Slashdot Mirror
Researchers Suggest Using Blockchain For Electronic Health Records (hbr.org)
The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report:
A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...
Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.
Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.
If that's blockchain, then gee, I guess GitHub also uses blockchain.
In a 256 bit hash? I'd love to know. Block chain can verify data - that is it. Tired of dipshits selling the latest buzz word when they have no idea what it is. Block chain is ledger, not a fucking database.
It'll fix every security problem you have!
I'm Roger Ver, long time Bitcoin advocate and investor.
Today I'm at the Mtgox world headquarters in Tokyo Japan.
I had a nice chat with MTGOX CEO, Mark Karpeles, about their current situation.
He showed me multiple bank statements, as well as letters from banks and lawyers.
I'm sure that all the current withdrawal problems at MTGOX are being caused by the traditional banking system, not because of a lack of liquidity at MTGOX.
The traditional banking partners that MTGOX needs to work with are not able to keep up with the demands of the growing Bitcoin economy.
The dozens of people that make up the MTGOX team are hard at work establishing additional banking partners, that eventually will make dealing with MTGOX easier for all their customers around the world. For now, I hope that everyone will continue working on Bitcoin projects that will help make the world a better place.
Trump is a little bitch. Much like his supporters.
HL7 is just a messaging format, doesn't provide for audit, nor does it scale well across a large number of recipients. Unless you want every hospital and doctor to maintain records on every person, and maintain a VPN to every other hospital and doctor.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Why would you downvote this? I work in healthcare IT, I know what I'm talking about here...
All the medical records in one place.. Mother LOAD!!
Cop wants to know everything about you, one stop shopping.
Does your wife know about that Penicillin shot 12 years ago?
Do your friends know you had tests for Aids done?
Are you ready to entrap your business partners now?
As interesting and intriguing terms become popular, they get hijacked by others who want to bask in the same aura. This is how a dumb cat picture becomes a "meme."
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
This is how things have worked for at least 20 years. It works just fine. If you want to centralize the database, then that would be an improvement, but interoperability was one of the complaints, and it's a false complaint because the system is already in place.
While the articles has mentions "protecting patient privacy" this isn't explained. It is hard to see how a widely distributed ledger of medical records would be anything but a privacy disaster.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Seems like a needlessly complicated way of sharing medical records. Also, don't the nodes in a blockchain network need a copy of the whole ledger? Doesn't that mean that the nodes will have to have a copy of ALL medical records from all participants?
That would be a huge storage challenger for an electronic health record. Consider for example that just two heartbeats of an ultrasound of the heart (EEG) or (TEE) consumes about 250MB. With that type of storage required for even one transaction, imagine how much storage would be required to hold, all the medical information from one state, or even the whole nation?
If seems needlessly complicated and destined to have scalability problems, particularly in storage, if you ask me.
I'm William Scott Lockwood III, long time fart advocate and investor.
Today I'm at the Slashdot world headquarters in San Diego, CA.
I had a nice chat with Slashdot CEO, Carp Flounderson, about their current situation.
He showed me multiple server logs, as well as letters from providers and lawyers.
I'm sure that all the current poogas problems at Slashdot are being caused by the traditional Slashcode system, not because of a lack of farts at Slashdot.
The traditional Slashcode system that Slashdot needs to work with are not able to keep up with the demands of the growing Lockwood fan club.
The dozens of people that make up the Slashdot team are hard at work establishing additional farting partners, that eventually will make dealing with Slashdot easier for all their trolltalk members around the world. For now, I hope that everyone will continue working on Slashcode projects that will help make the world a better place.
-William Scott Lockwood III, esq
Isn't the point of a blockchain that the contents are publicly verifiable?
Isn't medical data something you don't want public?
CAS (Content Addressed Storage) isn't new - EMC introduced the Centera in 2002. The current iteration supports cloud storage as well.
https://www.emc.com/data-prote...
As a physician for > 30 years, I can tell you that the ship has sailed on privacy of your medical records a loong time ago. In the 80s, my senior partner's office medical records still consisted of brief notes jotted on index cards. This basic situation of written or dictated notes, on paper, which were copied and mailed or faxed, really began to shift with the wider adoption of EMRs only in the last 5-8 years - prompted by government diktat and financial penalties. In the hospital, it was all hand-written charts until EHRs became commonplace over roughly the same period.
The driving force for EHR/EMRs is, of course, money. An electronic record can be audited more easily, screens applied, and payments denied. If you go into the hospital and sit in the nurse's station, you would see the medical record perused by doctors, nurses, pharmacists, LPNs, nurses' aides, PTs, OTs, lab techs, venipuncturists, and unlicensed employees of utilization review, quality assurance, billing and insurance preauthorization depts, etc. Not to mention remote access by doctors offices and all the apparatus of the out-patient utilization review, quality assurance, billing and insurance preauthorization, and govermental auditing (Medicare/Medicaid). There have been many many revealed instances of people viewing and distributing info from the charts of spouses, girlfriends, etc. And, this leaves aside the millions of medical records exposed by compromises and hacks of hospital and insurance co. databases. And, I'm sure the NSA or other TLAs have scooped all that data as well.
There really is no privacy to your medical info. But if you want to believe that, fine.
Http doesn't provide audit either.
The bigger problem for portability and sharing is standardization - the same lab/diagnostic test has different names/representations in different locations. There are standards out there to address this problem (SNOMED, LOINC, ICD10, etc.), but with the amount of data we collect in healthcare, having different fields that represent the same type of information (e.g. blood glucose levels) makes it difficult to see the data over time.
Don't even start with narrative data...
... having actually looked at the problem, as opposed to saying the moral equivalent of "if pink unicorns farted fairy dust, toads could fly", what else is there to do but laugh hysterically at this proposal?
Look, if we lived in a sane universe, the problem being solved wouldn't even exist, because the government would have established a rigorous data portability standard in the first place. Given a rigorous data portability standard, data sharing across EHR's becomes a "necessary feature" instead of a malignant threat to the company that wrote the EHR who hopes that once you've invested the hundreds to thousands of hours and tens to hundreds of thousands of dollars in installing their product and porting/importing the data and training all of the staff to where they are expert enough to have learned just how their product really, really sucks, you will find all that money and time to be a large enough barrier to prevent you (physician, practice management company, hospital, whoever) from running away like a scalded llama towards absolutely anything else that might, just might, suck less.
The alternative -- that they'd actually have to continue to employ a large staff of developers who are tasked with both debugging their existing product and advancing it with feedback from users in order to actually make their users happy so that they stay with the product out of choice -- is anathema to them, because paying all of those developers and admitting errors and retraining customers as necessary dilutes their profits.
So now implementing an enormously complicated solution (one that will require a huge investment in programmers, security experts, trainers and so on and worse, will require every vendor to have hooks that permit more or less automated replication of features in other vendors' EHRs, some of which might even be proprietary or trade secrets or whatever) is suddenly going to make this particular post-apocalyptic landscape a lot better? Without laws mandating it? Without it immediately breaking as (say) Epic refuses to disclose key internals to (say) eClinicalworks or (say) Allscripts? Epic won't even willingly import HL7 data exported by other products.
So excuse me if I pause to catch my breath before resuming maniacal laughter...
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
So then, where do you record the name, location and director of the laboratory that performed a test on an ORU report, since that information is required on all lab reports per CLIA?
HL7 was designed by a committee of people that never had to look beyond the walls of their hospitals. They didn't need to know the name and address of the hospital lab since it's the hospital lab, so that information never made it into the standard except as a handwavy whatever field.
Even the non-messaging stuff the HL7 organization has produced is poorly designed, such as the CDA, which rather than making the identifier of any particular element an attribute of that element, they made it a <templateId> subelement, making XPATH processing of documents a serious pain in the ass.
Took the time to quickly read through the Whitepaper. My intention will be to examine it more thoroughly over the next day or two. I found it interesting because it predates my own preliminary work on the subject matter. With the serious danger for medical record theft, the development of a secure EHR records system is paramount. It would be nice, to see a mandate by the federal gov't making such a system an absolute requirement in whatever healthcare bill becomes or stays law.
Blockchain technology provides a secure, distributed database. Accessing medical records from corresponding nodes should be very quick. Adding or updating them should require validation of the submitter and of the patient to ensure data integrity and privacy. The identify of a patient can be verified using existing technologies or a database constructed specifically for identification (i.eimage database, biomarkers, and TFA) by the health care provider (HCP). Records that submitted without a thorough vetting of the patient identity can be separated until vetting is complete. If the vetting fails, a new EHR record can be created.
Two-Factor Authentication (TFA) could be used when checking into a HCP or facility when the patient is conscious and has their smart phone or similar mobie device present. In emergency cases where the patient can not respond, the HCP would be able to keep the records separate yet able to retrieve history while the HCP contacts the patients emergency contacts for vetting. And, in the event a patient can not be properly vetted using these techniques, DNA biomarkers or dental records could be used to achieve a positive identification.
Such an approach would ensure that bogus information is not entered into a patients medical record. This will help lower insurance costs AND prevent the patient from potentially receiving life threatening procedures or medications (i.e. if allergic). Removing bogus information is very difficult. And, in accordance with HIPAA and health care privacy laws,, the real patient affected by the bogus information is not even permitted to know the identify of the individual who misused their record (stupid, I know) or to even have the erroneous information easily removed.
By law, everyone is still required to receive stabilizing medical care. But, individuals should not be subject to improper treatment based on bogus data due to misuse nor should they be responsible for medical bills associated with such treatment.
Unfortunately, a key factor in such a system, common EHR data formats, are still a ways away. EHR vendors tend to be proprietary and expect everyone else to use their protocol, if any. In the public safety sector, this was solved using GJXDM and NIEM to provide a standardized reporting standard. Many states and the federal gov't the implemented systems to facilitate the sharing of this data. Such a similar approach for EHR records, coupled with blockchain technologies would revolutionize health care.
Just my $0.02 worth.
RD
....a "solution" looking for a problem!!!
Block chains and Merkel trees have a lot in common.
I am TheRaven on Soylent News
Only luddites use apps, etc.
First of all, all health records, especially EHRs, are full of errors. I always get my records from every encounter. 100% of the time it contains errors.
Next, these things need to go through the patient for QA, but they don't. The whole system is set up to do things behind the patient's back, and getting access to records is like pulling teeth, in fact harder -- try to get your dentist's records of pulling your teeth!
And this is the dumbest fucking idea I have ever read.
Electronic medical records, and other use of computers mandated by Congress have been the bane of health care's existence. The one thing EPIC and all other EMR software companies need to dedicate themselves to is ease of use. To say they are complicated for doctors, nurses and administrative staff to use the the greatest understatement ever uttered. I know, because I work at a medical company's call center. A blockchain isn't going to help ease of use at all.
The Uncoveror: It's the real news.
What if I want to have control over my medical data and don't want anyone to have access to it unless I explicitly authorize it. ... never mind.
Oh wait.... I forgot there is no such thing as privacy any more
I think we need much stronger privacy laws. How about the right of the consumer to demand that ANY business purge all identifying information about them at any time, unless you have a currently active contract with them.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
And that's why HIEs exist. The problem is solved, no magic bullet required.
As an aside, HIEs also provide interesting analytics solutions that blockchain cannot.