Blockchain technology has paradigm-shifting potential in the healthcare IT space, but questions remain as to how soon this potential will be realized.
As we’ve covered before, hospitals and other healthcare organizations are among cybercriminals’ favorite targets. “The healthcare sector has probably suffered more than most in terms of ransomware,” laments McAfee Chief Scientist Raj Samani. “What we’re seeing today is the…proliferation of ransomware — which really started in healthcare.”
In fact, not only did over half of American hospitals fall prey to a ransomware attack between 2015 and 2016, but nearly 90% of healthcare organizations suffered some sort of cybersecurity breach during that interval. The average cost of one of these incidents sits at $2.2 million — a figure that doesn’t even include the $22.8 million American healthcare organizations paid in HIPAA violation settlements in 2016 alone.
And while experts like Frost & Sullivan Connected Health Analyst Nancy Fabozzi point out that “Hospitals are transitioning…to a new [cybersecurity] approach and mindset that is proactive, holistic, and coordinated,” the transition has thus far been a slow one. The healthcare industry is in desperate need of a catalyst to kick its transformation into high gear, and many analysts believe the blockchain could be that catalyst.
Originally created to undergird the cryptocurrency Bitcoin, blockchain is an encrypted distributed ledger that functions as a shared database accessible to anyone who is a member of its decentralized network. Unlike in a standard web infrastructure like the hypertext transfer protocol (HTTP), only one set of complete information exists in a blockchain protocol at any given time, and this information is universally accessible.
Any and every change that is made to a blockchain is a function of the entire decentralized network, making it essentially impossible to alter an existing record without massive collusion among users. “Blockchain has proved itself robust and adaptable to dozens of high-impact use cases,” says Alex Tapscott, coauthor of Blockchain Revolution. “Companies need to develop compelling enough applications that it can make a real impact, [and] this is already happening.”
While most healthcare-oriented applications of blockchain technology are still in their infancy, a recent report published by BIS Research predicts that the global healthcare blockchain is set to enjoy a 64% compound annual growth rate from now through 2025, at which point it will surpass $5.6 billion in value.
Of healthcare-oriented blockchain’s $5.6 billion 2025 market valuation, the BIS report predicts that the largest market share (nearly $1.9 billion) will be occupied by blockchain technologies that facilitate the alignment and shareability of EHRs — that is, their interoperability.
According to the MIT Technology Review, medical professionals in the city of Boston alone currently use an astounding 26 different EHR systems, “each with its own language for representing and sharing data.” This lack of standardization becomes a problem when a patient moves between different healthcare providers, as, for instance, their cardiologist’s EHR system might not be able to read the records sent over by their primary care physician.
A blockchain-based EHR system could potentially solve this interoperability issue once and for all. When a physician adds an entry to an EHR blockchain, they create an immutable record that can be accessed by anyone with the proper credentials. “Eventually, there will be a blockchain of your health data, and you will have the key to it,” explains Nicholson Center for Surgical Advancement CTO Roger Smith. “Each chain of the blockchain will hold data from a physical exam, or will be a pointer to larger files, like scans.”
Of course, seamlessly interoperable EHRs have limited value if they’re prone to the same kinds of breaches with which the healthcare industry is already struggling. Fortunately, blockchain’s ability to function without a central administrative server means that hacking a blockchain-based EHR system is nearly impossible.
The content of a blockchain never exists in its entirety on any single device or system, depriving cybercriminals of a clear point of attack. Further, the mechanics of a blockchain make it nearly impervious to insider manipulation or other types of malpractice. “Most healthcare data is centralized at the level of a corporation, healthcare facility, or government registry,” says Beth Israel Deaconess Medical Center CIO John Halamka. “Blockchain is decentralized, and therefore not impacted by the behavior of any one organization.”
In other words, since a blockchain-based EHR system depends on every member of its network to function, rather than on a central administrative node, each change must be verified and approved by multiple parties. If someone tries to add a “block” that retroactively alters a previous patient record without clear cause, their edit will almost certainly raise a red flag and be denied.
As exciting as the prospect of more secure, more interoperable EHRs may be, the reality is that widespread use of blockchain-based healthcare technologies is still years away, not least because it remains unclear if (and how) they will be made HIPAA-compliant. “Until we have a policy change at the highest levels of government, I don’t think that blockchain will be more than a point-solution for data security,” comments MDigitalLife founder Greg Matthews.
As such, while healthcare organizations should keep an eye trained on how blockchain technology continues to develop, for the time being, they need to figure out a way to secure their IT infrastructure with the tools already at their disposal.
For many organizations, the easiest way to do this is to partner with a cybersecurity expert like Turn-key Technologies (TTI).
At TTI, we have nearly three decades of experience helping organizations in the medical space keep their mission-critical systems high-functioning and secure. We understand the unique challenges of healthcare IT, and our award-winning team of technicians is capable of crafting an IT solution tailored to any organization’s needs.