BLOCKCHAIN IMPLICATIONS ON PATIENT OWNERSHIP OF MEDICAL RECORDS

16 min readAug 8, 2018

As of this writing, no system has been created to adequately capture the dignity, integrity, triumph, persistence, hope, joy, and tragedy of the patient experience. Health systems, pharmaceutical companies, and government agencies all are ill equipped to protect and promote the patient’s actual health status.

Major US healthcare systems proclaimed 2016 as “The Year of the Patient,” when it should have been self-evident, that every day, minute, and second should [be] … about the patient, and everything in the future will be about the patient.[1] Pharmaceutical companies have finally recognized the need to incorporate the patient experience into their research, marketing, and business model. Recently, a Pharmaceutical Summit called “Patient Summit USA 2017” introduced a track focused on the patient experience described as, “The importance of patient advocacy and its role in cultivating a patient-centric environment,” and “A Systematic Approach for Incorporating Patient Voice into Trial Design.”[2]

The sudden empowerment of patients to have a voice and take an active role in their care has created a favorable environment for a patient controlled blockchain. This system would redefine the patient experience taking into consideration a 360-degree view of the patient inclusive of the traditional quantitative data analysis and qualitative assessment performed by clinical professionals.

Patients are more than the American Standard Code for Information Interchange (ASCII) print out of their electronic medical record systems (EMRs). Patients are defined by a collection of experiences. These experiences come in the form of social, economic, and situational that affect medical conditions such as pregnancy. Specifically, in the case of pregnancy, the state of being pregnant is accompanied by hope, joy, anxiety, and love. Inversely, a patient diagnosed with cancer, has a distinct experience defined by pain, agony, dignity, inspiration, courage, strength, and love. Each patient experience is unique, and each patient is an N of 1.[3]

No matter what else is going on, the world stops once you enter a room and are face to face with a patient and their family. You can only care for one patient at a time. That patient, in that room, at that moment is the only patient that matters. That is the secret to healthcare. -Dr. Minesh Mehta.[4]

Patient Generated But Provider Owned

Patients demand access, control, and active participation in their healthcare and to their medical information. Various centralized efforts have created pockets of genius and innovation that have enhanced the patient experience. For example, OpenNotes is an award winning international non-profit mission to provide patients better access to their doctor visit notes that are produced by healthcare providers.[5] As of July 2017, 15.6 million patients have online access to their notes.[6] Other efforts to provide context for the patient voice and experience can be found within the generous efforts of the Society for Participatory Medicine (S4PM) and The Walking Gallery.[7] [8]

For too long both patients and healthcare professionals have thought of healthcare as a car wash, with the patient passively moving through the healthcare system, getting health sprinkled on them, and coming out healthy. This lack of engagement results in dissatisfaction, high costs, and poor-quality care. We need to reimagine healthcare as an active collaboration between the patient and the healthcare professional.[9]

European Union’s Powerful Data Protections

One of the most harrowing aspects of today’s healthcare system is the lack of bidirectional information flow between a patient and their doctors. A person is entitled to detail financial information when they go to a bank or make a purchase from Amazon, but individuals are locked out of receiving even the tiniest details found in their medical records. The EU has previously demonstrated that they will act against centralized actors that harm their citizens, as demonstrated by their willingness to fine Google $2.7 billion and others for injurious behavior.[10]

Open Acess to Patient Information

Data blocking and lack of patient access to their medical information is not just a feature of the healthcare system in the United States. The countries of the European Union have a major problem with patient access to data and portability of information, but unlike the United States, the European Union has passed legislation with razor sharp teeth that will guarantee access to patient data regardless of the screaming and whining of centralized electronic medical record system vendors. The General Data Protection Regulation (GDPR) is set to take effect in May 2018.

The GDPR guarantees a Right to Data Access, specifically, GDPR Article 15:

“to obtain from a data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information (amongst other things):
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed,
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
where the personal data are not collected from the data subject, any available information as to their source.
The controller shall provide a copy of the personal data undergoing processing. Where the data subject requests by electronic means, and unless otherwise requested by the data subject, the information SHALL be provided in a commonly used electronic form.
Note that (unlike the Data Portability right) this doesn’t require that a machine-readable format is used, e.g., the use of PDF documents would satisfy the GDPR requirements. A machine-readable format MAY be used, but there is no requirement to do so. Given the ever-increasing use of patient portals one may, or may not, get away with just providing the data as PDF files.” [11]

Continuous Data Portability

One of the new things introduced by the GDPR is the right to data portability.[12] This allows individuals to obtain and reuse their data for their purposes across different services (e.g., the second opinion, switching healthcare providers, use of a PHR). It allows them to move, copy or transfer personal data easily from one IT environment to another safely and securely, without hindrance to usability.[13] Data portability applies to personal data concerning the data subject as outlined below by the firm Ringholm bv:

Which is processed automatically (so not paper records)

The patient has a (separate) right to access all of their records (see the previous section), data portability, however, is limited to any electronic data.

Which is provided by the individual,

This includes any information provided verbally/in writing such as their medical history, but also any observations on the patient or samples were taken from the patient, such as findings from physical examinations, medical images, lab values, observations in general. (In other words: the Subjective and Objective parts of a SOAP Note).[14] It also includes any metadata necessary to interpret the data, such as the time of the observation.
This does NOT include any derived data (added by the healthcare provider) such as conclusions, diagnoses, treatment plans, goals.

Which is processed based the individual’s consent or for the performance of a contract?

The data portability right ONLY applies when the processing of health data happens by an explicit patient consent (or their explicit agreement to the terms of a contract with a healthcare provider, i.e., when the patient signs a contract with a private care provider).
The data portability right doesn’t apply when “processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law.” [15]
That’s a rather wide-ranging definition which greatly diminishes the value of the Data Portability right in healthcare. However, any processing or exchange of data which requires patient consent e.g., most regional/national data exchanges, XDS/XCA implementations, clinical trial data will be subject to the GDPR data portability right.[16]

Enforce Breach NotificatIon

The effect of the GDPR on healthcare system vendors, providers, and hospitals cannot be overstated. Security breaches and hacks must be reported within 72 hours, or there is a fine of a minimum of 20M. (Euros), and every organization will have to ensure that patients receive a copy of their medical record information in a PDF format, as a starting point.[17]

GDPR has rigorous rules — like a 72-hour breach notification window — and sharp teeth — like fines of up to 20 million Euros or 4% of your annual “turnover” (roughly equivalent to revenue), whichever is higher. And despite that, the chances are high that you won’t be ready to comply by the deadline if you even realize that you have to comply in the first place.[18]

There is a real possibility of Electronic Medical Record Vendors such as Epic, Cerner, and Allscripts facing significant fines for non-compliance with EU Laws concerning data blocking of patient records.

Mandatory Compliance

All major electronic medical record vendors, including; Epic, Cerner, Allscripts, and InterSystems have substantial clients and installations in the European Union.[19] These vendors will be forced “by law” into compliance with providing health data access and portability tools to their respective clients. (Heath, 2015) Furthermore, the GDPR’s reach is significantly broad, and not only covers the health information technology vendors that aggregate medical information in hospitals and clinics, but it also affects medical device manufacturers, clinical trials, and pharmaceutical companies.[20] On May 25, 2018, EU citizens will suddenly have access to hundreds of millions, if not billions of discreet pieces of information contained in PDF files of all sizes, shapes, colors, and languages. The ripple effects of GDPR and data sharing regulations are already being felt in the Financial Technology (Fintech) market and companies are demanding that banks “fork over data.”

A recently formed group representing 31 data aggregators and fin-tech companies, called Consumer Financial Data Rights, says banks still aren’t forking over as much data as they should be. The group is meeting with bank regulators to plead their case and trying to get consumers to petition regulators on their behalf, urging them to send a Tweet that says, “@CFPB protect Americans’ ability to grant access to their financial information. #handsoffmyfinancialdata.”[21]

There will be an absolute need and requirement to help patients organize this medical data into a sensible system and ledger which is certainly a feature of Blockchain technology. There is no question that as for May 25, 2018, approaches, the patient voices in the United States will see what is occurring in the EU and the demand for their health records will be deafening.

Blockchain Earns Patient Trust

Blockchain will allow healthcare to be reimagined in ways that only dreamed a few short years ago. Specifically, the open source nature of development and agreement on a single platform for sharing identity information will create an environment that will enhance patient experience and trust, locally, nationally, and on a global scale. In fact, The Walking Gallery provides a “real life” metaphor for the future of certain healthcare interactions in a virtual reality environment where doctors, patients, health policy experts, and regular folks. “Their jackets tell the stories not just of their work life, but of their individual experiences with health care. “It’s your own story,” Holliday says. “And it’s your jacket.”

“I wear my jacket proudly,” says Eric Topol, a cardiologist, and professor at the Scripps Research Institute in La Jolla, Calif. “It gets people talking about what we can do to get patients taking charge.” His jacket shows him standing inside a person’s chest cavity while holding a smartphone. He says it captures his passion for letting people use their own medical data.[22]

Secure Digital Storage

A cryptographically secure Blockchain will enable virtual online interactions between patients, families, healthcare providers, and entirely new groups of healthcare specialists and advocates with varying levels of trust. The patient’s choice will not be limited to a permissioned Blockchain. Instead, it will be global in scale and authenticated by a unique Clinical Blockchain Validation engine that will capture personal, clinical, and social metrics, about the patient experience. Medical expertise and patient knowledge are not limited to the United States or any specific geographic region. In fact, the “Medical Tourism Market (India, Thailand, Singapore, Malaysia, Mexico, Brazil, Taiwan, Turkey, South Korea, Costa Rica, Poland, Dubai and Philippines) was pegged at $10.5B in 2012 and is expected to exceed $32.5B in 2019 and is developing at a strong CAGR of nearly 18% annually.”[23] In the US, 114M people do not have dental insurance, so the market potential of getting a root canal in Thailand and referencing the patient records on a blockchain will only increase.[24]

Any Blockchain that ignores these global trends will limit the choice of the patient to silos of information and silos of patient care. A closed or permissioned Blockchain would also diminish patient choice from various potential surgery options in disparate parts of the United States. For instance, an individual in Tennessee anticipated an arthroscopic knee surgery to “cost $20,000 or more at a local hospital, he put the procedure out for bids on his website. A surgeon at a major University Medical Center in Virginia offered to do the procedure for $3,700.”[25] The Clinical Blockchain will facilitate enhanced communications between patients and existing local providers while creating trusted messaging to healthcare services and expertise across the globe.

Digital Insights on Top of Medical Information

The success of genetic analysis company 23andMe demonstrates the demand for alternative sources of health data, specifically DNA sequencing. Patients are ready to actively manage their health information. “More than 80 percent of 23andMe’s two million-plus customers consent to having their data used for research.”[26]

The demand does not stop there, as seen by the third-party analytics market that provides additional insight on exported genome data provided by 23andMe. The fact that over 2 million people would willingly provide their most personal health data to a third party without any guarantees of ownership or cryptographic security add additional credibility to the absolute need for a clinical Blockchain. The Clinical Blockchain will provide tools to reference precision medicine and genomic information on a personal Blockchain, in addition to data abstracted from centralized electronic medical records and other ambulatory sources. Clinical Blockchain is currently in discussions with healthcare practices that are ready to make genomic and associated medical records and epigenetic information available to all their patients on a Clinical Blockchain.

Improved Patient Acuity

The quest for patient insight, access, and control of their health records has been stifled by decades of mind numbing rules, statutes, laws, regulations, and the greed of businesses, that have harmed the state of trust between doctors and patients. Pharmaceutical companies, healthcare entities, and data aggregators realized there was big money in patient data and they deliberately prevented patients from reaping any financial or another type of reward/benefit derived from the use of their (the patient) own data.

The electronic medical record systems currently in use reduce physician efficiency and have harmed the doctor — patient relationship by decreasing amount of time a doctor interacts with a patient, thus causing a decline in the quality of care.[27] The situation may be even grimmer than just poor user interface and workflow designs causing a decrease in patient experience and care. In certain instances, the debacle in design and implementation of systems used for the storage and analysis of electronic patient records is blamed on an increase in doctor suicide.[28] In fact, physicians have the highest suicide amongst all professions, with over 400 doctors dying annually.[29]

The obvious solution is for vendors to improve their products, he says. But that’s easier proposed than accomplished.

“A lot of the EHRs are cash cows to their owners,” Ross says. “They make their money on installing them, not changing them.”

Even if the complex problems of interoperability and ease of use were magically solved today, physicians would still be overloaded by reporting requirements, Ross says.

“Documentation is still there, so blaming the computer for what insurers and the government are requiring you to do is misplacing the blame.”[30]

Crowdsourcing Medical Diagnosis

Patients are turning to the internet to research health issues, and medical information and more and more, patients are utilizing physician rating sites, such as Yelp, Healthgrades, ZocDoc, and others to discover information about doctors.[31] Trust has become an issue for these ratings and referral sites because of mixed and confusing messages:

For starters, do the disparate (and often contradictory) messages from existing rating systems have the potential to help non-savvy patients identify higher quality providers? Or do those messages just lead such patients to throw up their hands in frustration?[32]

Patient anger and rage about the withholding of their medical record data by healthcare organizations and electronic medical record vendors have reached a fever pitch in 2017. EMR vendors, to protect their own “turf” and perpetuate mediocrity have built walls around the patient data and grown fat and rich as a result of holding medical information captive.

The attitude and brazen arrogance of healthcare executives running these electronic medical record companies towards patients and their families are despicable. A 2017 meeting between Vice President Joe Biden and Judith Faulkner, CEO of Epic, sums up the dysfunction and lack of caring at the heart of healthcare information systems debate.

Epic CEO Judy Faulkner asked Biden during an (until now) private meeting between EHR executives and administration officials, “Why do you want your medical records? They’re a thousand pages of which you understand 10,” recalled Greg Simon, who worked on the moon shot and is now president of the Biden Cancer Initiative.

Biden responded, “None of your business.”[33]

Patients and doctors are sick and tired of the existing electronic health record (EHR) systems that are based upon gathering financial information instead of fundamentally dealing with the care of the patient. Physicians are outraged at the declining state of trust in the doctor — patient relationship and many cases electronic health records, and the vendors that created them are blamed.

“There is nothing more frustrating to a patient than talking to their doctor, wanting advice, and that provider is typing away and looking at a computer screen instead of the patient,” Minor says. “That most fundamental aspect of human communication, which is eye contact, now is being robbed from the medical encounter because of the electronic health record.”[34]

This cannot continue unabated while patients are left paying a greater percentage of their healthcare bills in the United States.

Edward Bukstel

CEO

Clinical Blockchain

[1] Sullivan, T. (2016). Geisinger CEO calls for The Year of the Patient. Retrieved September 5, 2017, from http://www.healthcareitnews.com/news/geisinger-ceo-calls-year-patient

[2] eyeforpharma. (2017). Conference Agenda Patient Summit USA. Retrieved September 5, 2017, from http://www.eyeforpharma.com/patientusa/conference-agenda.php

[3] Delao, A. (2017). Healthcare Happens At The N of 1. Retrieved September 5, 2017, from https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fcancergeek.wordpress.com

[4] Delao, A. (2017). Healthcare Happens At The N of 1. Retrieved September 5, 2017, from https://public-api.wordpress.com/connect/?googleplus-sign-in=https%3A%2F%2Fcancergeek.wordpress.com

[5] Baum, S. (2017). OpenNotes initiative to share doctor notes with patients gets singled out for recognition. Retrieved September 5, 2017, from http://medcitynews.com/2017/04/opennotes-initiative-share-doctor-notes-patients-gets-singled-recognition/

[6] Baum, S. (2017). OpenNotes initiative to share doctor notes with patients gets singled out for recognition. Retrieved September 5, 2017, from http://medcitynews.com/2017/04/opennotes-initiative-share-doctor-notes-patients-gets-singled-recognition/

[7] Society for Participatory Medicine. (2017). Society for Participatory Medicine. Retrieved September 5, 2017, from https://participatorymedicine.org/

[8] Holliday, R. (2017). Regina Holliday’s Medical Advocacy Blog. Retrieved September 5, 2017, from http://reginaholliday.blogspot.com/

[9] Society for Participatory Medicine. (2017). Transforming the Culture of Patient Care: Transforming the Culture of Patient Care. Retrieved from https://participatorymedicine.org/wp-content/uploads/2017/06/Participatory-Medicine-Final-5-22.pdf

[10] Chee, F. Y. (2017). EU fines Google record $2.7 billion in first antitrust case. Retrieved September 5, 2017, from http://www.reuters.com/article/us-eu-google-antitrust/eu-fines-google-record-2-7-billion-in-first-antitrust-case-idUSKBN19I108

[11] Ringholm bv. (2017). Impact of the GDPR on the use of interoperability standards. Retrieved September 5, 2017, from http://www.ringholm.com/column/GDPR_impact_on%20healthcare_data_interoperability.htm

[12] Falque-Pierrotin, I. (2017). ARTICLE 29 DATA PROTECTION WORKING PARTY. Retrieved from http://ec.europa.eu/newsroom/document.cfm?doc_id=44099

[13] Ringholm bv. (2017). Impact of the GDPR on the use of interoperability standards. Retrieved September 5, 2017, from http://www.ringholm.com/column/GDPR_impact_on%20healthcare_data_interoperability.htm

[14] Wikipedia. (2017, August 5). SOAP note. In Wikipedia. Retrieved from https://en.wikipedia.org/w/index.php?title=SOAP_note&oldid=794030159

[15] Vollmer, N. (2016, December 6). Article 9 EU General Data Protection Regulation (EU-GDPR) [text]. Retrieved September 5, 2017, from https://www.privacy-regulation.eu/en/9.htm

[16] Ringholm bv. (2017). Impact of the GDPR on the use of interoperability standards. Retrieved September 5, 2017, from http://www.ringholm.com/column/GDPR_impact_on%20healthcare_data_interoperability.htm

[17] Peters, S. (2017). You Have One Year to Make GDPR Your Biggest … Retrieved September 5, 2017, from https://www.darkreading.com/operations/you-have-one-year-to-make-gdpr-your-biggest-security-victory-ever/d/d-id/1328944

[18] Peters, S. (2017). You Have One Year to Make GDPR Your Biggest … Retrieved September 5, 2017, from https://www.darkreading.com/operations/you-have-one-year-to-make-gdpr-your-biggest-security-victory-ever/d/d-id/1328944

[19] Health, S. (2015). Epic EHR Use Not Widespread Internationally, Survey Shows. Retrieved September 5, 2017, from https://ehrintelligence.com/news/epic-shows-inconsistent-ehr-performance-internationally

[20] Vollebregt, E. (2016). The new General Data Protection Regulation impact on medical devices industry. Retrieved September 5, 2017, from https://medicaldeviceslegal.com/2016/05/29/the-new-general-data-protection-regulation-impact-on-medical-devices-industry/

[21] Crosman, P. (2017). Data-sharing debate grows contentious as fintechs vent grievances. Retrieved September 5, 2017, from https://www.americanbanker.com/news/data-sharing-debate-grows-contentious-as-fintechs-vent-grievances

[22] Shute, N. (2013). An Artist’s Brush Reveals Tales Of Struggle And Survival. Retrieved September 5, 2017, from http://www.npr.org/sections/health-shots/2013/06/04/188679224/an-artists-brush-reveals-tales-of-struggle-and-survival

[23] MarketWatch. (2015). Medical Tourism Market Will Reach USD 32.5 Billion by 2019 With CAGR of 17.9% During the Forecast Period of 2013 to 2019: Transparency Market Research. Retrieved September 5, 2017, from http://www.marketwatch.com/story/medical-tourism-market-will-reach-usd-325-billion-by-2019-with-cagr-of-179-during-the-forecast-period-of-2013-to-2019-transparency-market-research-2015-07-23

[24] Moon, F. (2017). Five Ways to be a Savvy Medical Tourist and Enjoy a Vacation. Retrieved September 5, 2017, from https://www.nytimes.com/2017/03/08/travel/five-ways-to-be-a-medical-dental-tourist-vacation.html

[25] Rosenthal, E. (2017). An American Sickness: How Healthcare Became Big Business and How You Can Take It Back (1 edition). New York: Penguin Press.

[26] Brown, K. V. (2017). 23andMe Is Selling Your Data, But Not How You Think. Retrieved September 5, 2017, from http://gizmodo.com/23andme-is-selling-your-data-but-not-how-you-think-1794340474

[27] Gorn, D. (2017). These doctors think electronic health records are hurting their relationships with patients. Retrieved September 5, 2017, from http://www.pbs.org/newshour/rundown/doctors-think-electronic-health-records-hurting-relationships-patients/

[28] Chase, D. (2016). The Story Behind Epidemic Doctor Burnout And Suicide Statistics. Retrieved September 6, 2017, from https://www.forbes.com/sites/davechase/2016/01/06/the-story-behind-epidemic-doctor-burnout-and-suicide-statistics/

[29] Advisory Board Company. (2014). Physicians have the highest suicide rate of any profession. So why haven’t you heard about it? Retrieved September 6, 2017, from https://www.advisory.com/daily-briefing/2014/07/16/physicians-have-the-highest-suicide-rate-of-any-profession-so-why-havent-you-heard-about-it

[30] Gorn, D. (2017). These doctors think electronic health records are hurting their relationships with patients. Retrieved September 5, 2017, from http://www.pbs.org/newshour/rundown/doctors-think-electronic-health-records-hurting-relationships-patients/

[31] Howard, P., Jeyman, Y., & Shefrin, A. (2017). The Burgeoning “Yelpification” Of Health Care: Foundations Help Consumers Hold A Scale And A Mirror To The Health Care System. Retrieved September 5, 2017, from http://healthaffairs.org/blog/2017/05/25/the-burgeoning-yelpification-of-health-care-foundations-help-consumers-hold-a-scale-and-a-mirror-to-the-health-care-system/

[32] Austin, J. M., Jha, A. K., Romano, P. S., Singer, S. J., Vogus, T. J., Wachter, R. M., & Pronovost, P. J. (2015). National Hospital Ratings Systems Share Few Common Scores And May Generate Confusion Instead Of Clarity. Health Affairs, 34(3), 423–430. https://doi.org/10.1377/hlthaff.2014.0201

[33] Pittman, D. (2017). Cancer moonshot head recounts exchange with Epic’s Faulkner. Retrieved September 5, 2017, from http://politi.co/2u02wdk

[34] Gorn, D. (2017). These doctors think electronic health records are hurting their relationships with patients. Retrieved September 5, 2017, from http://www.pbs.org/newshour/rundown/doctors-think-electronic-health-records-hurting-relationships-patients/