3 ways blockchain can restore trust in digital health

Digital trust is under siege

From the Equifax’s breach that compromised the credit information of 143 million Americans to the abusive data collection of 50 million Facebook accounts to influence the US presidential elections, a recent stream of scandals has cast a shadow of public defiance over the ability of platforms to protect our privacy. For years, trading intimate information about ourselves seemed like a good a deal as long as we enjoyed more freedom as consumers, i.e., greater access to information, people, merchandise, credit… The engine of the digital economy was always to create transparency in areas previously undisclosed, allowing the likes of Google or Facebook to harvest personal data like a digital currency.

Now comes the great Net Disillusion. Our data does not simply qualify us as consumers but also as patients or citizens. We are waking up to the fact that personal freedoms might also be up for sale. Joining online communities can trap us into political silos. The theft of our financial data affects our borrowing capacity. The disclosure of our health information puts us at risk of being denied insurance or treatment… Did we agree to this when opting-in?

Giving up on digitization in healthcare would be self-sabotage

To protect our liberties and perhaps our lives, boycotting Facebook or retreating from the Web was never a serious option. For all its failings, Facebook provides tangible added-value connecting friends, families or communities. In healthcare, patients with rare disease have no better means to crowdsource research than to regroup online. Google’s search engines has changed access to (medical) information forever. The upside of migrating health data to the cloud is huge: analyzing aggregated records can help spot and curb treatment redundancies, adverse effects, and streamline data flows across stakeholders, allowing remote consultations or chronic care to scale. More promising still, the cloud gives doctor and patients unprecedented access to analytics powered by machine learning. This makes the democratization of digital therapeutics possible, for instance to monitor heart health with a combination of AI and sensors, with companies like Cardiologs or even to keep mental illnesses in check through voice assistants, thanks to services like Sonde Health. We are entering a world where we will be able to detect undesirable health events before they happen. But none of these great services will scale if patients and doctors fear for their privacy. Choosing between technology and privacy is an impossible trade-off. We need both.

Securing privacy with regulations is not enough

Europe has moved forward with a bold new set of rules for platforms, enshrined into the General Data Protection Regulation (GDPR), which comes into effect this May. To avoid abusive data collection, companies will need to obtain “clear and explicit” consent from users. It introduces a rule of data minimization, forcing platforms to limit collection to what is strictly necessary, nothing more. The GDPR also entails a “right to be forgotten”, meaning an individual can ask for personal data to be deleted. Companies will have to provide a full record of data processing. This comes with extra cost for startups that store data all over the place. Sanctions, which can amount to up to 4% of a company’s turnover, are very off-putting.

Last but not least, the GDPR is making the “Blue Button” compulsory. This refers to the possibility to download and transfer your data across platforms, something the VA first introduced in the US and which CMS is now extending. This is a big step forward for interoperability across systems. Patients will gain control over their data. Now, they also need a log of what data is shared with whom.

But large Tech companies are mostly in the US and the GDPR only protects European users. Meanwhile, American legislators seem mostly trapped in party politics. Republicans won’t want to undermine the legitimacy of Trump Presidency digging too deep on privacy and Facebook/Cambridge Analytica. And why should the government meddle if it weakens the country’s dominance over the Internet? In this context, US platforms still have too few incentives to police themselves, let alone respect their own Terms & Conditions, because privacy concerns can be trumped by business considerations. In Europe, governments are overwhelmed with the digital bonanza and ill-equipped to enforce their own privacy agenda.

For healthcare, tighter regulations still exist on both sides of the Atlantic. But government backed privacy is not perfect either. In the US, the Health Insurance Patient Portability Act (HIPPA) was enacted in 1996 to secure the confidentiality, integrity, and availability of electronic Patient Health Information (ePHI), just when Electronic Health Records (EHR) started being rolled-out across large providers. HIPPA imposes technical safeguards and processes to restrict access to data, avoid or report any disclosure. But HIPAA compliance is mostly self-declared, and providers share patient information freely with third parties, provided they sign a Business Associate Agreement (BAA). This transfers responsibility to third parties, but it does not extend controls. Most startup that analyze ePHI for providers will say they comply with HIPAA. Few are ever audited…

Blockchain technology can fix the trust deficit in healthcare

Since citizens can’t fully trust third party institutions or regulators with their data, they should turn to better technologies. It’s no accident that Blockchain is emerging at this historic moment of mistrust. It promises to create “digital trust by design”, cutting out the middlemen who deal with our data. To grasp it’s disruptive potential, just consider how much of our daily transactions rely on central authentication. Each time we spend a dollar, we implicitly trust the Central Bank to guarantee the value of our bill, or our bank to validate transfers. If I own a house or a car, I trust the department of housing or transportation to certify that it is mine. When I register across multiple websites, I let “Facebook connect” authenticate my identity.

If I visit the doctor, I need my health system to keep my records safe, even as my data is shared across multiple departments and physicians. In reality, I have no means of controlling where my data is going. Blockchain changes that. Full disclosure, I am an advisor to an extremely promising startup, Embleema, which is addressing this very trust issue in healthcare… Embleema is releasing a first patient record supported by a patient Blockchain, so that patients might store all their data and control how the information is shared. In practice, here are 3 ways Blockchain can fix the trust issue:

1. Blockchain gives patients control over where their data is going

Today, no patient knows where his health data is going because he can’t see a log of transactions. Blockchain offers an alternative to “trusted” third parties, by decentralizing authentication of transaction logs. Here’s how it works. A Blockchain is essentially a digital infrastructure that bundles together records of transactions, into time-stamped blocks (hence the name). These are recorded by all participants (nodes) of a given network. Each new block refers to the previous one with cryptographic hashes, building an immutable record of all transactions from the first to the last block. Transaction are certified to be true, not because a trustworthy authority (e.g., a central bank, the government, Facebook etc.) validates bookkeeping centrally, but because the ledger is distributed across all participants of the network in real-time. One participant of the network cannot falsify the log, because a consensus algorithm reconciles the information across the nodes, spotting any discrepancy. This means each participant, i.e., patient, knows at all time what has happened.

To avoid any misconception, only the information on the Blockchain is public, for instance, which record is being shared with whom. Sensitive patient data, however, can stay off-chain. Take the Embleema example: providers, patients or researchers that take part in the distributed ledger will all know where data is going, but only those who are being granted the right to see it will access the medical information itself, which will still be secured in HIPPA compliant clouds. Since medical data actually belongs to patient, enforcing transparency with Blockchain technology is crucial.

2. Blockchain allows patients to be compensated for their contribution to research

One more thing you need to know: because you currently have no control over your health data, a whole business has developed around it that you probably have never heard about. It’s meant to be that way… Specialty firms and data brokers aggregate your pharmacy, medical, and consumer data. They link databases together to acquire a complete picture of you. Then, they “slice and dice” this information and sell it to marketers and researchers in life science companies. They will analyze it without you ever knowing. To be fair, this is de-identified data and much of the slicing is meant to optimize research or supply chain for drugs. But wouldn’t you like some kick-back for the value you are creating?

Well, Blockchain allows that too. Typically, every new transaction can be linked to the emission of a token by a smart contract, essentially an algorithm intended to digitally enforce the performance of an agreement, in this case granting tokens for every set of health data shared. For instance, the Embleema blockchain lets researchers buy tokens that give them access to health information that patients willingly share. Compensating patients in this way is really a way of incentivizing their participation in research, often for diseases where it makes sense to speed up research. Providers could also earn tokens by vetting the quality of the data. Trading health data against cryptocurrencies creates fair trade in place of a previously opaque business. It allows patients to be compensated for their contribution to research, reducing the cost of care and helping to speed advancement of cure. This is truly disruptive.

Now, you could always say that once your data is out, anyone who has access can essentially copy and paste it, and begin trading it off the Blockchain. Not quite. There are technologies to protect against this, by allowing temporary access to queries that never let you see the full data, but simply analyze sub-sets. You could soon be renting your data.

In fact, trading tokens against data can be used for many other things, such as rewarding adherence to treatment. Lack of adherence was estimated in 2017 to cause at least 10 percent of hospitalizations and to cost the American health care system between $100 billion and $289 billion a year. Now wouldn’t you say that in the context of value based payments hospital readmission reduction programs (HRRP), given cryptocurrencies to incentivize patients could prove hugely beneficial to healthcare? Imagine that you could earn coins for stepping on your scale, as part of your diabetes prevention program!

3. Blockchain creates interoperability where healthcare organizations operate in silos

Last but not least, Blockchain offers the prospect of tackling one of the thorniest problems of digital health, i.e., the lack of interoperability across providers. While 95% of hospitals have adopted Electronic Medical Records in the last 10 years, every hospital seems to have its own vendor. Sharing and distributing patient medical data from one provider to the next is inefficient. Patients risk duplicating treatments or losing critical information. While standard HL7 APIs have since been created to share data, provider to provider exchanges are still opaque and there is no real mechanism to enforce trust. Here again, Blockchain enabled transparency might just be the standard that the industry needs, securing patient trust and buy-in.

Conclusion: Are you crypto or AI?

“Everywhere we remain unfree and chained to technology, whether we passionately affirm or deny it. But we are delivered over to it in the worst possible way when we regard it as something neutral.” Martin Heidegger’s post WW2 insight on The Question of Technology is still a relevant warning against the powerful illusion that Tech only serves the agenda of its users. In reality, platforms hard code their business agenda, deriving market power from a technology that centralizes data by design. On the contrary, Blockchain enforces another type of code, one that promises to decentralize trust. It creates accountability by design and gives power to the nodes, if not the people. We are only beginning to perceive this new divide, one that opposes centralized AI powered platforms and decentralized crypto-backed services, socialists vs libertarians as Peter Thiel recently analyzed… It’s more political than you think, and now, your health might depend on it too.

Alexis Normand

PS Be one of the first to beta test the Patient Blockchain and register on www.embleema.com or stay tuned on Telegram