Sensitive nature of medical data makes security a key challenge of the industry domain.
On the other hand, the internet is full of various materials about future of decentralization, blockchains, etc. A glorified blockchain's tamper-resistance put it on the front line of private data protection.
Undoubtedly, the blockchain technology has already made a serious impact on financial services and is transforming this domain successfully nowadays. In the meantime, a lot of top minds struggle with the issue of applying blockchain effectively in eHealth solutions to improve their security and reliability.
What blockchain technology is?
A blockchain can be determined as a kind of a "distributed ledger", meaning a unified database which is synchronised across several computers that form a peer-to-peer network.
Every machine in the network has a copy of the whole blockchain, therefore a single version of the blockchain cannot be tampered with or changed since other machines of the network will immediately notice and reject this action. Transactions are usually written into the chain as "blocks" of encrypted data, and multiple machines must confirm an entry before it is added to the master chain along with a cryptographic timestamp that cannot be changed.
The key advantage is that there's no central server to verify transactions. Unlike a traditional database, every transaction ever made is not only irreversible, but is indelibly written into the blockchain and stored on all machines in the network. So there's a verifiable, incorruptible paper trail for preventing fraud.
The main disadvantage is that blockchains grow over time, which can slow down transaction speed. For example, it can take 10-15 minutes to confirm payment in the most well-known public blockchain Bitcoin.
What can be stored in the blockchain to make it useful in healthcare system and keep it manageable?
For sure, the full medical records should not be written into the blockchain. It can decelerate the system and make it unmanageable in no time even on the enterprise level, not to mention a large-scale State EHR system.
I would recommend writing all the transactions into the blockchain. First of all, the history of all the actions in the system would be well secured. Also, blockchain size would not become unmanageable.
The idea does not pretend to be original. By securing history of all the actions, the system guarantees to patients and healthcare professionals that any criminal or improper use of medical records is immediately detected. Medical staff looking at a file with malicious intent will find themselves having to explain their actions. On the other hand, blockchain records audit is also a way to protect doctors who face spurious malpractice claims.
I.e. I'm for transparency and auditability of actions done in the healthcare system. And, by providing resistant to modification of stored data, blockchains make these records extremely reliable argument in the audit process.
Can an attacker cover up the evidence of improper use of medical records by modifying the data stored in the Blockchain?
Sadly for hackers, blockchains are decentralized and don’t have a single point of failure. So, it would require massive amounts of computing power to access every instance in blockchain network. But all the same, smaller blockchain networks are more sensitive to hacker intrusions. So, the bigger your network is, the more tamper-resistant is your blockchain.
And, for sure, do not ignore traditional safety rules:
- implement robust authentication process;
- guard carefully encryption keys;
- deny illicit attempts to change data or applications within the network, etc.
In a nutshell, the more secure IT-infrastructure - the more secure data.