Blockchain in Health: Beyond the Hype in a Trusted Cloud
By Hector Rodriguez, Chief Security Officer, Worldwide Health, Microsoft on May 8, 2018
Filed under Health
|Focus on: Blockchain Technology Overview|
The sky-rocketing popularity of Bitcoin and cryptocurrencies and blockchain investments overall (but lack of solutions) has led the healthcare industry to ask “Is blockchain in healthcare real or is it hype?”. The headlines in 2018 alone have ranged from saying “Blockchain technology is positioned to be the next dramatic innovation in healthcare” to “Don’t let Blockchain savings hype fool you” and “Blockchain is this year’s buzzword, but can it outlive the hype?”. Needless to say, there are plenty of believers and just as many nay-sayers. I believe that the best answer is that it is both hype and real. Sounds like a cop-out but when blockchain technology is put into the right healthcare context and applied to the right scenarios, it is definitely real.
Microsoft sees Blockchain as a transparent and verifiable system that has the potential to change the way people think about exchanging value, enforcing contracts, and sharing data. In it’s pure state, blockchain is a distributed digital ledger (or database) that allows a network of peers (people and/or organizations) to share and access data in a peer-to-peer, decentralized, trusted, immutable and crypto-graphically secure network. Blockchains can also be public, private, or consortium based. These attributes of blockchain sound promising but may also present challenges when applied to highly regulated industries such as healthcare that have stringent security, privacy, and regulatory compliance requirements. For example, blockchain networks synchronize and share data with all the peers in the network and many privacy laws, such as HIPAA, have “need to know” requirements which means that a person should only have access to the data if they need it to do their work and provide care to the patient. Also, the new European Union’s General Data Protection Regulations (GDPR) has a “right to be forgotten” clause which can be difficult to meet if the data is immutable and therefore can’t be changed or deleted. But, those challenges are solvable and we’ll address that later in this blog.
At Microsoft we’ve learned that there are real solutions with real value that leverage blockchain technology as a foundation to deliver viable healthcare solutions that align with the Triple Aim/Quadruple Aim objectives for healthcare entities. We also know that when it comes to discussing “Blockchain in Healthcare” (or any technology) we have to be highly aware of its ability to support the security, privacy, and compliance requirements of this highly regulated industry in a modern world of expanding patient privacy and security rights and demands. Additionally, in our discussions with our customers, partners, and other blockchain experts such as David Houlding from Intel, we proposed that a quick and useful method to assess a blockchain in healthcare scenario is to ensure that the blockchain scenario addresses Dr. Adrian McCullagh’s FITS model while enabling the healthcare organization to deliver on its care objectives while meeting security and privacy requirements. The two key questions to ask are (1) Does it FIT(S)? and (2) Does it drive measurable Quadruple Aim outcomes?
To illustrate these two questions, I’ve created the Healthcare Blockchain scenario cycle matrix in the following diagram that depicts how these two frameworks can be brought together. The cycle matrix is used to show the increasing relationship of these eight attributes to the central blockchain scenario. I would argue that not all eight criteria need to be met but by purposefully applying the criteria you get to solutions such as the blockchain based solution from MintHealth (more on this later). The recently announced “provider demographics” scenario to use blockchain to improve provider data is also a good example that meets many of the criteria in this matrix.
As explained by Dr. McCullagh, you should try to run the FITS model against your use case to check if it can reap the benefits of Blockchain. FITS is an acronym for Fraud, Intermediary, Throughput, and Stable data. Using this model, the best use cases of the Blockchain implementation could be where: (1) There is a high propensity and/or history of fraud. (2) Intermediaries carry out operations and do not truly provide value. (3) Distributed nodes can be leveraged to achieve throughput and (4) Stability of data is required for long periods. Wow, I’m going to say it out loud – so, far this sounds like a good fit for healthcare!
The Quadruple Aim extends the IHI Triple Aim and together they are designed to address (1) Improving the health of the population, (2) Improving patient experience, (3) Reducing Costs and (4) improving the work-life of the caregivers.
Now back to MintHealth. The MintHealth solution is designed to enable healthcare organizations to leverage blockchain technology to transform healthcare and align stakeholders in a new healthcare ecosystem. And in alignment with the cycle matrix they clearly state that they are a global, decentralized health platform that aligns healthcare stakeholders around the shared goal of patient empowerment and improved clinical outcomes, at lower costs. MintHealth’s solution scores very high on all eight criteria in the “Healthcare Blockchain Scenario Cycle Matrix”.
The one missing component is the need to address security, privacy, and regulatory compliance. In order to enable organizations to deploy secure and scalable enterprise blockchains Microsoft has created the COCO (Confidential Consortium) framework. As announced by Microsoft, the Coco Framework is an open-source system that enables high-scale, confidential blockchain networks that meet key enterprise requirements and provide a means to accelerate production enterprise adoption of blockchain technology. Coco is designed specifically for confidential consortiums, where nodes and actors are explicitly declared and controlled. Coco presents an alternative approach to ledger construction, giving enterprises the scalability, distributed governance and enhanced confidentiality they need without sacrificing the security and immutability they expect.
Moving forward, we’ll continue to explore “blockchain in health” and how it can strengthen identity and cybersecurity strategies overall. Follow these links for additional information on Microsoft’s blockchain on Azure and overall approach to cybersecurity.
By the way, even the National Information and Standards Technology (NIST) organization has entered the conversation with its “Blockchain Technology Overview” report.