Blockchain: providing privacy audits for healthcare data

28 August 2018

Healthcare data is one of the most important assets owned by the NHS. As our understanding of gene therapies and other technologies progress, this rich data trove containing decades of medical records could help unlock cures for even the most intractable diseases.

Leaving aside the question of ownership of this data (does it belong to the NHS? Or to the patients whose information it concerns?), it seems that one of the most pressing concerns of NHS users is data privacy.

Their fears are well-founded. A recent data breach following an unnoticed bug in the SystmOne application used by GPs resulted in the records of 150,000 people being shared with researchers, even after they had explicitly opted out of such sharing. And the WannaCry attack last year heightened general concerns over the ability of the NHS infrastructure to withstand hacks.

Broadly, it seems the British public trust the NHS with our health data. A survey earlier this year showed that the majority of people believe their medical records will be safe.

However, the same survey showed that more than half of people questioned were concerned about how their data might be used – and this is where blockchain technology could potentially help.

Much has already been written about the potential of blockchain technology within healthcare. Shared ledgers could mean benefits such as: cost reductions; easy ways to prove the authenticity of pharmaceuticals; and medical professionals easily being able to access high-availability data with one single source of truth.

It may seem inherently contradictory to talk about transparent, distributed systems such as blockchains providing solutions for privacy. As the common argument goes, if data breaches cannot be prevented even when data is stored at one location, how is distributing this data widely across many different locations going to make it more secure?

Let us first look at why health records are so sensitive. Quite apart from not wanting other people to know about potentially embarrassing conditions, people may wish to restrict access to prevent insurers or employers finding out about underlying conditions they do not want to reveal. For example, most private health insurers do not currently take genetic data into consideration, but this would presumably change if these tests were done as standard.

It is therefore important to be able to reassure people that their data is safe. Merely telling them that it is encrypted is unlikely to reassure most people.

And this is where the immutable nature of blockchains comes in.

Imagine, as a patient, that you want to make your data available to research programmes which could help people with the same condition as you. But you do not want the same data to be sold to a health insurance company who may use it for marketing research that will augment their balance sheet without providing any benefit for people. Or imagine that you would be prepared to consider the second option – but only for some kind of payment.

The ability to see instantly who has accessed your data and how it has been used, and to assign and unassign access privileges without having to request this data or trust that it is a complete and accurate list is something for which blockchain technology is perfect.

A trusted, immutable, timestamped list of who has seen your medical records, and for what purpose? It may sound too good to be true, but I would bet that this will be one of the first blockchain benefits to be realised within the British healthcare system.

Rhian Lewis, Tech Consultant and Blockchain Specialist



No comments yet.