Healthcare Digital Transformation
Every industry is nowadays going through a digital transformation journey and technologies like cloud, IoT and mobility are speeding up that process. Healthcare is no exception to that. As everything get connected digital transformation will disrupt the current value chain and enable new eco-systems, but a big challenge for this vision to materialise is trust and security. Add on top of that concerns for privacy and you might end-up in a situation where opportunities in the healthcare industry are not realised because we have concerns from both the patients as well as the service providers. This is where blockchain comes in handy, and its impact on healthcare could be particularly significant.
What is blockchain and why does it matter?
So what is blockchain? In its simplest definition blockchain is a distributed public ledger; a database of transactions such that there is a set of pre-defined rules as to how the ledger gets appended, achieved by distributed consensus of participants in the system. You keep track of transactions in a distributed way, where all participants have a copy of the ledger and can potentially validate any future transactions. An important element of the Blockchain implementation will be signatures to validate the integrity of the data. Historically Public Key Infrastructure (PKI) has been one of the fundamental technologies to power such data signatures, but they rely on a central authority to stamp and validate signatures on a data payload. The dependency on a central authority presents serious limitations for large-scale scenarios and is also vulnerable to attacks involving quantum computation. This is where Keyless Signature Infrastructure (KSI) comes to the rescue! It is designed to provide scalable digital signature based authentication for electronic data, machines and humans. Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash-functions and the availability of a public ledger commonly referred to as a blockchain. So with KSI blockchain we can have a strong infrastructure that can secure the integrity, the validity of data and transactions. So how do we apply this to healthcare?
Securing integrity of Electronic Health Records (EHR)
As standards for Electronic Health Records have matured, they have specified what can be shared and how, but they haven’t really solved the issue of securing the transactions and how to make that process open and transparent. The volume of data produced within the healthcare system will make this an increasing problem.
As technology evolves more and more connected devices will collect data about us, about our health and wellness. A research report from Enterprise Service Group from 2012 had estimated that by now the average hospital would generate about 665TB of data. 80% of this information would be unstructured data in the form of videos, images and emails. The amount of data is huge and largely untapped. To put things in perspective a single CT scan represents about 1GB of data, while an X-ray takes about 30MB.
All this data will be available in digital format, and leads to massive amounts of data, which if mined properly will dramatically improve healthcare. But mining the data means also sharing, aggregating data sources and providing access to stakeholders anywhere and anytime. Doctors around the world could for instance benefit from instantly accessing patients records, comparing them with records from other patients.
A key question is where do you store this data and how do you share it in a secure and reliable way. Now part of this answer is given by hyperscale cloud technologies which will allow you to provide storage at unbeatable costs, but the key question here is can you trust that data? What if it is compromised? What if you healthcare data leaks outside the circle of trusted physicians? What if that data is altered? These are some of the reasons why healthcare providers tend to keep the data on their own data centers and within their own closed eco-system.
Blockchain and KSI will secure that data cannot be tampered. You will have a full chain of records of who created the data, who accessed it and who modified it. Each data piece in the cloud data center will be signed and transactions on that data can be audited. As mentioned earlier blockchain and KSI will be used to provide a hashed signature of an EHR when it is in a known good state. By monitoring the time-stamped hashes, the system can verify that the EHRs have not been altered. Any change means something about the EHR itself has changed, and that might represent an attack that can be checked by security staff. So combine KSI, Blockchain, EHR policies and even opendata then you have a solid and distributed infrastructure where data can be shared and its integrity secured. With opendata you can even expose the data to third parties if their is consent and you can create new transactions that could be linked to that blockchain.
Enabling Health information exchange and settlements
The nice thing with blockchain is that you can now reliably share information between service providers, decide who gets access to what data, have a trace of all transactions and make sure nobody has tempered the data. You can now easily link Doctors, Hospitals, Pharmacies, Insurance companies, and other companies which are related to the healthcare eco-system.
Doctors will have seamless access to your health records as well as your insurance policy. When the doctor writes a prescription the pharmacy will have access to the prescription, your insurance information, but also information about allergies or other information as for instance other medicines you might be taking. This will reduce the risk for bad treatment, reduce the risk for fraud, but will also speed up the claims process. Since all information is available and all transactions are linked that whole process can be automated and settlements could be done automatically without even having to do a claim.
Securing IoT Device Configurations and Software
We have been talking so far about the validity and integrity of data in the context of EHRs. Our concern about integrity needs to be go beyond that, it is not only about EHR data but also about machines and operating systems, software and configurations.
Of course you will have plenty of security measures in place to create security perimeters and policies, encrypting connectivity, but you will never been able to prevent against everything
Take for instance all medical devices and connected objects that will provide healthcare care data. How do you protect these? And how do you know these devices have not been tampered with? What if the device measuring you heart rate is comprised? What if somebody replaced the software on your connected insulin dispatcher? The consequences could be lethal and you might not even be aware that a crime has been committed.
What matters for IoT devices is protecting what’s inside it – ensuring that the software operating inside the device and its configuration have not been compromised. If the device is compromised then securing the communication from it won’t matter.
In a recent report by AT&T, “Exploring IoT Cybersecurity“, the company logged that they have seen an increase by 458% of IoT vulnerability scans over the last two years. The threat is real and it is only going to increase!
Here with blockchain and KSI, we have a way to deal with the real problem and that is not to protect against all attacks, but to make sure that are you fully aware of the integrity of a system and the IoT devices.
With KSI Blockchain you can link the software producer, with the device producer, the service staff, the device and the service provider. You can link all transactions made on the device, you can sign the software, the configurations and the transactions. This means that breaches can be detected almost instantly as long as you monitor signature changes.
The future of blockchain and healthcare
I believe the convergence of technologies will further increase the number and variety of use-cases that will benefit from blockchain. Looking at the healthcare system we focused here primarily on electronic healthcare records, IoT devices and data exchange, but there are many more that I could think about. Much of the paper work done today could be simplified, it is not only about registration and basic data, but even regarding signatures required from a legal guardian to perform surgery. Connecting organ donors across the globe could be simplified. Notarising documents would probably not be needed anymore. The possibilities are endless.
It is also interesting to observe how this will evolve here in the UAE. I had the opportunity to participate in a few meetings of the Global Blockchain Council, organised by Dubai Future Foundation and I can say that the interest and traction around this topic is tremendous. Almost every industry is present! The UAE’s agenda for blockchain is aggressive and they want to pilot a number of projects to ensure faster adoption. Relevant to this article is that the telecom operator du will run a pilot on EHR using blockchain infrastructure. Monitor these pilots closely!
I would like to hear more from other experts! What projects do you know of that use blockchain in the healthcare context? What type of adoption do you see of this very hyped technology? Do you think healthcare will be an early adopter or do you see other industries moving faster with blockchain?
Looking forward to hear from you! And if you want to discuss digital transformation or innovation you also contact me directyon the following email: theideapollinator@gmail.com
Website: Www.journeying365.org