centralized data management framework where EHRs are fragmented across different service providers and regulations differ across organizations and geographical jurisdictions, access and stewardship will be challenging to manage, especially the microtransactions in such a distributed environment. In this context, blockchain and associated smart contracts have been considered a game-changing technology, with an inbuilt distributed architecture and the ability to administer information governance in a decentralized manner for diverse types of transaction-based digital services.

In today’s digital world, it is plainly obvious that data are an asset, perhaps the single most important asset. At the patient level, this principle is a well-recognized trend that has resulted in mountains of patient-generated data through mobile applications and other digital tools. Since patients’ healthcare information is more accessible, patients are able to take on a more active and engaged role in their care. Another direct benefit is to clinicians with whom the patients choose to share their data. These providers are now equipped with all relevant health data at each encounter, enabling the provision of efficient and personalized care, while simultaneously reducing redundant questioning or fact gathering. The commercialization of patient data should also lead to increased access to de-identified patient information at scale. Researchers can build larger data sets from verified information patients choose to share. This should lead to more robust studies and improved evidence-based decision-making. Additionally, granting developers and pharmaceutical companies access to these data could lead to lower research and development costs. This all hinges on the ability of patients to consent to the use of their data. Ideally, this would create a scenario where developers and pharmaceutical companies are able to shorten time to market, while reducing the cost of products and services.

Decentralization through blockchain’s biggest patient benefit is changing how patients protect and share their own data. Theoretically, blockchain-based EHR systems can enhance both patient rights of access through decentralization, and patient privacy by way of encryption. Blockchain EHRs allow patients to more easily access their own health data and act as their own “health information custodian” (HIC). Previously, the healthcare providers were entirely responsible for the custodial responsibilities of the patient’s data. The status quo intrinsically mandates that patient data are housed on the medical provider’s server or cloud account via their EHR system of choice. As a result, the providers only release data to the patient on request. In a blockchain system, patients would no longer need to request their records, and they could make independent decisions regarding third-party access to their data.

Blockchain EHRs can empower the patient as HIC through consent management protocols built directly into the blockchain itself. This ideal would allow patients to delegate medical data access to proxies like friends, relatives, or legal entities for substitute decision- making or powers of attorney. Further, patients would be able to grant researchers, insurers, and other parties access as desired. Previously, research and pharmaceutical entities were granted access to deidentified patient data, reaping all of the benefits of patient data with no direct benefit to the patients themselves. New patient-centric blockchain EHRs would replace the current outdated mode of data sharing. To this day, data are shared through either the exchange of physical medical records or digital access through a portal that does not provide the patient with the ability to revoke access should circumstances change. BCT would allow patients to determine how much or how little access they grant to third parties. Companies like JennyCo are seeking to change how patients are compensated in the digital health data marketplace by incentivizing the sharing of patient health data through the blockchain. Patient-generated data will be stored on a chain, and users will be able to share, or lease, deindentified data with interested third parties. Users will be compensated for sharing that data through JennyCo’s cryptocurrency $JCO.

Reimagining Healthcare Data

Despite the legal and technical obstacles to adoption, blockchain technology can completely reimagine how patients store and share their own health data. Such a massive upheaval to the status quo requires ingenuity and compromise by BCT developers. To combat adoption issues, an ideal blockchain solution should seek to ameliorate integration hang-ups. One such way is to implement blockchain as a separate layer and integrate it with native EHR databases through application programming interfaces (APIs) without perturbing native data management systems and culture. This would allow providers to continue using their longstanding EHRs while facilitating patient control. Moreover, open-source solutions like MedRec will play a significant role in secure data collection from existing data management systems by combining an aggregated EHR under the patient’s control. Smart contract and IPFS/cloud storage systems will provide patients the control to securely grant access over different types and duration of de-identified data.

    The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

    Ashfin Islam

    Armstrong Teasdale LLP

    Ashfin Islam is an associate with Armstrong Teasdale LLP in Boston.