A secure and transparent network for sharing health data using Hyperledger Composer blockchain and HL7 FHIR
I’ve been working in healthcare since 2006, in both technical and project management roles. My interests lie in data management, privacy and ethical data access.
Back in 2006, my first project was to connect data from three of the largest pediatric hospitals in Europe. Having just completed my PhD in medical image analysis, I understood the benefits of collecting as much data as possible for the training of new doctors (and machine learning algorithms).
More data allows doctors (and computers) to find patterns of disease and better predict health outcomes. This is particularly important in rare pediatric diseases where data-sets are relatively small. We had some brilliant people and large organizations working to solve the problem. Even so, judging by how little data is transferred between institutions today, the results don’t seem to have been widely adopted.
That is why I am developing a back-end application to securely and transparently share health data. I call it The Patient Data Network.
The project aims to enable patients to access and share their health data with other people, healthcare professionals and healthcare providers.
The source code is freely available on GitHub.
The Current State of the Art
Most healthcare data today is captured and stored by the healthcare providers like hospitals, family doctors, physiotherapists, etc. They are the custodians for their patient’s data, and they take their responsibilities very seriously.
They invest large amounts of money on complicated and secure software systems to store your data and their clinical workflows. More recently, they have created patient portals, which are narrow windows that allow patients to view a small subset of the data that they store on the patients behalf.
This is a very similar model to banking, where a bank securely holds your financial information and has customer facing apps where users can view their money and make transactions.
However, unlike the banking sector where customers generally only have accounts at one or two institutions and rarely change banks, most patients can visit many different healthcare providers and are routinely transferred from one institution to another. Unfortunately, given the way that the data is stored at each institution, it is not easy to share or view the full details of a patient’s data when they are transferred.
In short, the healthcare system is intrinsically decentralized. One person can be a patient of multiple clinics or hospitals. A person may also be a doctor at multiple clinics or hospitals. That doctor may sometimes also be a patient. The only common entity to link the various components in the system is the Person.
There has been a lot of work focused on the patient-centered model of healthcare, but until now not everyone has agreed on the best way to enable it. Data is still shared by email, DVDs and even paper 😮
That is the reason I created this project.
The Patient Data Network
The patient data network is developed for the secure and transparent sharing of data between patients, healthcare providers and health institutions. The network is made up of three entities;
- Individual people (e.g. patients, doctors) and Organizations (e.g. hospitals, clinics)
- Data Assets (e.g. MRI images, questionnaires, reports)
- Smart contracts which govern how the participants interact with the data assets
As mentioned above, there are two types of participants on the network, people and organizations. A person can be a patient or a doctor, or both. In the diagram below, we can see that the person can be a patient and a doctor at multiple healthcare organizations that each have data associated with them.
Each time a patient visits a new hospital, they are assigned a patient number or Medical Record Number. In most cases these are unique to the hospital and are not the same across multiple hospitals or health organizations. Each hospital then creates an electronic file or profile for that patient.
In our model on the blockchain network we store;
- the Medical Record Number (encrypted)
- a link to the profile for that patient on the hospital’s database
- a Hash value for the profile data
The Hash value allows users on the network to check the integrity of the profile data returned from the hospital.
The doctor or practitioner model is fairly similar to the patient. Instead of a Medical Record Number, we have a ‘Practitioner ID’ which is unique to the hospital or health organization where they works.
Organizations are healthcare institutions or clinics that are involved in the care of patients. These organizations continue to act as custodians for the data that they collect at their clinics.
Organizations also have another role within the network. They act as peers on our blockchain and maintain a copy of the ledger of all participants, assets and transactions that occur on the network. That doesn’t mean that they have access to the data, they just maintain an anonymous ledger of the information and ensure it matches with other peers on the network.
Every healthcare practitioner on the network is required to be part of an organization. Even if practitioners are just doctors working by themselves, they would need to set up an organization on the network (e.g. Dr. Murphy would need to set up Dr. Murphy’s Medical Practice). This will allow Dr. Murphy to view her patients, allow patients to share their data with her and also allow her to contribute data to the network.
In our network, assets are pieces of information that are collected about a patient. In the case of health, the set of data elements are standardized in the HL7 FHIR (Fast Health Interoperability Resources) model, so we use this to define our assets. Things like Procedure, Medication, ImagingStudy, Appointment are all considered assets within FHIR.
Similar to the patient model above, we don’t want to store the data assets on the blockchain but rather a link to the resource at the hospital and a hash of the data. In the diagram below, we describe how a simple model for an MRI might look. In FHIR, this would be called an ImagingStudy.
Now that we have defined the users on the network and the data assets, we should allow them to perform certain actions. In our project, we have described two types of data sharing transactions. The first allows a person to share their data with a practitioner on the network. The second allows a person to share their data with an organization on the network.
While these may seem like trivial transactions, if they were fully adopted by healthcare organizations and patients, it would likely revolutionize healthcare and save the health sector a lot of money. Remember those paper copies that I talked about earlier!
The diagram below describes the steps involved for a doctor to request MRI data for their patient. The doctor doesn’t even have to know which hospital the data is coming from. The patient would add this doctor to the ‘shared’ list which allows them access to the asset information on the blockchain.
The blockchain then provides a link to the data location at the hospital. Once downloaded, the doctor is then able to check the integrity of the MRI by using the Hash value that was stored on the blockchain when the data was originally created.
A little about why we are using Blockchain
Blockchain technology has gained a lot of traction recently as a way to ensure trust and transparency in everyday transactions. Simply put, the blockchain is a distributed ledger or catalog of data and built-in contracts to manage the actions on that data.
The ledger records every new transaction on that data and then shares the update with everyone else who has a copy of the ledger. You cannot delete from the ledger and everyone who has a copy keeps it up to date.
Many people say that blockchain is a hammer looking for a nail, and in certain contexts that is true. However, as explained earlier, the healthcare system is a distributed network by nature (very different to other systems like finance) and blockchain is a tool for enabling decentralized networks. That’s why there are already some healthcare projects in existence and large companies like IBM and Alphabet are investing time and effort in blockchain’s development and application.
What is Permissioned Authentication?
For this healthcare application, we chose a permissioned blockchain network. This means that only known peers are allowed to validate transactions. In the health data context, this makes sense because we define the peers to be the healthcare organizations. Healthcare organizations are already the custodians of the data and are trusted to act in the best interests of the patients and practitioners. In addition, having a permissioned network has other advantages, specifically around computational efficiency and scalability.
Here we rely on the inherent security of the blockchain. We also protect privacy by not storing any personal health information on the blockchain directly.
In our network, the patient is the owner of the data and they have the responsibility to share their data as they wish. In most cases, this would be a small healthcare team who are interacting with the patient around a specific condition or issue.
A patient might also decide to share data with an organization for research purposes. Using our network, this is possible and we can even develop more sophisticated smart contracts to handle data privacy properly.
This all sounds great, how do I get involved in the Patient Data Network?
Steady now, before you send me all your money, I want to make it clear what the patient data network does and what it does not do.
There is no “app” for patients to start using the network as it is. However, app developers can use this framework for creating apps that allow patients to view their healthcare records with the permission of the healthcare organizations. The project even has a RESTful API so that developers can easily interact with the network. If you are an app developer and you want to use the project, get in touch! :)
The network does not store any health data. The network simply gives a link to where the data is stored within the healthcare organization. It is up to the organization to allow that patient or doctor to access the data they are requesting. If you are a hospital or clinic and would like to use the project, get in touch! :)
Throughout my work experience in collecting, processing and analyzing other people’s data, I understood the responsibility and the trust that people give me to hold their data securely and with integrity. A lot of people share their data generously in the hope that it might help themselves and others. I hope that this project will create a more secure and transparent healthcare environment for everybody involved.