Is the Blockchain a Potential Cure for Securing Health Care data?

From a security perspective the last 24 months have proven to be quite detrimental to the health care industry with dozens of successful and very public and costly cyber / malware attacks. These attacks are relentless and increasing.  As the health care industry explores solutions to mitigate and defend against attacks, one technology that is gaining interest is the Blockchain.

The Blockchain’s claim to fame is the peer-to-peer digital cash Bitcoin and the Blockchain technology is used to record and secure Bitcoin transactions. A new study from Juniper Research has found that the total value of venture capital investment into Blockchain technologies and Bitcoin companies totaled $290 million in the first six months of the year, with more than 30 startups receiving funding in that timeframe. Companies like Tierion, Gem, Factom, Guardtime, and others are already developing Blockchian technologies for health care.

The Blockchain technology is a process of storing and securing data in a non-centralized distributed method. Instead of data being stored in a single database, the data is encrypted and distributed among thousands of individual computers or nodes. As a result of the distributed and decentralized structure, the Blockchain does not have a central point of failure and is better able to withstand malicious attacks. There are several unique features of the Blockchain that make the technology particularly appealing. Here are just a couple of them.  1) Each block in a Blockchain contains encrypted computer code that may include information like financial transactions, contracts, etc. 2) Each block in the Blockchain is securely connected or “chained” to each other using a digital signature.  3) Each block in the Blockchain is very secure because the cryptographic algorithms used to encrypt the data in each block is extremely difficult to generate and requires the combined computational power of the peer-to-peer network of computers in the Blockchain to help encrypt the data.  Any attempt to hack the Blockchain would require a network of computers with exponential computational power thus eliminating the threat of malicious attack from a single source or even a well-organized attack.

So how can the Blockchain potentially be used in health care? Say a hospital or provider wants to securely send a patient’s electronic health record (EHR) to another hospital or provider. The hospital would create a “transaction” request and send the encrypted EHR over the Blockchain. The EHR is protected on the Blockchain using multiple digital signatures and complex cryptography. By using multiple digital signatures, individuals can gain access to the EHR only if there is approval from a number of specified and authorized individuals. For example, a rule could be created that for access to a patient’s EHR, the sending provider, the receiving provider and the patient must all approve. A patient’s EHR could be securely created, shared, and modified by different authorized individuals and entities, creating efficiencies that do not currently exist today. The patient’s EHR could then, in principle, live out its existence in the Blockchain and not on the hospitals or providers centralized and vulnerable database. This same process could be used for billing, claims, and other patient related data.

The Office of the National Coordinator (ONC) is investing the use of the Blockchain technology and earlier this year extended a challenge around the Blockchain entitled Use of Blockchain in Health IT and Health-related Research Challenge and recently announced the winners of the challenge.

The Blockchain has be hailed as the most important IT innovation since the invention of the internet. However, the Blockchain does face some challenges, particularly related to it being an open source technology and there are a multitude of individuals developing Blockchain code. As such, agreeing to code changes can be a challenge as some developers don’t follow Free or Open Source Software (FOSS) standards. As an open source technology, ensuring the security and integrity of data would without question be the number one requirement and the Blockchain technology will need to be thoroughly tested and vetted before the health care industry considers wide spread adoption. Additionally, the Blockchain requires a complete transference to a decentralized and distributed network and for users and operators there would be acceptance, technical knowledge, and development cost curves to overcome.

The Blockchain has a lot of potential to help secure, streamline and accelerate the distribution and storage of health care data but like any new technology there are policy, governance and technical challenges and questions that need to be discussed and addressed. Leavitt Partners has helped establish a cybersecurity coalition to help health care entities understand and address the policy issues and key questions related to the security needs of the health care industry at a strategic level. This cross-sector effort seeks to address many of the needs of medical device manufacturers, health delivery organizations, payers, and health IT organizations through strategic planning and policy development. For more information about the Cybersecurity for Health Care Alliance please contact David Lee at (202) 224-1408 or