Health information technology and information security specialists are hearing a lot about blockchain these days. “It’s the answer to interoperability.” And “the technology can solve healthcare’s looming security problems.”
The so-called digital ledger technology was developed in 2008 by a possibly pseudonymous person,Satoshi Nakamoto. He designed it as the underpinning for the exchange of the digital cryptocurrency known as Bitcoin.
Blockchain transactions are logged publicly and in chronological order. The database shows an ever-expanding list of ordered “blocks,” each time-stamped and connected to the block that came before it. Hence, thereby constituting a blockchain.
Crucially, each block cannot be changed, deleted or otherwise modified: it’s an indelible record that a given transaction occurred. That’s exactly what has many in healthcare excited about blockchain’s potential for data security. It’s open and decentralized nature could lend itself well to managing health records and proving identity.
Rather than a central database, the blockchain record can be distributed and shared across networks. This is done with credentialed users able to add to – but not delete or alter – the transaction log. Transactions are encrypted and must be verified by the network.
How does it work?
“For example, if any node on the network tries to transfer a particular asset twice, to two different parties, that transaction would not be validated by others on the network, and there would be no agreement to add it as a new block on the chain,” said Behlendorf, executive director of Hyperledger, an open-source collaborative launched by the Linux Foundation to advance the use of blockchain beyond Bitcoin transactions.
Behlendorf also spotlighted the importance of so-called smart contracts on the blockchain ledger: “simple software programs that run on all nodes in the network and can extend the validation logic at each node in a way that is automatable and undeniable.” In healthcare, for example, such smart contracts could be deployed as an “authorization process and confirmation step that notifies the patient – or even puts them in control – when their data is shared from one address to another.”
Behlendorf said that because blockchain technology is distributed by design, storage space is limited, so small data or metadata is preferable. The option is to store records or files either on- or off-chain, he said. Large healthcare files such as imaging scans or PDFs wouldn’t need to be stored entirely on the chain but could be linked to it with a hash, or cryptographic numeric fingerprint, to ensure it hasn’t been altered.