The Potential for Blockchain to Transform Electronic Health Records

An article published in the Harvard Business Review by John D. Halamka, MD, Andrew Lippman, and Ariel Ekblaw

A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy.

Traditionally, the interoperability of medical data among institutions has followed three models: push, pull, and view (discussed below), each of which has its strengths and weaknesses. Blockchain offers a fourth model, which has the potential to enable secure lifetime medical record sharing across providers.

Push is the idea that a payload of medical information is sent from one provider to another. In the U.S. a secure email standard called Direct is used to provide encrypted transmission between sender (for example, an E.R. physician) and receiver (for example, your primary care doctor). Although this has worked for health care providers in the past, it assumes that infrastructure is in place to actually make it work, such as the existence of an electronic provider directory for the community and a set of legal agreements enabling widespread sharing of data. Push is a transmission between two parties, and no other party has access to the transaction. If you end up being transferred to another hospital, the new hospital may not be able to access data about your care that was pushed to the first hospital. There is no guarantee of data integrity from the point of data generation to the point of data use — it is assumed that the sending system generated an accurate payload and the receiving system ingested the payload accurately — with no standardized audit trail.

Pull is the idea that one provider can query information from another provider. For example, your cardiologist could query information from your primary care doctor. As with push, all consent and permissioning is informal, ad hoc, and done without a standardized audit trail.

View is the idea that one provider can view the data inside another provider’s record. For example, a surgeon in the hospital operating room could view an X-ray you had taken at an urgent care center. Security approaches are ad hoc, not audited in a standardized way, and not necessarily based on an existing patient-provider relationship.

All of these approaches work technologically, but the policies surrounding them are subject to institutional variation, local practice, state laws, and the rigor of national privacy policy enforcement.

Blockchain is a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized “contracts” for data access.

Read the full piece on HBR.