Electronic medical records (EMRs) are crucial but highly sensitive private information for diagnosis and treatment in healthcare, which needs to be normally distributed and pooled among peers such as healthcare providers, insurance companies, pharmacies, researchers, patients families and others. This poses a major challenge in maintaining a patient’s medical history up-to-date.
Storing and sharing data between numerous entities, maintaining a right to use control through numerous consents only obscures the process of a patient’s treatment. A patient, afflicted with a serious medical condition such as cancer, or HIV, has to sustain a long history of the treatment procedure and post-treatment rehabilitation and monitoring. Having access to an entire history may be essential for his treatment: for instance, knowing the delivered radiation doses or laboratory results is necessary for continuing the treatment.
Current scenario as witnessed
A patient may visit various medical institutions for a consultation or may be transferred from one hospital to another. According to the legislation, a patient is given a right over his health information and may align rules and limits on who can look at and receive his health information.
If a patient requires sharing his clinical data for the research purposes or transferring them from one hospital to another, he may be required to sign an approval that specifies what kind of data will be shared, the information about the recipient, and the period during which the data can be accessed by the recipient. This may be awfully difficult to coordinate, especially when a patient is moving to another city, region, or country and may not be aware in advance the caregiver or hospital where he would be looked after.
Even if the consent is given, the process of transferring the data is prolonged, especially when sent through the post. Sending the patients’ data via email over the Internet is not considered in most hospitals as this could force security risk while the patient’s healthcare records are in the passage.
Ecosystems for health information exchange (HIE) such as CommonWell Health Alliance aim to certify that the patient electronic health record is secure, efficiently and accurately shared nationwide in the US. This implies that once providers obtain an access to the patient’s health information it is difficult to pledge that a patient could receive independent opinions from different healthcare providers.
Moreover, such ecosystems do not attend to the requirements in case of transferring data from one country to another. Data collection for research purposes needs the consent unless the data are anonymized. However, it has been shown that independent discharge of locally anonymized medical data equivalent to the same patient and originated from different sources (e.g., several healthcare institutions visited by the patient) could cause de-identification of the patient, and, therefore, defiance of privacy.
What benefits does a Decentralized entity possesses over a Centralized entity ?
Relying on a centralized entity that would accumulate and manage the patients’ data and access control policies means having a single point of malfunction and a bottleneck of the whole framework. It also requires either conducting all the operations (such as search, or anonymization) over encrypted data or choosing a fully trusted entity that will have access to insightful information about the patients.
The former still requires supervision of large amounts of memory and is not appropriate for the hospital environment. The latter was proven to be very complicated to put into practice. An example of Google Health wallet has shown that patients are concerned about their privacy and are aware of the potential risk that their sensitive data might be misused.
Benefits of a Ledger
Having access to a ledger – shared, immutable, and obvious history of all the actions that have occurred to all the participants of the network (such as a patient modifying permissions, a doctor, accessing or uploading new data, or sharing them for research) triumph over the issues presented above. By providing the tool to achieve consensus among distributed entities without dependency on a single trusted party, blockchain technology will assure data security, have power over sensitive data, and will facilitate healthcare data management for the patient and different actors in the medical sphere.
In the healthcare settings, a transaction can be defined as a process of creating, uploading or transferring EMR data that is performed within the associated peers. A set of transactions grouped at a certain period is added to the ledger that accounts all the transaction and therefore represents the state of the network.
The key remuneration of applying the blockchain technology in healthcare are the following: verifiable and immutable transactions; tamper resistance, transparency and integrity of distributed sensitive medical data. This is primarily achieved by employing consensus protocol and cryptographic primitives such as hashing and digital signatures.
The likelihood of using blockchain for healthcare data management has recently raised a lot of consideration in both industry and academia. A permissible blockchain technology is allowed to maintain metadata and access control policy and a cloud service to store encrypted patients’ data. Combining these technologies guarantees data security and privacy as well as convenience with respect to the access control policy defined by the patient.