2016 MIT Sloan CIO Symposium: The digital CIO has arrived
Reporting and analysis from IT events
In part one of this series on blockchain, the immutable decentralized ledger that stores transaction records, experts familiar with the technology addressed concerns around the security of the system. In part two, audience members of a blockchain panel session at the recent MIT Sloan CIO Symposium queried these experts on the healthcare use case, blockchain privacy and how it can be balanced with the digitization of users' identities.
How does the cryptography blockchain employs apply to healthcare?
As patients become increasingly empowered, more and more of them will own their own data, said Peter Nichol, healthcare expert at PA Consulting Group.
"As you move toward that, then what you're able to do is have somebody essentially provide the information and you'll be able to throttle that level of information access that you provide to your physicians, doctors, emergency providers and others based off the conditional access" that blockchain provides, Nichol said.
According to Nichol, this conditional access might be "multi-state," where two out of three parties have to validate the hash, such as the patient's significant other and their healthcare physician, or their significant other and their emergency doctor, before providers can access their data. As is the case with other types of data, "some level of that hash will ultimately live on the blockchain; the data [itself] will still live someplace else," he said.
Nichol hopes health data portability will be another development to come along with this patient empowerment and the application of blockchain to the healthcare field. This would ensure that once a patient's data is entered online, it would be tied to the patient's name, and healthcare providers downstream would be given access to that data. Today, this is far from reality, he said.
"You really don't have portability [of data between providers]. You go to the next doctor, and they have no records, no labs, no results. ... Hopefully some of that interoperability, that portability between providers will start to become a little bit less of a wall," Nichol said.
The size and complexity of today's healthcare system, however, will make it hard to regulate if blockchain were applied to it, Nichol warned.
"It [will take] a while and heavy regulation to figure out how you're going to eke out some value," he added.
How should concerns over blockchain privacy be balanced with users' digital identities?
One aspect of the security value proposition that could be possible with blockchain is the concept of a digital ID. This involves a digital identity being created for users so that there is less likelihood of fraud, transactions on the blockchain are easier to manage, and users are given greater control over who has access to their information on the system.
One audience member brought up the impending concerns over blockchain privacy once government-assigned digital IDs are implemented, pointing to the resistance against other types of government-assigned forms of identification, such as Social Security numbers.
Nichol granted that there is no solution yet as to how to balance these concerns with the digitization of individuals' identities, particularly in the healthcare field. He said it will start with pockets of regulation.
Peter Nicholhealthcare expert, PA Consulting Group
"I think part of it is ... you're going to get different agencies within the government or local states that say, 'Hey, we're going to believe in this. We're going to move forward,'" Nichol said.
Anders Brownworth, principal engineer at blockchain-based payments app company Circle, said the issue is a little more complex than just privacy vs. the digitization of data.
"Identity is a constellation," said Brownworth, whose company recently garnered $60 million from multiple investors and is launching a branch in China.
This "constellation" consists of the multiple aspects of a person's life that make up a person's identity, such as their passport, license, Facebook account and Twitter account. Blockchain users will only expose a little bit of their identity to the system via "aggregation." Brownworth used the example of a person's DNA.
"I make this [data] available to a medical company or hospitals to do research on, but I never want to let them actually know all the info -- I just want to open a very little piece of it. So, I give it to them in an encrypted form. The contract that goes with says, 'You're not allowed to get to this unless it's in aggregate,'" Brownworth explained.
The contract, called a smart contract, would prevent medical companies or hospitals from being able to use the raw data; instead, they would have to look at the encrypted form as part of a group of other pieces of data.
"Even if somebody stole it, it wouldn't be useful," he said.
Despite these privacy advantages, Brownworth cautioned that some of the benefits of a public blockchain go away as restrictions are added to the system, such as with a private, permissioned blockchain system.
"In some sense, it's a balance of how much you're going to reveal, how much it traces back to the individual, what's the ID or the tag that you're going to provide people," he said.
The public vs. private blockchain debate
Blockchain holds potential to transform security
Cybersecurity regulations on the horizon for blockchain