How Blockchain Can Make HIT More Secure

Drew Ivan
There are dozens of use cases within healthcare that can take advantage of Blockchain's strengths

Drew Ivan was one of the winners in the recent ONC Blockchain Ideation Challenge which focused on use of the technology in healthcare security. He is Director of Business Technology at Orion Health.  Drew answered the question:

What are the top potential benefits of using Blockchain technology to secure healthcare records?


Blockchain is an immutable, public, digital transaction ledger. There are dozens of use cases within healthcare that can take advantage of Blockchain's strengths. Many of these were explored by the participants in ONC's recent Blockchain Ideation Challenge. The topics included: storing and sharing patient records, mining patient data for research purposes, and ensuring continuous coverage for Medicaid beneficiaries.


If there was a common theme to the white papers, it may have been that Blockchain technology holds the potential to invert control within the healthcare system. Today, each institution holds patient data in proprietary systems that communicate poorly with one another. The institutions own the data, control its use, and employ it as a method of ensuring patients return to them in the future.


Storing or at least copying patient records to a Blockchain-based infrastructure puts the patient in control. The patient can always access his records, controls who can see the data (and for what purposes), and is the ultimate custodian of the data.


Imagine, as a simple example, a patient visit that results in a care summary note and an electronic prescription. The doctor's existing, institution-based storage and workflow processes would remain in place, but copies of the documents could be sent to a Blockchain, providing the patient with an unalterable record of the encounter.


The patient would also be able to access the copies of his documents in the Blockchain to share them with other caretakers, doctors, and pharmacies. Because the documents are digitally signed by the original doctor as well as the patient, the recipients can be sure that the documents are authentic and have not been tampered with. Putting the patient at the centre of his own healthcare universe is seen as an important step in promoting interoperability, patient engagement, and improving health.


It is important to add that the hypothetical example imagined here is a simplification. For one thing, the documents themselves would not be transferred to a Blockchain, because Blockchain technology is not designed to handle large documents, high volumes of data, or private health information.


Certainly the documents could be encrypted for storage in a blockchain, but as technology advances, encryption techniques can be cracked and must be replaced with updated, stronger algorithms. Unfortunately if a document has been encrypted with an old, weak algorithm and submitted to an immutable ledger, it cannot be removed or re-encrypted with a new algorithm. The document will be susceptible to decryption by future hackers.


For this reason, the standard recommendation is not to store the document itself in a Blockchain, but rather a pointer to a document that is stored "off chain" in some other database. The pointer provides enough information to locate and retrieve the original document (e.g., a URL) and a cryptographic hash that allows the recipient to verify that the retrieved document is authentic and unaltered.


This two-part storage scheme provides the best of both worlds. The Blockchain ledger acts as a permanent audit trail and index of patient documents while the documents themselves are stored in a variety of conventional data systems.


What is your top management tip?

Take the extra time to write down what you did in a place where your colleagues can see it. Your future self will thank you.


What would you single out as a career highlight?

Switching into healthcare IT provided an opportunity to make an impact working on important problems.


If you had not chosen this career path you would have become a…?

…some other kind of technology worker.


What are your personal interests outside of work?

Being outdoors.


Your favourite quote?

The future is already here – it's just not evenly distributed.

William Gibson

«« The Top Paying IT Jobs in 2017

Stronger CMO-CIO Collaboration Needed »»

Published on : Thu, 15 Dec 2016

Related Articles

Hospitals and other healthcare organisations (HCOs) are increasingly singled out by cyber criminals for ransomware and... Read more

The novel coronavirus pandemic continues to spread like wildfire in the U.S., causing panic and chaos among hardest-hit communities.... Read more

Power to the Patient It’s there, it’s everywhere, in multiple shapes and forms. Ethereum, Bitcoin, Dogecoin,... Read more

Blockchain, HIT security, Drew Ivan How can Blockchain Help HIT security

No comment

Please login to leave a comment...