To be great potential to drive value the recent decades witnessed amass digital data. For example, to bring better patient outcomes, reducing cost, more patient engagement for all the digital data is important element. By any means, with the centralized systems and traditional database prevalent nowadays major of this data is locked inside of silos, greatly abating the ability organizations and industries to utilize it and unveil its potential values. In this article we shall go on a data centric look at blockchain and how we can use it to facilitate secure targeted exchange of data to help unlock its potential and realize its business value.
Maintaining Common Data Redundantly Across Silos Drives Up Cost
Delicate data at silos database is mostly a common data. It could be redundant and error prone. It’s not about consideration of redundancy cost, since storage is inexpensive but redundant data across silos is the actual reason to increased cost. For example, in a worst case where there is no sharing, every N healthcare organizations you interact with have to acquire and store the same basic information about you, and if your information changes it needs to be updated in N silos at N x the cost. This is the kind of multiplicative cost that, if we could remove the need for it, could significantly help bring down the overall cost of healthcare, now approaching 20% of GDP in the US. Exacerbating this issue, maintenance is often not done perfectly, or even well, resulting in inconsistencies in common data stored and maintained redundantly across silos. These inconsistencies can in turn drive confusion, friction, and additional cost in the system. For example, in healthcare if common provider directory information is inconsistent between healthcare providers and payers then medical claims can bounce causing delays, support calls, remediation of data inconsistencies, additional costs, and lower quality of service. The concept of using blockchain to collaborate on shared, common data is illustrated in the following diagram:
Blockchain is just a New Central Cog In the Big IT Machine
Blockchains, existing outside the internal firewalls of participating organizations, have a higher privacy and security risk profile. Blockchains also have significant performance limitations. For privacy, security, compliance, and performance reasons data on blockchain should be minimal but sufficient. That is minimal, but sufficient for the target use case(s). Where possible, PII (Personally Identifiable Information) and PHI (Protected Healthcare Information) should not be on blockchain, but rather in secure enterprise systems such as EHR (Electronic Health Record) systems. Blockchain is just a new central cog in the “Big Health IT Machine” spanning across a consortium of healthcare organizations, and including the enterprise systems within those organization that are connected to the blockchain, as well as infrastructure surrounding the blockchain including message queues, databases, analytics, AI (Artificial Intelligence) / ML (Machine Learning). While it is important for the overall “big machine” to collectively be able to resolve patient PII and PHI, it is not necessary in most cases for the actual PII nor PHI to be stored on blockchain. This architecture, combining blockchain and secure, direct, peer-to-peer interactions is depicted in the following diagram:
Leave Source Data Federated Across the Consortium
Information in transit is subject to additional security and privacy risks from a compliance standpoint, leaving PII and PHI off the blockchain where possible can help with compliance requirements such as a data subject right to be forgotten (remember that blockchain shared ledgers are immutable), and data sovereignty / trans-border data flow restrictions which can present a challenge where blockchains span multiple regulatory or data protection law jurisdictions.
Data at rest is a target for hacking and is at risk of breaches. This is especially true of healthcare data which tends to be rich in PII, payment and insurance information, and is kept up to date with annual healthcare visits, making it therefore versatile, lucrative, and vulnerable to hacking and a variety of abuses. Given this, it is desirable to avoid consolidating all information in one location, and wherever possible leave information federated across source secure enterprise systems.
Moving data adds costs, delays, and can saturate available bandwidth. This is especially true of heavy healthcare records such as genomic data, or diagnostic imaging that can run into GB’s of data for a single patient. This is further reason to leave such information in source, secure systems such as EHR’s until there is a specific defined need for it elsewhere. It is also a reason to leave such information off the blockchain where, if such information was appended to a shared ledger, then it would have to be replicated across every copy of the shared ledger across the consortium, for the life of the blockchain.
Use Blockchain to Share and Collaborate on Common, Non-Differentiating Data
Blockchain is an opportunity to reduce these common data maintenance costs, reduce inconsistencies and associated secondary costs, and improve quality of service to customers by enabling each organization to benefit from updates from any organization across the consortium. Imagine if when you changed phone number or address that you could update in one place and have that update propagate via blockchain shared ledgers automatically, near real-time, across all organizations. In contrast, today in the absence of this, when we change phone numbers or addresses we have to go into hundreds of websites to update this information. From a practical standpoint most of us don’t get to update all records, resulting in inconsistencies, and friction, for example missed communications. If such common data maintenance used blockchain we’d vastly improve the experience of data subjects for example patients, reduce costs, avoid inconsistencies, and improve quality of service.
Protecting Privacy of Data with Encryption and a Multi-Layered Approach
Strong protection of privacy and the confidentiality of sensitive data requires a multi-layered, defense-in-depth, and holistic approach. Encryption is a key part of this, and data on blockchain shared ledgers can be encrypted. That said, encryption is not a panacea or silver bullet, and even strong encryption can fail for example where key management is done poorly. Strong protection of confidentiality, like for any security, requires a holistic, multi-layered, defense-in-depth approach.
A key safeguard that can help mitigate risk to confidentiality of sensitive data on blockchain includes controlling and limiting what sensitive data goes on the blockchain vs remains federated in secure off-chain enterprise systems. This can be achieved with the minimal but sufficient approach to putting data on the blockchain, and leaving PII and PHI off the blockchain where possible, i.e. where such PII or PHI is not specifically required to be on the blockchain for the targeted use case(s).
A multi-layered approach also includes limiting access to only authorized organizations. For this reason most enterprise consortium uses of blockchain to date have been private consortium blockchains where all member organizations are well known, highly trusted, and are authorized to access the blockchain and information in the shared ledger. There are many others that can help mitigate risk to confidentiality, integrity, and availability of data on blockchains.