(with Blake J. Tobias Jr., Saint Joseph’s University, Philadelphia, PA)
Blockchain is the foundational technology that is providing the infrastructure for the transformational applications that is enabling progress in the use of electronic health records (EHRs). Patient data that once moved by paper now moves instantaneously on top of TCP/IP (also known as the Transmission Control Protocol/Internet Protocol) and blockchain technologies. TCP/IP is the existing protocol architecture of the Internet, the framework on which EHRs rest, as well as Email (plus everything found on Smartphones). Blockchain is the “future” communications protocol for networking, the framework that will standardize EHRs in the coming years and will eventually result in the creation of the national health information system envisioned by Congress. Blockchain technology has the potential to disrupt health care applications and the future for the interoperability of EHRs. Blockchain will network health information systems to exchange and make use of EHRs located anywhere in the United States and someday, anywhere in the world.
I. Sharing Information Between Electronic Record Systems
Health records are vital to patients, health providers (including hospital systems and physicians), and to health insurers. Patient data needs to be managed under a mandate of control, privacy, and accountability. The framework around this undertaking is the Health Insurance Portability and Accountability Act (HIPAA). HIPAA set the standards for the protection of health information more than two decades ago, in 1996. However, from a security standpoint HIPAA is cumbersome and burdensome for providers to use. While federal incentive programs have made EHRs more accessible, most hospital systems still cannot easily (or safely) share their patient data.
Accessing health records is difficult to manage, requires a high overhead, and is prone to human error. According to a national Mayo Clinic study, the number one thing most physicians would change is streamlining the health record process. The reason for this burdensomeness is because health information is not located in a single database but rather distributed among different actors who own and exchange the data for each individual patient. Records systems are fragmented and vulnerable, since basic computer security protocols that authenticate patient data are often lacking.
One such vulnerability is that the federal government does not require universal encryption of health records but rather orders providers to use a level of security that is reasonable and appropriate. Also, hospitals need only report cyberattacks on record systems that result in the exposure of private medical or financial information, such as malware that steals data. Whether the data encryption of ransomware, a type of software that locks away patient data until providers pay a ransom, meets that threshold is not clear.
II. Blockchain Technology
The security of EHRs is growing acute as malware and ransomware proliferates. The disturbing reality is that the true state of cybersecurity risk in electronic health systems is underreported by orders of magnitude. Although the ability of health care systems to fight cybercriminals is limited with TCP/IP technology, this security problem can be addressed with blockchain technology.
Blockchain technology, like TCP/IP (on which the Internet was built) is a foundational technology that can enable transformative change and progress in health care. Blockchain is comprised of a chain of data blocks, each of which could contain patient transactions that are encoded for security and chained to their predecessor and successor blocks by a unique address or public key. This approach comes with very powerful advantages over existing storage and distribution of health records.
First, unlike the health information systems in place today that were designed for a case at hand without consideration of wider applications, blockchain technology is designed for connectivity and distribution over an open network. By storing patient data across a peer-to-peer network, blockchain avoids the perils of health records being stored in one location. That is what is (sometimes mistakenly) thought of as a trusted third party, such as a hospital system holding a patient’s medical history or a health insurer holding a patient’s health care claims. Should that third party suffer a catastrophic data problem, or even a minor one such as a data corruption brought about by a hacker, it may be difficult if not impossible to prove or disprove a patient’s medical history.
Second, transaction problems are avoided with a distributed ledger because when one data block is changed or modified then it becomes invalid and the subsequent set of chained data blocks become invalid. This is because the information of each data block is used in a math function to generate the link in the chain to the next block. As such, changes are impossible to construct. Rather than having one central administrator of health records that acts as a gatekeeper to patient data—a list of digital transactions—there is one shared encrypted ledger that is spread across a network of synchronized, replicated databases that are transparent to anyone with access. This gives the peer-to-peer network unprecedented security benefits. Hacking one block in the chain is impossible without hacking every other block in the chain’s chronology (thus, the term, blockchain). In turn, this makes blockchain appealing to the physicians and hospital systems that need secure access to a patient’s health history. The health records may be different and come from different places, but the distributed ledger itself is standardized.
Transparency with Pseudonymity
The third characteristic of blockchain technology is transparency with pseudonymity. Pseudonymity (such as a birth date and zip code) occurs when a patient is identified by something other than their actual name; it applies to any health record transaction a patient has that protects their individual identity from being shared with another party. Different levels of pseudonymity exist, and examples of pseudonymity can be seen all over EHRs. A health record in this form is suitable for extensive research analytics and processing.
Secure Data Encryption
The fourth characteristic of blockchain technology is that it is secure. The data in a block, or the EHR, can be stored in an encrypted form using public key cryptography and can be unlocked using a private key (password) that patients, owners of the transaction, possess. This key would make it impossible for unauthorized access to health records. The question of what happens in an emergency when a patient may be incapacitated and unable to provide the private key, is often posed. Several options exist, including emergency third-party advocates with access to private keys whose very use would be tracked through a blockchain authority and from best-in-class clinical and remote-monitoring devices, sensors, wearables, and patient wellness applications.
III. Unified Clinical Systems
Overall, four blockchain factors—connectivity, ledger technology, transparency with pseudonymity, and data security—combine to increase the security of the EHR and ensure data quality. Just like how the Internet changed the way hospitals and physicians share health records, blockchain is an open source innovation that is going to revolutionize health record transactions among patients and health care systems. Blockchain technology will create standard data that is:
- Accurate, meaning that the right data will be usable and unambiguous
- Complete, in other words, all the required data on a patient will be included in their health record
- Consistent, meaning the patient data will be usable across different sources, from different providers and across the various parts of a health care system
- Timely for real-time, data-driven decisions
- Unique or unambiguous, and valid
With blockchain, unified clinical systems can be created with greater two-way transparency and lower operating costs. Health providers that manage their health records correctly and understand its inherent value will have the advantage in the marketplace.
IV. Transformational Law for Health Records
Blockchain technology will have the most disruptive impact on health records since the invention of the Internet. Comprehensive new health record laws are needed to accommodate the technological changes that have occurred over the past fifty years since the Internet revolution first began in 1965. Whether or not blockchain technology is endorsed within the next year or the next decade, the global technology revolution warrants attention to blockchain solutions.
 Shanafelt, T.D., et al. (2016). Relationship between clerical burden and characteristics of the electronic environment with physician burnout and professional satisfaction. Mayo Clinical Proceedings, 91 (7), 836-848.
 U.S. Department of Health and Human Services (HHS). (2013). Summary of the HIPAA security rule. Washington, DC: HHS.
 Evans, M. (2017, June 18). Why some of the worst cyberattacks in health care go unreported: Some breaches at hospitals involving ransomware don’t have to be made public, a loophole some are trying to close. Wall Street Journal, p. B1.
 Leo Scanlon, deputy chief information security officer for the U.S. Department of Health and Human Services, before the U.S. Congress, House Energy and Commerce Committee. (2017, June 8). Washington, DC.
 IBM. (2016, April 29). Press release: IBM launches first highly secure blockchain services for healthcare on IBM cloud. White Plains, NY: IBM (announcing a new framework for blockchain networks to operate securely in addition to meeting current HIPAA regulatory and security requirements). In January 2017, the Food and Drug Administration partnered with IBM Watson to find ways to safely share data from EHRs using blockchain technology.
 The U.S. Department of Defense Advanced Research Projects Agency (generally referred to as DARPA) developed the first packet switching network—a digital networking method of communications that groups transmitted data into blocks, called packets—and the first network to implement the TCP/IP protocol. Both technologies became the technical foundation of the Internet.
 Shackelford, S. J., & Myers, S. (2017). Block-by-block: Leveraging the power of blockchain technology to build trust and promote cyber peace. Yale Journal of Law and Technology, 19, 334-388.; see Molteni, M. (2017, February 1). Moving patient data is messy, but blockchain is here to help. Wired.
Donna K. Hammaker is Director, National Institute Health Care Management & Law, Graduate Health Administration, Saint Joseph’s University, Philadelphia, Pennsylvania.