IBM Watson Health has signed a deal with the US Food and Drug Administration (FDA) to research secure healthcare data exchange. This will be about whether blockchain technology can improve the security of patient records and data. This study that will be watched eagerly by healthcare vendors, data regulators and patients. The study will focus initially on oncology-related data, an area in which IBM has several prominent customers.
Shahram Ebadollahi, Vice President for Innovations and Chief Science Officer, IBM Watson Health said: “The healthcare industry is undergoing significant changes due to the vast amounts of disparate data being generated. Blockchain technology provides a highly secure, decentralized framework for data sharing that will accelerate innovation throughout the industry.”
Giving the patient control over their data
Patients have little control over their data. It is gathered by different healthcare providers and is stored and shared at their discretion. This project is looking at how to change that. It is aiming to introduce additional levels of security around data capture and sharing. It is aiming at allowing the patient to control all access to the data. This is an important step as it means that data cannot be used without seeking explicit patient permission.
The choice of blockchain is important here. IBM placed all of its blockchain research under the control of the Linux Foundation Hyperledger project. That project has developed a permissive sharing model that allows for granular control of data. Early blockchain models required any transaction or change to be reflected in every copy of the blockchain ledger. This means that any transaction is fully audited and tracked making hacking or changing the ledger exceptionally difficult.
IBM and the Hyperledger project are approaching this differently. They are promoting a model where only those involved in a transaction have to keep accurate records. In this scenario it means that only the patient and those healthcare providers it is allowing access to its data need to keep a record of the transaction. By doing this it eliminates the scaling problem of early blockchain ledgers.
This approach will also create the ability to do granular control of data. Billing teams do not need to know procedures and treatment from other healthcare providers. Similarly they do not need access to detailed medical records, just an abstract that contains the billable components.
Increased encryption will reduce data theft
This is a solution that will bring greater and more complex encryption to data. It doesn’t matter where the data is generated from. Data from a doctor’s office, pharmacy, medical image machines and devices attached to patients will need to be encrypted. Implemented fully it will also cover the administrative function. This will reduce the risk of sensitive data being stolen by hackers. What this will not do is reduce other security threats such as ransomware.
There are challenges to overcome. Among these are the ability for the encryption of all data at the point of creation. Patient notes created on a mobile tablet or input into a computer will need encrypting as they are stored. This will require software and processors capable of doing that work. With the speed of technology advancement that is not a huge issue.
A bigger challenge is machine generated data. Medical imaging data is already encrypted by some vendors. However, machines that monitor a patient in post-op wards and send that data back to a central patient record do not have the processing power to do real-time encryption. This means that the project will have to consider carefully where data is encrypted and how it is transmitted and stored.
Conclusion
Anything that improves the protection of patient data is to be welcomed. Patient records are accessed too easily today. As healthcare becomes a more decentralised function, the number of places that data is stored is increasing. Giving the patient a way to ensure that it is not misused is a significant step forward.
It is also important that this project is starting in the US. It has more private healthcare providers and a more decentralised healthcare system than anywhere else. This will provide a real test of any solution and its ability to improve patient control.
