Professional Documents
Culture Documents
2 5
https://www.healthit.gov/sites/default/files/nation https://www.accenture.com/t20150723T115443__
wide-interoperability-roadmap-draft-version-1.0.pdf w__/us-en/_acnmedia/Accenture/Convers ion-
3 Berwick, D and Hackbarth, A; Eliminating Waste in Assets/DotCom/Documents/Global/PDF/Dualpub_1
US Health Careil, JAMA. 2012;307(14):1513-1516. 9/Accenture-Provider-Cyber-Security-The-$300-
doi:10.1001/jama.2012.362. Billion-Attack.pdf
4 6
https://www.healthit.gov/sites/default/files/nation https://ocrportal.hhs.gov/ocr/breach/breach_report
wide-interoperability-roadmap-draft-version-1.0.pdf .jsf
2
Copyright © 2016 Accenture. All rights reserved.
blockchain will vastly improve the non- transparency and ensure that only entitled
repudiation and auditability of each parties can see necessary data. To protect
healthcare transaction. Patients would be the privacy of each user, healthcare
empowered to manage their own private organizations can also use a number of
keys as they wish. Since systems do not store solutions such as tokenization,
actual Personal Health Information (PHI) on pseudonymization or masking technologies.
the blockchain, and use cryptographic keys Once a party has joined the chain, additional
to authenticate a user, it reduces the risk parties can help to increase the quality and
related to sensitive data leaks compared to reliability of its identity. For example, to
today. Furthermore, the governance rules of enable faster access to care providers, a
a blockchain solution would pre-define patient can provide additional certified trust
authorities (such as the Federal PKI Bridge
Why use Blockchains?
Certification Authority, provider-specific
A blockchain allows a system of Certification Authorities, or an authority
independent actors to share a record of from another industry such as financial
digital assets, transactions and services) to support an identity claim.
Patients could boost the level of trust
information without the need for a
associated with their identities by requesting
central, trusted third party. It enables
acknowledgement from trustworthy entities
users to replace certain inefficient
such as banks, employers or existing primary
intermediary functions in different healthcare providers on the chain. The
economic, social and technological system could also rate sources of trust, and
systems with decentralized digital the strength of the verification would
networks. depend on the reliability of those sources.
Originally conceived as a way to Linking identities
disintermediate the financial The benefits of using a blockchain identity
establishment, the blockchain’s include the distributed ledger feature, which
strengths have attracted the attention of enables complete record integrity and
a variety of industries. Healthcare transparency, and the system’s
nonrepudiation capability, which can
players can and should apply many of
become an enormous benefit in dispute
the lessons learned during the aggressive
resolution and fraud reduction cases. For
early experimentation and example, because the blockchain infers that
implementation within financial services. the owner of the key is the actual person
Increasing numbers of large that the records concern, when that person
organizations beyond financial services dies, any trusted party on the chain with
are investing heavily in exploring the knowledge of the fact could add this
technology’s value as a digital business information to the system, thereby boosting
platform. its accuracy.
While a number of different tools can
In short, blockchain will not replace but
periodically authenticate the user, health
rather re-architect many incumbent
professionals must also ensure that identity
business models, removing friction and
claims are true and reflect the user’s status
vastly improving data sharing in a highly at a given point in time. This is especially
access
secureand control permissions
environment to assure the
while leveraging
appropriate levels of privacy versus crucial for healthcare providers, as issues
existing IT infrastructure.
3
Copyright © 2016 Accenture. All rights reserved.
surrounding fraud, waste, and abuse have to support ONC’s roadmap directly,
become of paramount importance to both organizations should consider making
providers and payers 7. Furthermore, investments in a number of aspects of the
patients with access to an immutable record blockchain, its technology and its
of care might question the credibility and administration. All of which build on existing
value of the care provided to them if IT investments made by healthcare
inaccuracies exist. organizations. They include:
The integrated nature of the blockchain also Core technical standards and functions -
means that the technology inherently links Envision a scenario where providers and
the disparate identities authenticated at the provider organizations (as well as patients
point of care for both patients and health- themselves) can store data for patients
care professionals. (including private identity information) in
Recording patient consent traditional databases and associate that
information to the blockchain using
Several blockchain uses tie directly to the
cryptographic hash functions. This concept
achievement of the short- and long-term
enables users to control their own data while
goals of the ONC roadmap. For example, a
at the same time allowing the network to
key factor in the sharing of patient
validate identities. It also lets users access
information involves gaining the consent of
various data sources, tying together
the person receiving treatment.
currently disparate systems that require
Fundamental to the underlying professional
often-intense validation and reconciliation
ethics of healthcare, empowering the
processes.
individual in this way is also a foundational
consideration in internationally accepted Certification to support the adoption and
approaches such as Privacy by Design8. optimization of health IT products and
services - Because this concept envisions the
By capturing patient consent statements in
storage of actual patient and provider data
an immutable blockchain, healthcare
“off-chain” with access via a secure hash
professionals and others involved in the care
function stored on the blockchain, the
cycle are able to trust those statements and
approach should satisfy the desire for
act upon them accordingly. In addition,
increased flexibility in the ONC regulatory
patients are able to add consent statements
structure. Essentially, data transport and
at any point in their care journey – confident content functions remain separate and can
that the blockchain will hold them securely.
be attested individually, while at the same
Healthcare professionals can act upon those time the approach will broaden health IT to
directives, and the systems that they use can
settings such as long-term and post-acute
interpret them as access control decisions –
care environments.
with the assurance that the system is
adhering to patient wishes. A supportive business, clinical, cultural and
regulatory environment - The blockchain
The foundation of blockchain-enabled health phenomenon aligns with a broader change
information exchange
in the culture of interoperability, since it
To reinforce the benefits outlined in this defines a patient and provider trust model
paper, and to utilize blockchain technologies where patients have a greater willingness to
7 8
http://www.healthaffairs.org/healthpolicybriefs/brief.php?brief_i https://www.ipc.on.ca/images/Resources/7foundati
d=72
onalprinciples.pdf
4
Copyright © 2016 Accenture. All rights reserved.
participate in an interoperable, learning healthcare information. The enabling factor
health system. They also have more control for this change involves the blockchain’s
over how their data is used. distributed ledgers, which offer superior
The rules of engagement and governance of patient access compared to other forms of
the exchange of health information - patient engagement, such as Personal
Blockchain technology will change the model Health Records (PHRs). The blockchain can
for engaging with and governing a Health also promote coordinated data exchanges
Information Exchange. There is greater among providers and payers because it
potential for shared patient/provider/payer reduces the current trust barriers that
collaboration using the blockchain
From a regulatory and audit perspective, entries can be added to—but not deleted from—
the distributed ledger. A network of communicating nodes running dedicated software that
replicates the ledger among the participants on a peer-to-peer basis performs the
maintenance and validation of the distributed ledger. All information shared on the
blockchain has an auditable trail, which means it has a traceable digital "fingerprint.” The
information on the ledger is pervasive and persistent and creates a reliable “transaction
cloud” so that data cannot be lost and can only be technically corrupted by any of the
participants at prohibitive cost. Consequently, the technology essentially eliminates single
point of failure risks and data fragmentation disparities among counterparties.
From a security perspective, cryptography protects the data via a number of different
mechanisms. Users can address privacy and transparency needs using different consensus
mechanisms specified by the protocol and public and private key pairs. A blockchain
environment protects information at the data element level rather than in aggregate, and
appropriate parties can only access data using appropriate permissions as defined by the
protocol. Blockchain technology can also obfuscate data (i.e., the nodes, while having the
data and knowing it is valid and validated by the rest of the network, will not be able to
read it unless given access).
9 10
https://www.healthit.gov/sites/default/files/reports http://www.modernhealthcare.com/article/2016012
/info_blocking_040915.pdf 3/MAGAZINE/301239980
11 http://demandinstitute.org/the-end-of-cold-hard-
cash/
6
Copyright © 2016 Accenture. All rights reserved.
Entities can become sources of trust to verify If health professionals fail to meet storage
identity claims to a blockchain, which would and computational power demands, the
help to reduce the reliance on a potential for increased centralization and
government-issued ID for healthcare slower data validation and confirmation
authentication and increase the quality and grows.
level of assurance associated with proof of Verification speed - To ensure that data on
identity in the industry. the blockchain is a trusted source, the
Blockchains face implementation barriers network must verify it. To that end, various
Compared to the financial markets (which methods of validation exist, such as multi-
themselves have yet to achieve blockchain signature, PBFT (Practical Byzantine Fault
maturity), the healthcare industry’s Tolerance), the Raft Consensus Algorithm12,
participation with the technology remains in among other approaches, which must
its infancy. Most of the current activity undergo testing for specific use case
focuses primarily on research and functionality and optimization. While the
development functions i of healthcare transactional throughput speeds necessary
organizations that are exploring potential in healthcare applications do not approach
applications. The following represent the key the transactions per second seen in financial
barriers the technology must overcome to services, the need for near-real-time
gain a legitimate place in the healthcare retrieval of healthcare information is
industry. paramount. Researchers need to determine
the optimal verification process to avoid
Regulatory and legal - Because blockchain
creating latency over time as the data on the
technologies offer a new socio-political
blockchain grows.
paradigm for doing business, few legal and
regulatory frameworks are in place to Security breaches of blockchain
govern their use. From a healthcare infrastructure - The underlying blockchain
perspective, strong regulatory frameworks protocol is stable and secure, largely owing
can ensure the integration of blockchain to the fact that any malicious actor(s)
technology to avoid challenges in terms of attempting to reorganize (i.e., “attack and
regulatory reporting, HIPAA compliance, etc. rewrite,” commonly referred to as a 51%
Regulators will also need an in-depth attack) the chain would have to control a
understanding of how to operate in a majority of the computing power associated
blockchain environment, including the with the blockchain which carries significant,
necessary skill sets, technology, and human if not impossible costs. However, the
capital requirements. supporting infrastructure of blockchain
technologies such as exchanges and wallets
Scalability - As users add data, the
have suffered from various security
blockchain grows—in this case, by storing all
breaches, with hundreds of millions of
of the hashes associated with the appended
dollars of cryptocurrency being stolen or
data. This increases storage and
“lost”13. Thus, while blockchain technology
computational power demands, which
itself remains highly secure, healthcare
means the network might have fewer nodes
entities need to choose the support
with enough computing power to process
infrastructure they use with great care.
and validate information on the blockchain.
12 https://raft.github.io/ 13http://www.reuters.com/article/us-bitfinex-
hacked-hongkong-idUSKCN10E0KP
7
Copyright © 2016 Accenture. All rights reserved.
As technology progresses, higher security 2 – Improved audit logging - Because the
standards will undoubtedly emerge, blockchain can act as a mechanism for
especially as they relate to the protection of collectively recording and notarizing any
private user keys and identity theft (i.e., type of data, it can capture an audit trail of
securely replacing lost keys versus communications among providers, patients
fraudulent attempts at obtaining keys). The and payers regardless of each individual
industry also needs to comply with existing organization’s audit logging function, largely
regulations around information security and eliminating many data dispute resolution
key management.14 challenges that exist today.
Immutability of the blockchain - While 3 – Patient data as a service - One of the
many tout the immutability of the blockchain’s healthcare interoperability
blockchain as a significant plus in terms of strengths is its ability to replace the concept
data tracking and audits, it could pose major of a PHR in a way that makes patient data
challenges. Blockchain-based code is only as accessible “as a service.”
good as the programmers who created it and 4 – Improving health IT application
humans are prone to error. Governance deployment - A blockchain network may
models and solutions must exist for include identity schemes, data storage, and
situations where users need to remove data smart contract applications that execute
from the blockchain, for either privacy or against shared data infrastructure.
legal reasons. To date, there are numerous
5 – New access points to healthcare data -
examples where content that should be
The use of a blockchain with patient devices,
removed from the Bitcoin protocol is
such as wearables and remote monitoring
enshrined “forever” on the blockchain. A
devices, provides a further view into the
number of companies, including Accenture,
patient ledger, with patient devices able to
are working with solution providers and
communicate with blockchain-based ledgers
other partners to solve this problem.
to update or validate smart contracts. This
Blockchain technology has the potential to use case has been demonstrated in research
transform the healthcare ecosystem settings using blockchain technologies
As the hype surrounding the blockchain available in the market.15
begins to fade, users will view it as another 6 – Connecting traditional databases in a
tool in the broader set of technologies that blockchain environment - One challenge
the healthcare system uses to enable an involves guaranteeing that gaining access to
interoperable, learning health system. traditional databases will not enable
Initially, a number of potential use cases will unauthorized users to read patient data.
emerge for leveraging blockchain DLTs in the Controlling data access via the blockchain
healthcare ecosystem: will require the development of new
1 – Patient profiling for population health - techniques to tie the data on the blockchain
The blockchain can leapfrog current with the data on a traditional database. For
population health approaches by providing example, traditional databases should store
trust where none now exists. information so that the blockchain offers
users the only way to “decrypt” content –
14A wide variety of these exist, including the Federal 15Accenture Technology Labs demonstration; U.S.
PKI Common Policy; FISMA; FICAM; Federal PKI Patent Application "Distributed Healthcare Records
Common Policy; HHS PKI Policy; The HHS Domain Management" (filing date Apr. 13, 2016)
Device CA root certificate; and others.
8
Copyright © 2016 Accenture. All rights reserved.
such an approach affirms that patients can industry implications of blockchain
control their own data. use, address standards gaps, and
provide guidance on policy
ONC’s role: support, track and highlight considerations
demonstration opportunities ONC demonstrations – fund
To stay ahead of this disruption, the ONC demonstration projects in
should support, track and highlight collaboration with industry on the
demonstration projects for the application application of blockchain technology.
of blockchain platforms in the above three The industry has a rich selection of possible
areas. The goal is to encourage private demonstration projects from which to
sector innovation and to inform future policy choose. For example, individual use cases
using the insights captured from the from various service providers already
demonstrations. support many of the recommendations laid
Suggested ONC actions over the next 12 to out in this paper.
36 months include: By using a broader identity management
ONC environmental scans and framework and leveraging smart contracts
industry outreach - investigate the applied via a distributed ledger, operators
current state of blockchain can create a public encrypted ledger that
capabilities and uses, including in gathers all of the medical records of users
the financial sector; conduct within a blockchain network. Any medical
outreach to organizations using document would be accessible only by the
blockchain and other relevant parties that require access to information
technologies, and synthesize related to the medical act including patients,
findings into an environmental scan healthcare providers, and payers.
ONC white paper - synthesize Accenture Technology Labs have
findings from the ONC Blockchain demonstrated this approach in a research
Challenge, industry outreach, and environment using blockchain
additional research into a white technologies.17
i
The Estonian eHealth Authority is the commonly cited example of a real world application of blockchain
technology in healthcare. The Estonian eHealth Authority is collaborating with Guardtime, a cyber-security
provider that uses blockchain s ystems to ensure the integrity of data, to secure the over one million healthcare
records of its citizens. Source: http://www.coindesk.com/blockchain-startup-aims-to-secure-1-million-estonian-
health-records/.
10
Copyright © 2016 Accenture. All rights reserved.
Additional real world examples of the application of blockchain in healthcare are taking place in research and
development functions. Some examples include:
11
Copyright © 2016 Accenture. All rights reserved.