HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

The Benefits of Using Blockchain for Medical Records

Blockchain is perhaps best known for keeping cryptocurrency transactions secure, but what about using blockchain for medical records? Could blockchain help to improve healthcare data security?

The use of blockchain for medical records is still in its infancy, but there are clear security benefits that could help to reduce healthcare data breaches while making it far easier for health data to be shared between providers and accessed by patients.

Currently, the way health records are stored and shared leaves much to be desired. The system is not efficient, there are many roadblocks that prevent the sharing of data and patients’ health data is not always stored by a single healthcare provider – instead a patients’ full health histories are fragmented and spread across multiple providers’ systems.

Not only does this make it difficult for health data to be amalgamated, it also leaves data vulnerable to theft. When data is split between multiple providers and their business associates, there is considerable potential for a breach. The Health Insurance Portability and Accountability Act (HIPAA) requires all HIPAA covered entities and their business associates to implement technical safeguards to ensure the confidentiality, integrity, and availability of protected health information. However, each entity implements their own security controls.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

The more entities have access to health data, the greater the potential for errors to be made that result in the data being exposed. As the Department of Health and Human Services’ Office for Civil Rights Breach portal clearly shows, HIPAA-covered entities and their business associates are not always as careful as they should be when storing and transmitting data, and even when they are, it is often not possible to prevent breaches. However, using blockchain for medical records could dramatically improve data security.

Blockchain, as the name suggests, is a chain of data blocks which contain details of transactions, each of which is encrypted to ensure privacy. Rather than store data in a single location, blockchain keeps data in an encrypted ledger, which is distributed across synchronized, replicated databases. Each block is linked to the previous block by a unique public key with access to data carefully controlled.

As has been shown with the massive Anthem and Equifax data breaches, single entities cannot be trusted to hold vast quantities of data and keep it secure in a centralized system. Storing data in a decentralized system could be a viable alternative.

With blockchain, each data block in the chain can be encrypted using public key cryptography which can be unlocked with the use of a private key or password, which could be held by a patient.

If blockchain is used for health data, rather than multiple healthcare providers storing their own copies of a patient’s data, the patient would grant each access to their data and provide them with a key.

Without access to the key, the data stored in blockchain would be inaccessible. It would not be possible to hack a single block of data, at least not without simultaneously hacking all the others in the chain’s chronology. It would also not possible for changes to the data blocks to be made and for those changes to be hidden.

With a cryptocurrency such as Bitcoin, blockchain is used for transactions – the buying and selling of the currency. With health records, the transactions would be consultations with physicians, X-ray images or blood test results, prescriptions, or surgical procedures. Each time data is added, it would need to be validated by a trusted entity who has been given an access key. Once validated, it would be added as a block in the chain in chronological order, with the blockchain comprising a patient’s entire medical history.

The use of blockchain for medical records could prove highly beneficial for providers and patients. Not only for keeping medical records secure, but pulling together fragmented medical records stored by multiple healthcare providers.

This would allow full medical records to be easily shared between providers. Medical records would not need to be transmitted electronically between providers, new providers would just be required to be told where to access the information and given the access key.

Blockchain has potential to make it far easier for patients to access their healthcare records. Rather than submitting a request for copies of their health data with several different healthcare providers, one request could be submitted and their full healthcare record could be accessed. Currently, that process can be complicated, time-consuming, and potentially costly for the patient, since each provider is permitted under HIPAA to charge a fee for providing copies of data.

When data is provided through patient portals, the process of piecing together health records can be even more complicated, as is sharing the information. Blockchain could also help sort out the issues that exist with multiple patient identifiers.

Blockchain clearly works for financial transactions but what about blockchain and medical records? Could it work in practice? Trials using Blockchain and medical data have shown very promising results.  One trial conducted by MIT Media Lab and Beth Israel Deaconess Medical Center has shown blockchain to work well for tracking test results, treatments, and prescriptions for inpatients and outpatients over 6 months. In that trial case, data exchange between two institutions was simulated using two different databases at Beth Israel. Plans are now underway to expand the pilot.

There are still issues that must be resolved. Blockchain is not anonymous but pseudonymous. There is also the problem of how to make certain records private, such as psychotherapy notes, to prevent patients accessing that information.

It would also be necessary for blockchain to be extensively tested with health data and healthcare organizations would need to be convinced to adopt blockchain medical records systems. Encouragingly, earlier this year, IBM conducted a survey on 200 healthcare organizations. 16% said they expected to have a commercial blockchain solution in place this year.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.