Blockchain Could Be the Key to Healthcare's Cybersecurity Problem

Jared Kaltwasser
JANUARY 25, 2018
blockchain,fhir,onc,healthcare security

As healthcare organizations struggle to play catch-up in the world of cybersecurity, a new study suggests blockchain could be an important tool going forward.

Researchers from Vanderbilt University and Varian Medical Systems, a California-based medical device and software firm, looked at the implications of using blockchain technology to help healthcare organizations more securely and easily share data. Such information sharing between providers is a critical component of healthcare decision-making, according to experts.

The team evaluated FHIRChain, a blockchain-based system designed to comply with the “Shared Nationwide Interoperability Roadmap” put forth by the Office of the National Coordinator for Health Information Technology (IT). FHIR, pronounced as “fire,” is an acronym for Fast Healthcare Interoperability Resources.

Study co-author Peng Zhang, of the Department of Electrical Engineering and Computer Science at Vanderbilt, said in the current health IT landscape, many healthcare providers safely share data because both ends of the communication have a verified “trust” relationship, meaning they both use the same secure service. One of the most common, she said, is called “Direct.”

“Secure data sharing is hard, however, when parties don't have already established trust through these intermediaries (like Direct),” Zhang told Healthcare Analytics News™. “FHIRChain thus uses a blockchain-based approach to enable ‘trustless’ exchange with a ‘decentralized’ approach to data sharing.”

So, with a blockchain system, it would be easier for a big healthcare organization to share data with a local independent physician, since both sides wouldn’t need to share the same security service.

In such a system, healthcare organizations would have public keys—codes used to authenticate users—and individual doctors would have private keys that would identify them as the user attempting to share or receive information. Those keys could be embedded in electronic health records (EHR) or apps, or encoded into the employee’s identification card or fob.

Patients could also have private keys, though the authors acknowledge that could be a stumbling block for some since keys are too long to memorize and users might have difficulty keeping track of wallet cards.

Blockchain is considered by many to be the most secure way to exchange data. It became famous as the backbone of the infamous cryptocurrency Bitcoin. Meanwhile, the healthcare industry continues to face significant challenges when it comes to keeping data both secure and accessible. Those challenges have perhaps become most obvious with the recent rash of ransomware attacks.

Zhang said her research shows blockchain could be a feasible fix for the healthcare industry’s woes.

So what would it take to actually switch to a blockchain-based system like FHIRChain? Zhang said overall he expects FHIRChain to be a low-cost solution. For one, providers would have fewer costly data mishaps. For another, storing data in a blockchain is less expensive than storing it in a data center. The main cost, Zhang said, would come during the setup phase.

“A blockchain-based consortium is thus analogous to the internet… Its basic infrastructure is not free, but costs have become low enough to make universal access available, as will blockchain-enabled infrastructures as they become more widely adopted,” she said. “The software implementation of FHIRChain is much less complex than an EHR system. In fact, it can be created as an add-on to an existing EHR system, in which case the software costs would not be significant.”

The paper, dubbed “FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data,” was published as a preprint (PDF) this month. It has been submitted to the Journal of Network and Computer Applications.

SHARE THIS SHARE THIS
68
Become a contributor