Please don’t put medical records on the blockchain

Please don’t put medical records on the blockchain
William Nash
William Nash
April 16th 2018

In our work, it's not uncommon to hear, “let's put medical records on a blockchain” and hard not to think 'please never do this'. There are some perceived advantages, but it’s just not worth the number of problems it will cause for you. There are three critical considerations of security, scalability and compliance.

  1. Security

Just because your data is on a blockchain doesn’t mean it is safe. In fact, it can leave that data less protected. And, the measures you might take to make a blockchain system secure are probably ones you should have been doing anyway (encryption, IP whitelisting, protecting private keys etc.).

Blockchains may make data more secure, but more secure only in particular ways. You can break information security into four aspects: availability, non-repudiation, integrity and confidentiality. Blockchains do help guarantee that information is always on hand (availability) and that that information stays consistent across different sites and at different times (integrity). Alongside this, they're perfect for stopping parties pretending that they received inaccurate information (non-repudiation).

But blockchains aren't great for keeping information secret (confidentiality) because they hold any (encrypted) data across multiple nodes in other parties' control. If an attacker gets a private key or a password, then they get access to the underlying information because the encrypted data is (semi-) public. Just saying ‘encryption’ won’t help; if you store the records in a regular database, then they’re going to be encrypted. In a centralised system, you can protect and maintain the keys, with blockchains you're asking other companies to take ownership of this.

Regarding medical records, the most significant aspect of information security is confidentiality (closely followed by availability) - therefore blockchains are not the right solution. Where integrity and non-repudiation are essential, then blockchains make more sense, and this is why we use them as part of our audit trail in the permissioned exchange of medical record data.

  1. Scalability

A electronic medical record used to be a set of digital medical notes; free text associated with a patient in a database. This reflected how electronic products were brought in as replacements for paper-based systems - this is great for doctors but doesn’t work for patients.

Over time, systems have added richer data which includes structured data, images and videos. In the future, patients could have genomic sequences and scans. A raw MRI image might be 1GB, but a genome sequence could be up to 200GB. To put that in context, the bitcoin blockchain is currently about 150GB. This size means you’re going to be paying to store terabytes of data at every node location, which is going to make Amazon Web Services very happy and your CFO very unhappy.

You could store the data centrally and provide access via the blockchain using pointers and this does partially solve the problem, but you lose the benefits of availability which you get from the blockchain; plus are you really “putting medical records on-chain”?

  1. Compliance

Without going into the specific rules for each country, it’s safe to say that every developed country heavily regulates the sharing of medical information. In the United States, there is HIPAA, the UK has Caldicott Principles, Australia has the Privacy Act and the My Health Records Act; and the list goes on.

Regardless of the specific provisions of these acts, to enact these provisions, you need control over the information and how (or where) it’s processed. If you’re taking medical records and putting them on a blockchain, then that data is public (or semi-public), and you have immediately lost real control over it. It could be processed in any jurisdiction and stored overseas. Another party could lose the data without your knowledge so the breach would not be reported. Again, just encrypting the data doesn’t necessarily help as these rules rarely define medical information as merely unencrypted human-readable information.

These are the three critical considerations when thinking of how blockchains can be used to store patient data.

The reasons for thinking putting medical records on a blockchain is a good idea are similar to the reasons for thinking that a centralised system will solve interoperability problems - it feels much easier to achieve fluid medical records by just having one golden repository whether it's centralised or decentralised. But, there are reasons why one single record of medical data will never exist. Medical records are centralised to achieve compliance. They use different standards because they contain different data. They don’t work with a token model because no one wants to or should have to pay for their own record.

Blockchains are a tool, and all tools are useful for some activities and useless for others. Blockchains don't work for storing encrypted medical records while they are ideal for regulating a network of medical data exchange. Dovetail is working on an NHS blockchain-based solution for medical records where we don’t store any health data on a blockchain. Instea, we use the blockchain to log data sharing events and an audit trail of consent. This means we can take advantage of the integrity and non-repudiability of a blockchain without the issues of confidentiality. It also means we can control where the data can go by admitting organisations into the network or excluding them.

For more information, or to join the conversation, please get in touch on Twitter @dovetaillab