Uncategorized

How To Secure Your Health Records And Avoid Privacy Hacks

By April 4, 2018 One Comment
Image from Thinkstock

What The Healthcare System Looks Like Now

Finally, Friday rolls around and the long awaited happy hour plans you had to kick it with the guys doesn’t sound so happy anymore. Your throat hurts with every swallow, your head weighs a thousand pounds and ready to explode, and all you want to do is go home and crawl into your warm bed. After a sleepless night of coughing, sneezing, and bodily aches, you realize you need to get yourself to the doctor; and yay, it’s a cold, rainy Saturday morning! Can it get any worse?…Well it can…

….What’s worse than being ill is the additional nightmare of finding an available in network doctor, scheduling an appointment, filling out redundant paperwork, sitting in waiting rooms, figuring out insurance coverage policies, pharmacy prescription pick-ups, medical bills, and the list goes on… all the while you are feeling worse with every passing minute.

Sometimes finding treatment is worse than being sick. The patient journey in today’s complex healthcare system is laden with delays, inefficiencies, and vulnerabilities. For example, some fail to see the very real and serious risk of Personal Health Information (PHI), Personally Identifiable Information (PII), or confidential health records can cause if acquired by an unknown party. Outside of the Very few realize the significant risk of financial, fraudulent, reputational harm this type of exposure can harm your safety, identity, privacy, and reputation.

As you can see a patient’s journey has several touchpoints- there is you “the patient”, care providers (doctors, nurses, hospitals, home health care, etc.) administrators, payors, pharmacies, hospitals, and many other points of interaction that your personal information encounters on the way from the germ to the treatment, it is not immune and is vulnerable to cyberattacks. Therefore, healthcare services must balance patient care with information privacy, access, and completeness. It is true that the healthcare industry is strongly related to paperwork — health records, medical history, laboratory tests, diagnostic examinations, prescriptions for medications, other protocols etc. It drowns in this sea of papers and never comes up long enough to cure and heal the patient. Clearly, it stands to benefit immensely from embracing an emerging technology that’s pitted to revolutionize the entire administrative and functional ecosystem, critical to the welfare of humans everywhere.

………..Drum roll……… Enter Blockchain Based Smart Contracts.

How smart contract are set up and executed / Ameer Rosic / Blockgeeks

What are they? Google it and you’ll get results like the following jargon or similar

  • Pre-written computer code (a complex set of “if-then-else” statements).
  • Smart contracts are deployed, replicated, and then executed on a distributed network of computers (blockchain).
  • Blockchains allows for multiple parties that do not know or trust each other to maintain consensus as to the state of and changes made to a shared database. The cryptocurrency Bitcoin has leveraged this technology to enable payment transactions between strangers without need for a third-party financial intermediary (that is, a bank).
  • Smart contracts have the ability to execute updates to the shared ledger, and may be authorized to make payments (cryptocurrency).
  • Blockchain-based smart contracts are self-executing code on a blockchain that automatically implement the terms of an agreement between parties.

What all this really means is that blockchain enabled Smart contracts help you exchange money, property, shares, or anything of value in a transparent, secure, and conflict-free without a middleman’s service. Smart contracts allow us to exchange value without a third party being involved or knowing of the transfer. In effect, by minimizing the trust required for an exchange, they allow for the complete automation of contract fulfillment. In so doing they by-pass the legal system and create a series of self-enforcing contractual mechanisms to create what has been called a “crypto-legal” contract.

For a wide range of potential applications, blockchain-based smart contracts offer several benefits:

  • Speed and real-time updates. smart contracts use software code to automate processes that are normally performed manually
  • Accuracy. Human error is less likely to occur since processes are replaced by automation.
  • Lower execution risk. The decentralized nature of smart contracts virtually removes all risk of data manipulation, non performance, human errors since these tasks are no longer managed by individual parties and are executed automatically by a network.
  • Fewer intermediaries. Third party intermediaries and middlemen are no longer relied upon to ensure “trust” between involved parties
  • Lower cost. Efficiencies and new processes enabled by smart contracts save time and reduce costs of manual resources.

As the field of applications grows, industry leaders are customizing and tailoring the blockchain technology and specifically smart contracts to fit very particular uses. In healthcare for instance, one can realize the potential of Smart Contracts through some relevant use cases:

  1. Smart Contracts and Data Commons
PokitDok teams up with Intel on healthcare to provide blockchain solutions / Ted Tanner / PokitDok

Smart Contracts encoded in a blockchain would specify the conditions under which a user’s personal information would be shared. Below shows this scenario, where a user would agree to share their health data on a data commons which is a shared virtual space where scientists can work with the digital objects of biomedical research such as data and analytical tools. All personal information would be removed from the health record. A unique Bitcoin-type address would be tagged to the record and a smart contract encoded in the Blockchain would specify the conditions under which information would be shared (e.g., share with all university accredited researchers, share only if the data owner uses, share on for payment greater than a specified amount, etc). This would allow researchers to request access to the information. The smart contract would automatically verify if the requester is a valid user and consult the smart contract conditions that determine if access to the personal information is grantable or not.

Electronic Medical Records (EMR) / Ritesh Rehrotra / LinkedIn Slideshare

The trifecta of benefits this system provides are:

(1) It ensures privacy and security for the owner of the data;

(2) It allows the data owner to see when the data has been used (i.e., as a transaction of the Blockchain);

(3) Gives the individual ownership of their health record.

Once individuals have obtained full ownership of their data, they are in possession of a valuable resource. By pooling these data with other individuals (via data pooling services?) they gain the power to sell and control access to their data. This shift of power in the healthcare industry from insurers and other parties to individuals could result in a market-based system for health care data that could be used radically transform the healthcare system.

  1. Insurance Benefit Check via Smart Contracts on the DokChain

PokitDok, a healthcare software provider and a McKesson Ventures portfolio company created its own blockchain platform for healthcare called DokChain. This secure blockchain-based network is focused on value-based solutions such as streamlining the business of health by providing a development platform of APIs to process eligibility checks, claims, scheduling, payments, identity management, and other business transactions rather than the use of archaic Electronic Medical Records (EMRs). This AI is in the form of smart contracts which reside on the DokChain. PokitDok’s expanding set of APIs will, in turn, connect all healthcare participants to the AI-rich DokChain and to each other with the goal of connecting all endpoints (participants and stakeholders) in the healthcare ecosystem into a single secure blockchain network. These endpoints will not only include EMRs, but devices such as heart monitors and other connected devices. After pulling in data from all the endpoints participating in a given “episode of care,” the DokChain records it, while handling permissions through “access grants” via smart contracts that DokChain “maintains and verifies.” The result is a distributed network of secure, richly organized healthcare data for stakeholders to track and share.

A typical use case for Smart Contracts coupled with DokChain is running a check to determine if one’s health insurance will cover a knee examination:

  1. The PokitDok Eligibility API calls a smart contract on the DokChain that handles eligibility.
  2. The smart contract verifies that the requester has permission to access the health insurance benefit data.
  3. The smart contract requests the benefit data from the health insurance provider, in this case Cigna.
  4. Cigna returns the benefits data “in less than a second.”
Flow of the process on DokChain for an Eligbility Check / Jasmin Rai / Deloitte Consulting, LLP.

Prior to the eligibility transaction itself, or any other DokChain transaction for that matter, identity must be established for the interacting parties. Identity is established via a smart contract or wallet for each participating entity. Providers and consumers get wallet codes on the blockchain that implement access control and storage for verified tokens. Payers are typically represented by smart contracts representing the services they provide, in this case eligibility verification.

One important characteristic of Smart Contracts are that data itself is not stored on the blockchain (DokChain), but rather in the secure PokitDok Platform and the smart contract enables access grants to the data, in this case would be insurance benefits along with a complete record of the transaction, that which in turn can be shared with the participants subject to their permission grants to access the data. This pattern for creating identity, managing access grants, storing cryptographically verified pointers to off-chain data and orchestrating interactions of these identities with healthcare services is a repeatable means to bring all of the business of health to the blockchain.

Jennifer Bresnick / Health It Analytics
  1. Smart Contracts and Data Transparency in Clinical Trials

The scientific credibility of findings from clinical trials can be undermined by a range of problems including missing data, endpoint switching, data dredging, and selective publication. Together, these issues have contributed to systematically distorted perceptions regarding the benefits and risks of treatments. While these issues have been well documented and widely discussed, legislative intervention has seen limited success. The use of blockchain to prove the existence of documents describing pre-specified endpoints in clinical trials is enabled by smart contracts which enables how trust in clinical trials can be enforced and data manipulation eliminated. Smart contracts can provide a novel technological solution to the data manipulation problem, by acting as trusted administrators and providing an immutable record of trial history.

The system is composed of a hierarchical arrangement of two core types of smart contract — regulator contracts and trial contracts — with subjects and their associated clinical measurements appended to a container within the trial contract. The logic within the trial contract effectively enforces aspects of the trial protocol, ensuring that neither subjects nor measurements are appended outside of the predetermined trial timelines, while the tamper resistant characteristics of the blockchain prevent data manipulation.

A private blockchain network consisting of regulators, pharma and contract research organizations / Jasmin Rai / Deloitte Consulting, LLP.

Where will smart contracts take healthcare next?

I personally, as a Risk Manager and Specialist Master in Healthcare and Life Sciences at Deloitte, have helped organizations understand the potential application of smart contracting in their industry and advised them on the challenges and issues and opportunities that may be involved. I have modeled and simulated Blockchain Based smart contracts in the Markets prevalent to those organizations, as I have developed a series of mathematical models that simulate how different Blockchain-based smart contracts and exchanges might work and estimate potential revenue and savings associated with different applications in healthcare. With Blockchain Analytics of smart contracts I regularly conduct analyses to identify potential patterns and trends to create efficiencies.

So, where will smart contracts take healthcare next? As you can see, the possibilities are endless!

Ted Tanner / PokitDok

Where will smart contracts take healthcare next?

I personally, as a Risk Manager and Specialist Master in Healthcare and Life Sciences at Deloitte, have helped organizations understand the potential application of smart contracting in their industry and advised them on the challenges and issues and opportunities that may be involved. I have modeled and simulated Blockchain Based smart contracts in the Markets prevalent to those organizations, as I have developed a series of mathematical models that simulate how different Blockchain-based smart contracts and exchanges might work and estimate potential revenue and savings associated with different applications in healthcare. With Blockchain Analytics of smart contracts I regularly conduct analyses to identify potential patterns and trends to create efficiencies.

So, where will smart contracts take healthcare next? As you can see, the possibilities are endless!

For How You Can Incorporate Smart Contracts On Your Healthcare Platform — Reach Out To Me 👇

Jasmin Rai — Quality and Risk Manager (QRM) — Life Sciences & Healthcare at Deloitte Consulting

Linkedin: Jasmin Rai

One Comment

Leave a Reply