Can A Blockchain Approach Cure Healthcare Security's Ills?

As every industry is swept further into the Digital Age, identity and information theft has become increasingly sophisticated. As a result, it’s become critical individuals and organizations that house personal data to employ protective measures to ensure security. While the banking sector has decades of experience with privacy breaches and has therefore more or less perfected its policies and procedures when one occurs, hackers have turned to a new source of valuable information: your healthcare data.

Although there are still many a small private practice that have not yet switched to electronic health records (EHR), the vast majority of healthcare entities, especially large ones, have already made the transition, not only because of federal incentives and requirements, but also because EHRs cause a higher level of efficiency at lower costs with greater accessibility for providers.

Unfortunately, going online increases vulnerability and risks a breach. In 2015 alone, healthcare record hacking jumped by 11,000 percent, over 100 million records were stolen, and although most were unaware of it, a staggering 1 in 3 Americans had their records compromised.

Even more brazen, in February of this year, a hacker seized control of Hollywood Presbyterian Medical Center’s computer system and demanded 40 bitcoins (around $23,000 as of this writing). Only after the hospital paid the ransom did it regain control of its record system. This particular incident made newspaper headlines, but many breaches go unnoticed and unreported.

Healthcare records are particularly attractive to data thieves because of the treasure trove of personal information therein.

It’s one stop shopping to pinch Social Security numbers, contact information, even next of kin.

The thieves don’t necessarily use this information themselves. Sometimes they sell the records on the “dark web,” the spooky part of the internet that allows for high levels of anonymity. Not surprisingly, this characteristic attracts criminals selling drugs, illegal porn, and now, healthcare records. Healthcare records can be used to file false tax returns, pay for treatments/surgery, or order prescriptions.

NBC reports that after a snowboarding accident, patient John Kuhn received a mere x-ray but was billed $20,000 for surgery. In order to prove he was never under the knife, Kuhn had to go to the billing department and pull up his shirt to show he had no scarring. As it turns out, Kuhn was a victim of more than just a snowboarding accident – he was also the victim of healthcare record theft.

Unfortunately for Kuhn and others like him, EHR theft is more complicated than other information breaches, like credit card theft. While financial institutions can freeze accounts or cancel cards in the case of a credit card breach, at this point, healthcare organizations have no corresponding strategy for addressing the negative repercussions patients face in the event of EHR theft.

In addition to developing a mitigation strategy, both patients and healthcare organizations should put prevention strategies in place. An article from NBC recommends that patients:

·        Practice good password practices

·        Use different email account for shopping and banking

·        Use pin codes on IRS returns

·        Avoid giving out social security numbers, even the last four digits, to hospitals and doctors' offices

For small medical practices (75 employees or less), there are products and services such as HITRUST Cyberaid. Although it’s unclear how much of a threat hacking is to small physician practices, when the Health Information Trust Alliance performed test on small and medium-sized hospitals, they found malware at over half of them.

However, the long-term answer to this problem could be somewhere unexpected, in a seemingly unrelated field. Peter Nichol argues that blockchain technology (which is most famously used as the Bitcoin ledger) will revolutionize healthcare and provide the security necessary to prevent the aforementioned breaches.

Blockchain technology as described by Nichol would improve security in at least two major ways.  First, patients would be able to allow access to their medical records on a conditional basis, depending on a situation’s context. For example, perhaps a patient only wants to share information in an emergency instead of having it available to providers at all times. Currently, computerized systems cannot easily account for conditional consent—patients usually have to authorize complete access at all times or no access at all.

Second, through the use of keys and codes, multiple computers would need to be compromised for a hacker to gain access to information. In at least three large-scale breaches ranging in size from 850,000 records to 25.7 million records, only one computer was compromised.

Of course, there are challenges facing development of blockchain for healthcare, including selection of a protocol, creation of blockchain regulation, unknown costs, and limitations of the technology itself. Whether blockchain technology is the solution to EHR breaches or not, it is clear that a solution must be found and implemented quickly. As things currently stand, we do not have assurance that our medical records are secure and the repercussions of a breach could wreak havoc on patient lives.

#    #    #

If you'd like to learn more or connect, please do at https://DrChrisStout.com. You can follow me on LinkedIn, or find my Tweets as well. And goodies and tools are available via https://ALifeInFull.org. Special thanks to Gracie Wang’s work on this post!

If you liked this article, you may also like:

Why Medicine is Poised for a (Big) Change

Is This the Future of Medicine? (Part 5)

Bringing Evidence into Practice, In a Big Way (Part 4)

Can Big Data Make Medicine Better? (Part 3)

Building Better Healthcare (Part 2)

Is Technology the Cure for Medicine’s Ills? (Part 1)

Access to Healthcare is a US Problem, Too