Please create an account to participate in the Slashdot moderation system


Forgot your password?
Medicine Databases

Researchers Suggest Using Blockchain For Electronic Health Records ( 70

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

This discussion has been archived. No new comments can be posted.

Researchers Suggest Using Blockchain For Electronic Health Records

Comments Filter:
  • If that's blockchain, then gee, I guess GitHub also uses blockchain.
    • As interesting and intriguing terms become popular, they get hijacked by others who want to bask in the same aura. This is how a dumb cat picture becomes a "meme."
    • Block chains and Merkel trees have a lot in common.
  • by hsmith ( 818216 ) on Monday March 06, 2017 @08:52AM (#53984327)
    In a 256 bit hash? I'd love to know. Block chain can verify data - that is it. Tired of dipshits selling the latest buzz word when they have no idea what it is. Block chain is ledger, not a fucking database.
    • by Zemran ( 3101 )
      But it is in the cloud.... It is magic... It can do everything...
    • Is not possible use checksum for this case? Like we do with big files downloaded from the Internet?
      • No. Checksums are short, easy to generate, and good at detecting accidental errors. They are also typically linear functions, so it is extremely easy to generate two (potentially very) different files with the same checksum.

        • Right. Thank you for the clarification! :)
        • by Kjella ( 173770 )

          No. Checksums are short, easy to generate, and good at detecting accidental errors. They are also typically linear functions, so it is extremely easy to generate two (potentially very) different files with the same checksum.

          A cryptographic hash on the other hand... of course a blockchain could provide the integrity of the history, but it doesn't solve any of the hard problems like who everybody is and whether they have permission to write to your journal. Also in order to verify the blockchain you need access to everything in it, goodbye restricted access... there's many stupid things about this.

    • > Block chain is ledger, not a fucking database.

      the blurb is mis-worded, but its not unreasonable: a patients health record [health record IT guy here] is not necessarily ever complete. interoperability between health systems and their different EHR products is not a thing. the *idea* that blockchain could be used to audit and update a master record for changes and updates is a great idea.

      i wish i thought healthcare IT would ever pull this off, but honestly, even in an unsecured, unaudited way it probabl

    • by jerdenn ( 86993 )

      Thank you so much for bringing some clarity to this discussion. I made it a point to visit all blockchain vendors at HIMSS 2017 and there was not a single answer for 10 MB CCD, let alone imaging data.

      On top of that, HIEs solve many of the "sharing" use cases today. The challenges in healthcare data sharing are semantic interoperability. Trust is tertiary and easily solved using existing standards.

  • by blueshift_1 ( 3692407 ) on Monday March 06, 2017 @09:15AM (#53984411)
    It'll fix every security problem you have!
    • by Chrisq ( 894406 )

      It'll fix every security problem you have!

      It worked wonders for my constipation, though the links were a bit uncomforatble

  • Privacy? (Score:5, Insightful)

    by jbmartin6 ( 1232050 ) on Monday March 06, 2017 @09:57AM (#53984615)
    While the articles has mentions "protecting patient privacy" this isn't explained. It is hard to see how a widely distributed ledger of medical records would be anything but a privacy disaster.
  • Isn't the point of a blockchain that the contents are publicly verifiable?

    Isn't medical data something you don't want public?

    • Re:Public? (Score:5, Insightful)

      by GLMDesigns ( 2044134 ) on Monday March 06, 2017 @10:21AM (#53984749)
      The blockchain concept is perfect for YOU to store your medical information (or any other information). The issue is distributing the keys to doctors, insurance, gov't etc...

      You can store (and add to,) your records easily; and nobody can see it without knowing your "VERY_SECRET_PASSWORD".

      But now, here's the problem. How do you disseminate the information to others? And how do you do this if you're in a coma?

      Then someone else needs access to this "VERY_SECRET_PASSWORD". And who is that? The government? Insurance companies? That is the problem. Not securely storing it on the blockchain.
  • CAS (Content Addressed Storage) isn't new - EMC introduced the Centera in 2002. The current iteration supports cloud storage as well. []

  • Privacy? How quaint. (Score:5, Interesting)

    by Anonymous Coward on Monday March 06, 2017 @10:42AM (#53984847)

    As a physician for > 30 years, I can tell you that the ship has sailed on privacy of your medical records a loong time ago. In the 80s, my senior partner's office medical records still consisted of brief notes jotted on index cards. This basic situation of written or dictated notes, on paper, which were copied and mailed or faxed, really began to shift with the wider adoption of EMRs only in the last 5-8 years - prompted by government diktat and financial penalties. In the hospital, it was all hand-written charts until EHRs became commonplace over roughly the same period.

    The driving force for EHR/EMRs is, of course, money. An electronic record can be audited more easily, screens applied, and payments denied. If you go into the hospital and sit in the nurse's station, you would see the medical record perused by doctors, nurses, pharmacists, LPNs, nurses' aides, PTs, OTs, lab techs, venipuncturists, and unlicensed employees of utilization review, quality assurance, billing and insurance preauthorization depts, etc. Not to mention remote access by doctors offices and all the apparatus of the out-patient utilization review, quality assurance, billing and insurance preauthorization, and govermental auditing (Medicare/Medicaid). There have been many many revealed instances of people viewing and distributing info from the charts of spouses, girlfriends, etc. And, this leaves aside the millions of medical records exposed by compromises and hacks of hospital and insurance co. databases. And, I'm sure the NSA or other TLAs have scooped all that data as well.

    There really is no privacy to your medical info. But if you want to believe that, fine.

    • Oh, it's not so bad as all that. EHRs are so fucked up that nobody can find anything.

      Security by obscurity really isn't a great design strategy but seemingly works in this giant clusterfuck we're creating in the US.

    • by swb ( 14022 )

      There's things I just won't tell my doctor because I know if they end up in EHR they are there forever, will likely follow me and can be used against me.

      • by gosand ( 234100 )

        True story.
        I went into the doctor for a regular checkup a few years ago.
        It was non-eventful.
        A week or so later, I got a letter from my insurance company, basically saying I had to check into drug rehab or risk losing my insurance.
        I knew my insurance agent pretty well, and called him up. He couldn't give me any information. I tried to call my Dr... they don't actually TALK to people on the phone, and nobody in that office would give me any information.

        Eventually, my insurance agent told me that someone had

        • by swb ( 14022 )

          I answer no to all the drug questions at the doctor's office and try to answer questions that may indicate mental health problems as neutrally as possible. I figure they can poke and prod and take samples, anything I tell them verbally is most likely to be used against me, especially when pre-existing conditions come back around.

          You'd have to be crazy to tell your average doctor with a EHR data entry screen in front of them you use any drugs except what has been prescribed.

          The real bullshit factor in all o

          • by gosand ( 234100 )

            That is exactly what I did! No to all those questions.
            The questions are pretty ridiculous. Have you ever used tobacco? yes, yes I have. I have smoked cigarettes/cigars in my lifetime. I have never ever been addicted to tobacco or used it on any regular basis. But, I still answer NO on those questionnaires because if you say yes, it means you are a smoker to them.

            What my story illustrates is that you can still answer NO to all the questions, but if some medical clerk checks the wrong box by accident,

            • by swb ( 14022 )

              Two years ago at my physical was a period of extreme stress and anxiety for me and I actually answered the questions about stress, anxiety and depression at the extreme end of the spectrum.

              Of course the doctor never mentioned them to me at all, which leads me to believe the doctors aren't using them as a source of information about the patient.

              I think next year when the nurse comes in and fills that stuff out I am going to refuse to answer and cite my previous experience of having my responses ignored and/o

  • by rgbatduke ( 1231380 ) <> on Monday March 06, 2017 @11:23AM (#53985107) Homepage

    ... having actually looked at the problem, as opposed to saying the moral equivalent of "if pink unicorns farted fairy dust, toads could fly", what else is there to do but laugh hysterically at this proposal?

    Look, if we lived in a sane universe, the problem being solved wouldn't even exist, because the government would have established a rigorous data portability standard in the first place. Given a rigorous data portability standard, data sharing across EHR's becomes a "necessary feature" instead of a malignant threat to the company that wrote the EHR who hopes that once you've invested the hundreds to thousands of hours and tens to hundreds of thousands of dollars in installing their product and porting/importing the data and training all of the staff to where they are expert enough to have learned just how their product really, really sucks, you will find all that money and time to be a large enough barrier to prevent you (physician, practice management company, hospital, whoever) from running away like a scalded llama towards absolutely anything else that might, just might, suck less.

    The alternative -- that they'd actually have to continue to employ a large staff of developers who are tasked with both debugging their existing product and advancing it with feedback from users in order to actually make their users happy so that they stay with the product out of choice -- is anathema to them, because paying all of those developers and admitting errors and retraining customers as necessary dilutes their profits.

    So now implementing an enormously complicated solution (one that will require a huge investment in programmers, security experts, trainers and so on and worse, will require every vendor to have hooks that permit more or less automated replication of features in other vendors' EHRs, some of which might even be proprietary or trade secrets or whatever) is suddenly going to make this particular post-apocalyptic landscape a lot better? Without laws mandating it? Without it immediately breaking as (say) Epic refuses to disclose key internals to (say) eClinicalworks or (say) Allscripts? Epic won't even willingly import HL7 data exported by other products.

    So excuse me if I pause to catch my breath before resuming maniacal laughter...

  • by Ronin Developer ( 67677 ) on Monday March 06, 2017 @11:38AM (#53985201)

    Took the time to quickly read through the Whitepaper. My intention will be to examine it more thoroughly over the next day or two. I found it interesting because it predates my own preliminary work on the subject matter. With the serious danger for medical record theft, the development of a secure EHR records system is paramount. It would be nice, to see a mandate by the federal gov't making such a system an absolute requirement in whatever healthcare bill becomes or stays law.

    Blockchain technology provides a secure, distributed database. Accessing medical records from corresponding nodes should be very quick. Adding or updating them should require validation of the submitter and of the patient to ensure data integrity and privacy. The identify of a patient can be verified using existing technologies or a database constructed specifically for identification (i.eimage database, biomarkers, and TFA) by the health care provider (HCP). Records that submitted without a thorough vetting of the patient identity can be separated until vetting is complete. If the vetting fails, a new EHR record can be created.

    Two-Factor Authentication (TFA) could be used when checking into a HCP or facility when the patient is conscious and has their smart phone or similar mobie device present. In emergency cases where the patient can not respond, the HCP would be able to keep the records separate yet able to retrieve history while the HCP contacts the patients emergency contacts for vetting. And, in the event a patient can not be properly vetted using these techniques, DNA biomarkers or dental records could be used to achieve a positive identification.

    Such an approach would ensure that bogus information is not entered into a patients medical record. This will help lower insurance costs AND prevent the patient from potentially receiving life threatening procedures or medications (i.e. if allergic). Removing bogus information is very difficult. And, in accordance with HIPAA and health care privacy laws,, the real patient affected by the bogus information is not even permitted to know the identify of the individual who misused their record (stupid, I know) or to even have the erroneous information easily removed.

    By law, everyone is still required to receive stabilizing medical care. But, individuals should not be subject to improper treatment based on bogus data due to misuse nor should they be responsible for medical bills associated with such treatment.

    Unfortunately, a key factor in such a system, common EHR data formats, are still a ways away. EHR vendors tend to be proprietary and expect everyone else to use their protocol, if any. In the public safety sector, this was solved using GJXDM and NIEM to provide a standardized reporting standard. Many states and the federal gov't the implemented systems to facilitate the sharing of this data. Such a similar approach for EHR records, coupled with blockchain technologies would revolutionize health care.

    Just my $0.02 worth.


    • And when the patient loses their key? Or when a medical records clerk makes an error? You're introducing more problems than you're solving.

      You don't want an unalterable, ever-growing database. You want standards to allow easy exchange of information, a system to which access is limited to authorized users, and privacy legislation to ensure anyone misusing the data can be severely punished.

    • Nice ideas and completely impractical. If I have to handle the charts of say, thirty patients during the day and I have to handle them at several times during the encounter, I'm supposed to use a clunky TFA system each and every fucking time? It's bad enough logging back in when you're gone from your desk for a few minutes (you know, to take care of the patient).

      DNA testing? Takes weeks.

      Dental records? I've got a guy bleeding out because he is on one to the new Factor Xa inhibitors (where you have to kn

      • >completely impractical.

        This is the protection against this going anywhere of course. Any practical trial would show it to be a clusterfuck of epic proportions.

      • DNA and dental records werean example that could be used to positively identify a change - not to prevent treatment.

        Changes to a record would not occur until the patient is identified. Until then, they sit in a pending status with the medical history available so as to not delay treatment. If an identify thief used wants to use your records, let them. But, you can easily extract the bogus information if an HCP fails to identify the patient.

        TFA would be used by a patient checking in - not for every access

  • by Anonymous Coward

    First of all, all health records, especially EHRs, are full of errors. I always get my records from every encounter. 100% of the time it contains errors.

    Next, these things need to go through the patient for QA, but they don't. The whole system is set up to do things behind the patient's back, and getting access to records is like pulling teeth, in fact harder -- try to get your dentist's records of pulling your teeth!

  • Electronic medical records, and other use of computers mandated by Congress have been the bane of health care's existence. The one thing EPIC and all other EMR software companies need to dedicate themselves to is ease of use. To say they are complicated for doctors, nurses and administrative staff to use the the greatest understatement ever uttered. I know, because I work at a medical company's call center. A blockchain isn't going to help ease of use at all.
  • What if I want to have control over my medical data and don't want anyone to have access to it unless I explicitly authorize it.
    Oh wait.... I forgot there is no such thing as privacy any more ... never mind.

    I think we need much stronger privacy laws. How about the right of the consumer to demand that ANY business purge all identifying information about them at any time, unless you have a currently active contract with them.

If graphics hackers are so smart, why can't they get the bugs out of fresh paint?