A New Horizon within Reach for Personal Health Data Security and Patient Safety with Blockchain


As a society, we blindly place our trust in physicians, medicine, and health facilities because at the end of the day these are the people and things that are going to save us. When that trust is broken either through human error or malicious behavior it can have dire results, including death.

We often perceive risks to patient safety as “something out of the patient’s control. In today’s digital world, patient safety is no longer relegated to receiving the incorrect dosage, taking counterfeit medication or surgical malpractice. Instead, the hackability of Internet of Medical Things (IoMT) devices, personal health data breaches, and lack of data sharing amongst providers has become a detriment to patient safety. However, eliminating the vulnerabilities to personal data security may be something that can be placed under the patient’s control thanks to this emerging technology known as blockchain.

An important thing to remember is that an individual’s health data is rich with information and that makes it highly attractive to today’s hackers. The information contains everything about your identity (ie. Medical history, contact information, social security number, biometrics, emergency contacts and more) plus it is immutable – you can’t undo your medical history or your biometrics.

“Health data on the black market sells for up to $1000 per record versus the average credit card number at $0.25 per record.”

However, health data offers many opportunities for researchers and health providers. Data captured from IoMT devices in combination with access to complete health records can enable new treatments and approaches to helping patients overcome or maintain a quality of life with chronic conditions.

However, all of this data generated from the explosion of IoMT devices (currently estimated at 4.5 billion), artificial intelligence (AI) for precision medicine, and electronic records regulatory mandates (2009 HITECH Act) are creating a data avalanche that the average physician office is not prepared to handle. Today’s health practitioner office has become a patient data warehouse, responsible for securing patient data while being “punished” for not having a trusted and operable means for sharing it with other providers (i.e. specialists, hospitals, etc.).

Did you know?

  • 80% of all serious medical errors involve miscommunication during care transitions (to different care settings).
  • Approximately one-quarter of U.S. patients reported that the results and records from one provider did not reach another provider in time for their appointment.
  • Only 59% of U.S. hospitals routinely electronically notified patient’s PCP (primary care physician) upon entering the emergency room.
  • The deficiency in sharing data in a private and secure manner throughout the health ecosystem results in a detriment to patient safety and patient care. We, as patients, have become so immune to this practice that we have failed to realize how the inability to share data and safeguard our health records can be a detriment to our health.

There are plenty of examples around us where the process in managing, sharing and securing our health data impacts our health experiences, but we never stop to think about it or sometimes we fail to recognize it. Think about this…

A person with cardiac disease visits an emergency room because of chest pain. He checks in at the desk and explains why he is there.

  1. The patient registrar takes him in and begins to ask questions about medical history, medicines taken, who is the PCP (primary care physician), etc. all while the patient continues to have chest pains. He does his best, while anxious and in pain, to share as much information as he can – the patient has now become the data source. He finally makes it to a hospital bed and gets hooked up to an array of monitoring devices that don’t communicate with one another or write data to his personal health record (the date goes to the hospital’s record of him).
  2. The emergency room doctor finally arrives and begins to ask the same medical questions that were posed by the registrar. Naturally, the man’s question is, “Why are you asking me the same questions?” The doctor articulates that it is hospital policy to review the answers to ensure accuracy. In other words, “we need to verify your data.” After evaluation, he gets assigned to an overnight stay.
  3. When he arrives on the cardiac floor, he goes through the exact same set of medical questions by the receiving nurse to “verify his data.” At this point, the patient becomes either more anxious or annoyed and significant amount of critical life-saving time focused on policy and paperwork rather than on his treatment.

Finally, one day he leaves the hospital, and most likely his PCP would never be notified that he was in the hospital or any access to the data that was captured from his visit there. At this point, the question begs, “is there a better way?”

For more than 18 months, there have been many discussions on the use of blockchain technology for securing, managing and distribution of electronic health records (EHR). Blockchain offers a decentralized and encrypted way of distributing, sharing, and verifying information between trusted parties. Applying a blockchain solution within a hospital system may not go far enough because the hospital would “own” the patient’s health record. It may be more beneficial to expand the scope of this opportunity to where patients can manage their health record with a digital token on the blockchain.

The digital token would provide a decentralized and encrypted way of distributing, sharing, and storing patient information. The patient would be incentivized to share his/her health data with the provider for improved outcomes. Furthermore, the patient would be empowered with whom (the entity) they would want to transact (give access) their health data.

One of many proposed concepts that may be food for thought where using a public blockchain for patient management of the health record.

Use Case:  Health Data – Public Blockchain

Health information from providers and data from personal devices and sensors infographic.

Blockchain For Health Data and Its Potential Use in Health IT and Health Care Related Research,” authors Laura A. Linn; Martha Koo, MD.

Re-imagine the emergency room episode with the patient having their digital token containing their health information. At the point of patient registration, the patient would hand over their digital token (access to his health record) providing verified medical information that would no longer require multiple verification steps. Instead of losing critical time in answering the repetitive questions, that time would be utilized for treatment. And, yes, the record of the visit and information on the treatments would be appended to the patient’s health record and immediately available to the primary care physician, another trusted provider given access to that exact same health record.

The day that a patient can manage their health record on a blockchain may seem beyond the horizon, but the reality is, the technology is here. There are still some unresolved issues that need to be addressed to effectively write EHRs (electronic health records) to a blockchain such as standardization of health data, evaluating the volume of data assigned to each health record (i.e. genomic, clinical, etc.), and complying with HIPAA and other regulatory bodies; however, these are challenges and not roadblocks. We, as patients, are responsible for managing our health so we have the best patient care and that should hold true for the record of data that comes with that management.

There are additional benefits to patients managing their health record on a blockchain. My next blog post will discuss how the EHR on the blockchain will make patient engagement for clinical trials a more inclusive platform.

If you are interested in participating in working groups that create frameworks for recommendations for consumers and patients having agency (management control) of their digital identity including the EHR, please take look at the IEEE’s Digital Inclusion through Trust and Agency Industry Connects Program or write to me at [email protected]

Share this Article