Medical Records on Blockchain
Feb 24, 2022by, Arun Ravi
What is an Electronic Health Record or Medical Record?
According to Wikipedia, an electronic health record (EHR), or electronic medical record (EMR), is the systematized collection of patient and population electronically-stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.
Wow… that is hell lot of information. Any manipulation or leak of medical history do have catastrophic impact on one’s life. There are stringent frameworks and rules guiding the use of medical records.
Risk associated with EHR
HIPAA(Health Insurance Portability and Accountability Act) compliance and data protection pose serious risks for healthcare providers. Studies show that health records are exponentially more valuable to cyber-criminals than personal credit card data. Don Jackson, PhishLabs’ Director of Threat Intelligence, says each health credential can bring 10 to 20 times the value of a single credit number because you cannot void a record in the same way you can void a credit card. Integrating best-in-class technology with advanced security features is the only way to ensure maximized data protection.
EHR Using Blockchain
Any leak/manipulation of EHR record will lead to a doomsday crisis for the company that handles it. I pondered the question of is it really possible to have a system that is secure and nearly uncompromisable, at the same time scalable and opens up new possibilities in health domain?
Yes, I seriously believe that such a system can exist, a system that is secure, wait, the word secure is quite vague, so I will call it HIPAA compliant, highly scalable and also provides an interface to safely communicate necessary information with any other HIPAA compliant third party. The basic building block of this system would be a blockchain system (for all the newbies in town I would suggest them to quickly jump onto the layman explanation about blockchain included at the end of this article). During the length and breadth of this article I will explain the core components and features of this new system.
Let us consider a subset of actors from the medical domain, there will doctor(s), nurse(s), lab technician(s), insurance companies, pharmaceutical companies, medical research group(s), and finally ofcourse patients or normal humans.
All these actors have different reasons to show interest in medical records, doctors would be delighted to know about the long term history of their patients, insurers would be glad to know about your health performances and medical claim history to verify your pending claims and also to design a custom financial solution for you at time of emergencies, nurses and technicians can update/append various observations and test results onto your health record easily. Medical research groups and Pharmaceutical companies would like to have general health information of the population based on demographics (rather than individual records with much more personal stuffs), so that they can analyze the performance of certain drug/ treatment, they can devise new treatment and diagnostic techniques.
The blockchain based system, EHR system would employ a blockchain system to systematically logs all the time series medical events (let us call them transaction). There would be legally compliant interface(s) to fetch information from this system for research and verification. We would be using Hyperledger Fabric and Hyperledger Composer to build the core cryptologically sound data storage layer. Why Hyperledger Fabric and Hyperledger composer ? Answer is very obvious, the ease of development. Hyperledger Composer on top of Hyperledger Fabric provides access control functionalities, peer interaction, and also generates data access apis automatically, we also have provision to build custom api(s). Various legally compliant entities can pull information from this system on a periodic basis in batches or otherwise. This system can provide detail medical history of person to himself and his doctor. The system can provide information about performance of certain drugs, treatment techniques, diagnostic techniques on population, by stripping off private information like Name, SSN etc. This data is apt for research and development purpose.
The overview architecture of new system is attached below.
Moving onto the data flow through the system, when a patient visits a medical facility, the medical personal insert medical log about the patient into the system. His illness, symptoms, body parameters etc are logged. The doctors suggestions are also logged. These logs are stored onto our hyperledger cluster. When the same patient visits same/different medical facility next time the medical personal over there, can pull his history and do a careful analysis. The pharmaceutical companies and research group can pull disease report, medical performance report of drug/treatment/diagnostic techniques in batches in a periodic manner and apply various aggregation to get precious insights for future development programs, they can also use these data to generate artificially intelligent machines, that can support medical personnels in future. Please note that the data shared with these HIPAA compliant entities will be free from personal information like ssn, phone number, email etc. These medical information will be made available to law enforcement agencies and emergency responders, there by helping first responders to take immediate measures, while at crisis. They can use this information to successfully rescue victim(s). The law enforcement agencies will be automatically alerted in case of injuries causing harm like poisoning, bullet injuries, etc which needs to be investigated at the earliest. This helps them to keep our societies healthy and safe.
What is a blockchain?
The description that most of you have come across the web will be ‘A replicated immutable time-stamped database using cryptographic encryption that would facilitate consensus driven collaboration and tracking of transactions and interactions’. Wow, that’s too complex and got the better of you.
Let me explain it in simpler terms using day to day terminologies. Normally we used to keep our transaction/statistical information in a book or an excel sheet. In order to keep it secured we used to keep multiple copies of the same. Each copy is always in sync and can be owned by different companies or individuals. The structure in which we store information in a blockchain is similar to this distributed excel sheet or book, though it has some additional fields to keep it secure and verified. The multiple copies of the information at different location makes it a distributed database. Since this is distributed bookkeeping we call it a distributed ledger as well. Let us start with an example. We have an excel sheet with following information about a commodity exchange. The fields in the excel sheet are as follows Initiator, Receiver, Commodity, Quantity, Time.
- Initiator: Person who initiates the transaction. Usually this will be a unique identifier (call it signature)
- Receiver: Person who is receiving the commodity. This will be also a signature just like initiator.
- Commodity: The entity that is being transacted.
- Quantity: The amount of commodity transacted.
- Time: The time (Date and Time) during which the transaction was conducted.
In Blockchain we have an additional field called ‘hash’. The hash value is generated based on the contents of the transactions and that of the last successful transaction.
Anybody who wants to make a transaction can add a new row to this sheet to record their transaction. When a contributor adds a row, it is time-stamped, and he also signs his name against the transaction so that others can verify, he was indeed the actual contributor. One of the columns in the row added is Hash. Hash is cryptographically encrypted stuff that is created using the editor’s signature, Hash of the previous row and transaction details (Transaction Content) being added.
The hash of one row has a dependency on the hash of the previous row, every transaction is dependent on the previous transaction and iteratively across all transactions in the database and hence we have a chain of transactions.
When a row is added to the sheet, others who have a copy of this sheet validates the transaction by checking the hash of the transaction and by confirming the ownership of the entity transferred was with the transaction initiator. If everything is fine they will add this row to their copy of excel sheet to maintain the universal truth. This is called collaboration.
If a fraudster tries to manipulate the previous transaction, then he will have to manipulate all the subsequent transaction which is never possible as the transactions keep on occurring. This is because the content of the transaction and hash of the previous transaction are a contributing factor in the hash of the new transaction. So, the fraudster has to calculate the hash from corrupted transaction to the latest. The multiple copies of the sheet and consensus driven universal truth also add to the agony of the fraudster. The information in the majority of the copy is considered as the truth and hence the attacker will have to manipulate the data on the majority set of copies to effectively corrupt the information which is nearly impossible.
Suppose we have a lot of transactions happening simultaneously, let us extend the above logic of recording a single transaction to a set of records. Then these transactions are recorded temporarily on a log and after every fixed time interval the transactions that have happened are batch processed as block of data. As explained for a row, the hash of block of transaction is calculated and is dependent on the hash of previous block, the contents of the block and signature of the person who is creating this hash from the block. Instead of recording transactions individually, we record them in block and we have a chain of blocks also called as blockchain.
The person who is creating this hash for block is doing a service for the blockchain and needs to be compensated for his service (computing power, electricity etc.). This person is called a Miner. A small transaction fee is charged on each transaction to compensate the miner and this fee is called the Gas Price. The Higher the gas price more miners will be interested to process your transaction. Since there is an incentive for creating blocks, many miners will compete against each other to create block at the earliest.
Have a project in mind that includes complex tech stacks? We can be just what you’re looking for! Connect with us here.
Disclaimer: The opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Dexlock.