基于区块链来安全存储病人的病例.pdf

August2016MovingTowardaBlockchain-basedMethodfortheSecureStorageofPatientRecordsDrewI 2 AbstractTodays methods of recording and sharing patient data have a number of limitations that restrict patients access to their clinical records,reduce availability of essential data to care providers,and ultimately present a barrier to transforming U.S.healthcare into a learning health system.Storing patient healthcare data in a blockchain-based storage scheme can remediate these shortcomings.This paper discusses blockchain as a novel approach to secure health data storage,implementation obstacles,and a plan for transitioning incrementally from current technology to a blockchain solution.OverviewofTodaysEnvironmentAs recently as 2008,less than 10 percent of medical records were stored electronically(Figure 1)1.Paper based records are difficult to move or copy from their original location to other places of service or directly to the patient.Today,nearly all medical records are stored in electronic health record(EHR)systems,yet data remains largely non-portable.Several factors contribute to the difficulty of providing and controlling access to healthcare data.Many healthcare providers err on the side of caution when interpreting HIPAA requirements2,sharing data only when absolutely required.This extends to restricting patients and their proxies from accessing data about their own health.Some institutions perceive data stewardship as a competitive advantage.Owning the patients medical record promotes“stickiness,”while sharing it allows the patient to seek care from another institution.Healthcare providers perceive the patients medical record as their property rather than the patients.While this is true in a legal sense3,it creates unnecessary and sometimes costly obstacles for patients that need or want to move their medical records to another location.Meaningful Use,the program responsible for the fast adoption of EHRs in the past seven years,requires that providers enable patients with the capability to view,download,and transmit their records to other locations4.Most providers today are sharing at least some data with external systems5,indicating limited progress in this area;however,the status quo remains that information generally stays in the system that generated it.This is a significant enough problem that the Office of the National Coordinator has adopted procedures to identify and correct instances of“information blocking.”6 The difficulty in securely moving and sharing health data in a timely manner has detrimental impacts on patient care.In a 2008 essay7,Doc Searls relates a personal anecdote that describes the type of impact that poor record sharing can have on patient treatment.His conclusion is that patients need to be in control of their healthcare,and that includes controlling their healthcare records.In his words,the patient needs to become the platform for healthcare,but“for patients to become platforms,we need more tools and capabilities that are native to the patient.”Searls goes beyond stating that electronic health data should be easy to share;he advocates making patients the custodians of their own healthcare data,so that they ultimately control where and how it can be used.Figure 1.Adoption of Electronic Health Records in Federal Acute Care Hospitals 3 As adoption of electronic health records increases,failing to execute on the promise of sharable health data is not the only problem facing EHR systems.Broader adoption of electronic health records has enabled previously unknown levels of health data breaches8(Figure 2).A majority of patients are concerned about privacy and security of medical records,and some patients withhold information from their healthcare provider because of these concerns9.Widespread adoption of electronic health records needs to be a secure,trusted and efficient solution to the problem of being unable to share data among providers,patients and researchers.Instead,the information silos are nearly as impenetrable as they were in the days of paper records,with the added risk of frequent,high impact data breaches.Blockchain-basedMedicalRecordStorageandDataExchangeA possible solution to these(and many other)issues is the implementation of a patient controlled,blockchain-based system for clinical record maintenance and sharing.To understand how blockchain technology can improve the security and efficiency of electronic health data storage and sharing,it is first necessary to provide an overview of blockchain technology and its benefits.Blockchain technology rests on three foundational tenets10.First,data is stored in a public,immutable transaction ledger that anyone can read.Because the transactions can never be deleted or changed,there is always a complete and irrefutable record of all transactions.Second,blockchains are implemented in a decentralized network of computing nodes,which makes them robust against failures and attacks.Decentralization also means that no entity owns or controls the blockchain.Third,the metadata describing each transaction is available to everyone on the system,but that does not mean the data stored within the blockchain is readable.Blockchain relies on pseudoanonymity(replacing names with identifiers)and public key infrastructure(PKI),which allows the blockchains contents to be encrypted in a way that is prohibitively expensive to crack.When applying blockchain technology to health data,each of these foundational tenets applies.ImmutableTransactionLedgerBlockchain was originally conceived as an infrastructural component of the cryptocurrency,Bitcoin.The transactions on Bitcoins blockchain represent financial transactions:moving specific amounts of Bitcoin from one account to another.Anyone can verify which account a particular Bitcoin belongs to by using appropriate software tools to examine the transactions on the public blockchain.In a healthcare context,transactions would consist of documentation of specific episodes of healthcare services provided.Healthcare providers,payers and patients would contribute encrypted data,which would reference a patient ID,to a public blockchain.This could include clinical data that is stored in EHR systems today;claims history and gaps in care from payers;and family history and device readings from patients.This Figure 2.Number of individuals affected by health information breaches 4 information would be encrypted and stored in the blockchain and could only be decrypted by parties that have the patients private key11.(Figure 3).Because the ledger is immutable,no one can erase or alter the record.Updates include metadata records of the date,time,location and entity making the update.In this way,a blockchain-based medical record will be self-auditing.DistributedNetworkFinancial,legal,healthcare and other types of transactions have some common requirements.It is necessary to establish the identities of the parties involved in the transaction,maintain trust,ensure that transactions are recorded properly and cannot be altered,and that the infrastructure in which transactions occur is stable.Prior to blockchain,the only way to achieve these goals was to establish a strong central authority to provide these services,for example banks,governments and clearinghouses.In the domain of health records,each hospital or health system serves as its own central authority to provide record keeping and transmission services.The traditional,centralized transaction infrastructure is a natural solution to the problem.While it has many advantages,there are also drawbacks.A centralized infrastructure is vulnerable to failure,corruption and attack.This architecture causes the information silos that are prevalent in healthcare today.Blockchain replaces the centralized infrastructure with a distributed one.The blockchain software is running on thousands of nodes distributed across an entire network.To process a transaction,it is distributed to all the network nodes,and the transaction is cleared when the nodes have reached a consensus to accept the new transaction into the common ledger.The process is technologically sophisticated,but it replaces entire record keeping and transaction processing institutions.This lowers transaction overhead in terms of price and execution time.It also means there is no single point of failure,providing a more robust,safer infrastructure.StrongEncryptionPublic Key Cryptography is an encryption system that uses pairs of keys:a“public key”available to everyone and a“private key”that is known only to its holder.Either key may be used to encrypt a message,but the other key must decrypt the message.Practically speaking,there are two use cases involving public and private keys.First,a sender can encode a message with a public key and be sure that only the holder of the private key can decrypt it.Second,a message or document can be encrypted with a private key.If the message makes sense when it is decrypted using the corresponding public key,its guaranteed that the holder of the private key is the party that encrypted the message.This is sometimes called“signing”a message12 because it is analogous to someone putting his unique signature on a document.Blockchain also supports a concept called M-of-N signatures or“multisig,”meaning that there are a total of N cryptographic keys,and at least M of them have to be present in order to decrypt the data.In this way,the patient can provide keys to authorized caregivers,doctors and others to grant access without the patients specific key13.For Figure 3.Example of financial versus healthcare blockchain transactions 5 example,this is useful when the patient is incapacitated and cannot provide consent to access the data.Public Key Cryptography is an important concept for blockchain.All transactions are signed with private keys as a way of establishing the participants identities.In the context of storing healthcare data in a blockchain,cryptography would have the additional role of encrypting the contents of the message,so that only intended users can read its contents.ImplementingaBlockchainSolutionTo implement a blockchain-based healthcare record system,EHRs and other record keeping systems would encrypt and send a transaction containing patient care documents encounter notes,prescriptions,family histories,etc.into the public healthcare blockchain.The transaction would include a digital signature from the contributor to trace provenance and the patients blockchain ID as the recipient of the transaction.After the documents are stored in the blockchain,patients would use a web-based or mobile application to view their blockchain contents and to grant or revoke access to specific parties.This type of system has a number of advantages over current methods of record keeping:1.Patients becomes the platform,owning and controlling access to their healthcare data.This removes all obstacles to patients acquiring copies of their healthcare records or transferring them to another healthcare provider.2.Because data is stored on a decentralized network,there is no single institution that can be robbed or hacked to obtain a large number of patient records.3.Data is encrypted in the blockchain and can only be decrypted with the patients private key.Even if the network is infiltrated by a malicious party,there is no practical way to read patient data.4.The infrastructure itself provides auditing and non-repudiation capabilities.The methods used to add the data to the blockchain also include tamperproof timestamps,account IDs,and methods of determining if the contents have been altered.A blockchain-based method of storing healthcare data includes all the expected criteria of a medical record keeping system,and it goes beyond what a traditional,centralized system can do because it improves patients access to their records and strengthens security against data breaches.APracticalFirstStepIt is nave to think that the healthcare industry will discard todays solutions and re-implement its recordkeeping systems on a blockchain architecture.Healthcare is a risk-averse industry,unlikely to readily accept the time and cost required to shift to a new and unproven technology.In addition,there is a great deal of inertia and investment in the status quo.To achieve high rates of EHR adoption,the Centers for Medicare&Medicaid Services(CMS)has spent over$30 billion since 201114.A new approach to recordkeeping will need to respect this investment and work alongside the existing EHR infrastructure,not supplant it.The institutions that are maintaining healthcare data in centralized systems perceive patient data as a valuable asset,and it will be difficult to change their way of thinking.While a blockchain-based solution may be an option at some point in the future,the near-term requires a bridge solution.The following,proposed solution includes creating 6 a new facility for storing clinical data that is based on blockchain technology,while continuing to use todays EHR(and other)systems to capture and store patient data.This provides many of the advantages of the blockchain solution,while leveraging current healthcare IT investments.Existing standards and policies provide the framework for copying data from traditional systems into the new,blockchain-based system.The new system will effectively be a blockchain-based personal health record(PHR).The proposed solution begins with todays health IT systems,primarily EHRs,but also potentially includes laboratory information systems,radiology systems,payer databases,medical devices and consumer devices.These systems will continue to operate as they do today,storing data in their proprietary databases.In addition to storing its own copy of the data,each system will also transmit a copy to the blockchain-based PHR.All EHR systems that are Meaningful Use compliant must provide the ability for patients to view,download and transmit their health information in human readable as well as machine readable format15.The document format is C-CDA,a machine-readable XML format.By applying a style sheet to the C-CDA document,it becomes an HTML file that can be read by a human using a web browser.Many health systems satisfy the view/download/transmit criterion by making C-CDA documents available to the patient on a patient portal.From there,the patient can download or forward the document to the destination of their choice.Some EHR systems also offer other methods of transmission that do not require a patient portal.There are three options for connecting an EHRs view/download/transmit function to a blockchain-based PHR:Option 1:EHR vendors implement a blockchain client within their EHR software that communicates health information directly and automatically to the blockchain-based PHR.(See Figure 4 below.)This would be the preferred option,but it requires effort and cooperation on the part of EHR vendors and is unlikely to occur without regulation or incentive.Option 2:EHR vendors use exist