Researchers Suggest Using Blockchain For Electronic Health Records

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

How do you Store a 5gb MRI image

[hsmith]

In a 256 bit hash? I'd love to know. Block chain can verify data - that is it. Tired of dipshits selling the latest buzz word when they have no idea what it is. Block chain is ledger, not a fucking database.

Re:How do you Store a 5gb MRI image

[arth1]

And what do you do when you need medical data expunged from the record? It's difficult enough as is today, but still doable in cases like wrong diagnoses or a doctor or nurse logging to the wrong journal. But you can't modify a signed chain without breaking it - that's the entire point.

No, I think this is a very bad idea.
A git-like approach would be a better idea, but that requires a dedicated merge master who can vet pull requests. And I sure as hell would not want that to fall on an insurance company, and they sure as hell would demand it.

How about this radical idea: The patient owns and controls data about the patient, and takes the consequences.

Re:How do you Store a 5gb MRI image

[frank_adrian314159]

And what do you do when you need medical data expunged from the record? It's difficult enough as is today, but still doable in cases like wrong diagnoses or a doctor or nurse logging to the wrong journal. But you can't modify a signed chain without breaking it - that's the entire point.

Yes. It is the entire point. But you don't remove data from an EMR (Electronic Medical Record). Working with them on a daily basis, I can tell you the "removed" bits and "reason for removal" fields in their databases have a reason. You always add to the record, even if it is a removal. That is, you do if you and your customers value their legal skins.

Re: How do you Store a 5gb MRI image

[Entrope]

No. Checksums are short, easy to generate, and good at detecting accidental errors. They are also typically linear functions, so it is extremely easy to generate two (potentially very) different files with the same checksum.

Re:How do you Store a 5gb MRI image

[Kjella]

Yes. It is the entire point. But you don't remove data from an EMR (Electronic Medical Record). Working with them on a daily basis, I can tell you the "removed" bits and "reason for removal" fields in their databases have a reason. You always add to the record, even if it is a removal. That is, you do if you and your customers value their legal skins.

That's the default, yes. But at least here in Norway you have the right to have information that is found wrong or unnecessary and strongly burdensome not only corrected, but actually expunged. Usually it involves possible substance abuse, child abuse, psychiatric diagnoses or something like that and the burden of proof is on you, it happens very rarely but it does happen from time to time. This is more a legal process around the registration of personal information than a medical process and you can appeal beyond the institution that logged it. Generally though the duty to document is very strong, even if what they thought or did was incorrect that's their basis for action and review so for example if you want to sue for malpractice that should be done first. But even if this happens in only one in a million journal entries, it's pretty incompatible with a blockchain.

Re:How do you Store a 5gb MRI image

[xSauronx]

> Block chain is ledger, not a fucking database.

the blurb is mis-worded, but its not unreasonable: a patients health record [health record IT guy here] is not necessarily ever complete. interoperability between health systems and their different EHR products is not a thing. the *idea* that blockchain could be used to audit and update a master record for changes and updates is a great idea.

i wish i thought healthcare IT would ever pull this off, but honestly, even in an unsecured, unaudited way it probably wont--at least not anytime soon. wanna know what the most universal way to move health records is between facilities and systems?

a fax. fax me a thing, we intake it as an image, MAYBE print it to text and run a regex on it for patient info, or otherwise it gets manually checked to be assigned to the right patient in our system.

healthcare it has lots of room for improvement. id love to see it improved but...im not about to get in a hurry over it.

Blockchain...

[blueshift_1]

It'll fix every security problem you have!

Re:Blockchain...

[Chrisq]

It'll fix every security problem you have!

It worked wonders for my constipation, though the links were a bit uncomforatble

Re:HL7

[jbmartin6]

HL7 is just a messaging format, doesn't provide for audit, nor does it scale well across a large number of recipients. Unless you want every hospital and doctor to maintain records on every person, and maintain a VPN to every other hospital and doctor.

Privacy?

[jbmartin6]

While the articles has mentions "protecting patient privacy" this isn't explained. It is hard to see how a widely distributed ledger of medical records would be anything but a privacy disaster.

Re:Public?

[GLMDesigns]

The blockchain concept is perfect for YOU to store your medical information (or any other information). The issue is distributing the keys to doctors, insurance, gov't etc...

You can store (and add to,) your records easily; and nobody can see it without knowing your "VERY_SECRET_PASSWORD".

But now, here's the problem. How do you disseminate the information to others? And how do you do this if you're in a coma?

Then someone else needs access to this "VERY_SECRET_PASSWORD". And who is that? The government? Insurance companies? That is the problem. Not securely storing it on the blockchain.

EMC has had this for over 15 years

[Joe_NoOne]

CAS (Content Addressed Storage) isn't new - EMC introduced the Centera in 2002. The current iteration supports cloud storage as well.
https://www.emc.com/data-prote...

Privacy? How quaint.

As a physician for > 30 years, I can tell you that the ship has sailed on privacy of your medical records a loong time ago. In the 80s, my senior partner's office medical records still consisted of brief notes jotted on index cards. This basic situation of written or dictated notes, on paper, which were copied and mailed or faxed, really began to shift with the wider adoption of EMRs only in the last 5-8 years - prompted by government diktat and financial penalties. In the hospital, it was all hand-written charts until EHRs became commonplace over roughly the same period.

The driving force for EHR/EMRs is, of course, money. An electronic record can be audited more easily, screens applied, and payments denied. If you go into the hospital and sit in the nurse's station, you would see the medical record perused by doctors, nurses, pharmacists, LPNs, nurses' aides, PTs, OTs, lab techs, venipuncturists, and unlicensed employees of utilization review, quality assurance, billing and insurance preauthorization depts, etc. Not to mention remote access by doctors offices and all the apparatus of the out-patient utilization review, quality assurance, billing and insurance preauthorization, and govermental auditing (Medicare/Medicaid). There have been many many revealed instances of people viewing and distributing info from the charts of spouses, girlfriends, etc. And, this leaves aside the millions of medical records exposed by compromises and hacks of hospital and insurance co. databases. And, I'm sure the NSA or other TLAs have scooped all that data as well.

There really is no privacy to your medical info. But if you want to believe that, fine.

Re:Privacy? How quaint.

[gosand]

True story.
I went into the doctor for a regular checkup a few years ago.
It was non-eventful.
A week or so later, I got a letter from my insurance company, basically saying I had to check into drug rehab or risk losing my insurance.
I knew my insurance agent pretty well, and called him up. He couldn't give me any information. I tried to call my Dr... they don't actually TALK to people on the phone, and nobody in that office would give me any information.

Eventually, my insurance agent told me that someone had noted on my questionnaire that I used marijuana - which I do not.

It took a couple of weeks of phone calls to my Dr's office, and me getting irate and coming just short of threatening legal action, and they reluctantly agreed to remove that from my record. And then my insurance company backed down.

ROTFL...

[rgbatduke]

... having actually looked at the problem, as opposed to saying the moral equivalent of "if pink unicorns farted fairy dust, toads could fly", what else is there to do but laugh hysterically at this proposal?

Look, if we lived in a sane universe, the problem being solved wouldn't even exist, because the government would have established a rigorous data portability standard in the first place. Given a rigorous data portability standard, data sharing across EHR's becomes a "necessary feature" instead of a malignant threat to the company that wrote the EHR who hopes that once you've invested the hundreds to thousands of hours and tens to hundreds of thousands of dollars in installing their product and porting/importing the data and training all of the staff to where they are expert enough to have learned just how their product really, really sucks, you will find all that money and time to be a large enough barrier to prevent you (physician, practice management company, hospital, whoever) from running away like a scalded llama towards absolutely anything else that might, just might, suck less.

The alternative -- that they'd actually have to continue to employ a large staff of developers who are tasked with both debugging their existing product and advancing it with feedback from users in order to actually make their users happy so that they stay with the product out of choice -- is anathema to them, because paying all of those developers and admitting errors and retraining customers as necessary dilutes their profits.

So now implementing an enormously complicated solution (one that will require a huge investment in programmers, security experts, trainers and so on and worse, will require every vendor to have hooks that permit more or less automated replication of features in other vendors' EHRs, some of which might even be proprietary or trade secrets or whatever) is suddenly going to make this particular post-apocalyptic landscape a lot better? Without laws mandating it? Without it immediately breaking as (say) Epic refuses to disclose key internals to (say) eClinicalworks or (say) Allscripts? Epic won't even willingly import HL7 data exported by other products.

So excuse me if I pause to catch my breath before resuming maniacal laughter...

EHR is a Perfect Use Case for Blockchain

[Ronin+Developer]

Took the time to quickly read through the Whitepaper. My intention will be to examine it more thoroughly over the next day or two. I found it interesting because it predates my own preliminary work on the subject matter. With the serious danger for medical record theft, the development of a secure EHR records system is paramount. It would be nice, to see a mandate by the federal gov't making such a system an absolute requirement in whatever healthcare bill becomes or stays law.

Blockchain technology provides a secure, distributed database. Accessing medical records from corresponding nodes should be very quick. Adding or updating them should require validation of the submitter and of the patient to ensure data integrity and privacy. The identify of a patient can be verified using existing technologies or a database constructed specifically for identification (i.eimage database, biomarkers, and TFA) by the health care provider (HCP). Records that submitted without a thorough vetting of the patient identity can be separated until vetting is complete. If the vetting fails, a new EHR record can be created.

Two-Factor Authentication (TFA) could be used when checking into a HCP or facility when the patient is conscious and has their smart phone or similar mobie device present. In emergency cases where the patient can not respond, the HCP would be able to keep the records separate yet able to retrieve history while the HCP contacts the patients emergency contacts for vetting. And, in the event a patient can not be properly vetted using these techniques, DNA biomarkers or dental records could be used to achieve a positive identification.

Such an approach would ensure that bogus information is not entered into a patients medical record. This will help lower insurance costs AND prevent the patient from potentially receiving life threatening procedures or medications (i.e. if allergic). Removing bogus information is very difficult. And, in accordance with HIPAA and health care privacy laws,, the real patient affected by the bogus information is not even permitted to know the identify of the individual who misused their record (stupid, I know) or to even have the erroneous information easily removed.

By law, everyone is still required to receive stabilizing medical care. But, individuals should not be subject to improper treatment based on bogus data due to misuse nor should they be responsible for medical bills associated with such treatment.

Unfortunately, a key factor in such a system, common EHR data formats, are still a ways away. EHR vendors tend to be proprietary and expect everyone else to use their protocol, if any. In the public safety sector, this was solved using GJXDM and NIEM to provide a standardized reporting standard. Many states and the federal gov't the implemented systems to facilitate the sharing of this data. Such a similar approach for EHR records, coupled with blockchain technologies would revolutionize health care.

Just my $0.02 worth.

RD

Re:EHR is a Perfect Use Case for Blockchain

[Baron_Yam]

And when the patient loses their key? Or when a medical records clerk makes an error? You're introducing more problems than you're solving.

You don't want an unalterable, ever-growing database. You want standards to allow easy exchange of information, a system to which access is limited to authorized users, and privacy legislation to ensure anyone misusing the data can be severely punished.

Re:EHR is a Perfect Use Case for Blockchain

[ColdWetDog]

Nice ideas and completely impractical. If I have to handle the charts of say, thirty patients during the day and I have to handle them at several times during the encounter, I'm supposed to use a clunky TFA system each and every fucking time? It's bad enough logging back in when you're gone from your desk for a few minutes (you know, to take care of the patient).

DNA testing? Takes weeks.

Dental records? I've got a guy bleeding out because he is on one to the new Factor Xa inhibitors (where you have to know WHICH of four inhibitors he;s on because the antidotes are unique to each drug and cost over $5000 USD a dose) and you want me to do dental X-rays?

Keep the change.