Revolutionizing Healthcare Security with Blockchain Technology
Data security in the healthcare field is becoming more and more of a risk. As companies move to store data in the cloud, the threat of cyber attacks is exponentially growing. As an industry, we need to be finding a solution to an ever-increasing storage and security issue. With a cloud-based system, the threat of significant data breaches is going to be present forever. Using the best cloud security in the world only puts a band-aid on the problem, because underneath that layer of protection still lies access to millions of records with one breach.
That is why MedChain is using the blockchain to solve this. Blockchain redefines to tackle data security and privacy. In our case, when you eliminate centralized silos of data storage, you eradicate large-scale breaches. It’s nearly impossible to corrupt the blockchain. If someone gets on a blockchain computer, the most s/he could do is damage one instance; however, they would have to “convince” all the other computers on the blockchain to “accept” that change, otherwise it will be rejected. Even if the attacker “convinced” 100s of other computers that the new data was correct, it is still only one record. An attack like this is limited in scope, stopped dead in its tracks, and subsequently fixed. Coupling our blockchain with a distributed storage network, I can’t think of a more suitable way for medical record keeping.
What happens is this: A person’s information is encrypted, split into many different pieces or ‘shards,’ and then distributed across the entire storage network of servers. Moreover, this information is only accessible if the patient authorizes it to the requestor via their private key and data-hash. Of course, there will be ways to get emergency access in life and death situations, and specific scenarios will be covered case-by-case. However, that’s the beauty of the blockchain and smart contracts. With HIPAA guidelines changing and new regulations coming out globally on a frequent basis, MedChain can quickly update their software to stay compliant and secure.
Employing inventive identity verification methods and state of the art cryptography, securing user identity is as good as it gets — and you hold the keys! Those “keys” are 2048 bits of information (or 4096!) that you can safeguard just like a real set of keys. They are too long to guess randomly (i.e., no two keys are the same), you can give out a copy to your provider (i.e., loan out your second set), and you can put a copy in a safe-deposit box (i.e., have a spare key for yourself).
However, cryptographic keys also have benefits such as you could choose only to give out “read” keys or “write” keys to limit someone’s access; you will only give out a special copy of the key and not the “master key”; you can remotely revoke those special keys even if you give it to someone. Moreover, with the “master key” safely stored (physically and electronically) you can even revoke your keys that are on your smartphone in case it gets lost or stolen! Speaking of lost or stolen, even that key that someone now has in their hands still has a passphrase to access it! (You are using long passphrases instead of single words on all your accounts, right?!) Now, you log into your app on your phone, and a doctor requests access to your records. MedChain has already hashed, encrypted, and referenced the location of your electronic Private Health Information (ePHI) on the blockchain. Randomly stored across nodes, the pieces will only be recombined when an authorized physician requests them, and your private key is the only thing that can unlock that file. Voila! Access granted. Your doctor can see it now, add to it, make changes and update what they need to. Anything they are generally allowed to do.
Also, one more benefit of the blockchain (actually, MedChain’s “multi-blockchain” network…), every access, reading or writing, is forever captured in a blockchain log. You can audit the security of your medical record no matter whom you give the keys!
It is imperative to note that the blockchain never stores patient data. Putting data on the chain like this would not be compliant with the government and would violate people’s privacy. The entire point of blockchain is to be transparent, so we wouldn’t want to do this in the first place.
Finally to tie it all off, when you leave the doctors office, guess what goes with you? Well, of course, it’s your records, all in your pocket. Accessed by the app on your phone in your pocket, but you know what I mean. So security is as secure as you let it be. Don’t authorize strange requests and don’t leave your phone unlocked. It’s just that easy. Even if something manages to slip by you, MedChain is still there to back you up. MedChain is to securing EHR, down to the individual patient.
