The NEM team would like to thank Telegram user @Aenima86 for contributing this blog
This blog post will discuss the potential of using the NEM public or private blockchain for data management within the healthcare sector. This could lead to several important advantages.
- Patient-centered access management
- Improved data security
- Improved sharing of patient data
- Increased data availability
- New opportunities for medical research
- Inclusion of wearable sensor data
- Inclusion of Patient Reported Outcome Measures (PROM)
The use case
Hannah is a chronic diabetes patient; she needs to regularly visit the hospital and her general practitioner (GP) for monitoring of her disease status. This includes several blood samples and a yearly eye exam. Besides routine checks, she also daily injects herself with insulin with subsequent measurements of her blood glucose. Furthermore, she also uses a Fitbit to track physical activity and sleeping patterns. Hannah generates a lot of data, and it is difficult to keep track of all her data and which persons have access to her data.
A well-designed healthcare blockchain solves many of her problems. All of her devices are linked to the blockchain, uploading measurements into the chain. She can overview all her data from one application. Both the data generated by herself and the data generated by the hospital are now at her fingertips. Moreover, she can view and control which persons have access to which part of her data. Maybe she would like to share sleeping patterns with a diabetes clinician at the hospital. On the other hand, she might not like to share the results from her other specialists (mental health/transmitted diseases/drug treatment), as this may not be relevant for the treatment of her diabetes.
Blockchain technology has the potential to disrupt and improve the way we utilize and share patient data. Cross-institutional sharing of patient healthcare data is complex and as a consequence data is not always available for a healthcare provider treating a patient.
Furthermore, the patient is often left without control of their personal healthcare data and not involved in which persons have access to which part of their information. Ideally, the patient would have control over their data and thereby also potential empowering the patient to be further involved in the treatment. Many patients do already measure a broad range of disease indicator data such as vital signs, medication compliance, exercise, sleep quality, physical functioning, diet, mood and life quality. However, these data are not always utilized by the healthcare provider because of technical difficulties in sharing these data sufficiently.
How can we use the NEM platform
Blockchain technology has potential to solve many of these challenges in healthcare data management, especially the NEM public or private blockchain platform is suitable for patient-centered governance of health data. The concept consists of using multi-signature contracts for access-control of data management and encryption of data to allow privacy and control of one's healthcare data.
Furthermore, the blockchain is an ideal platform agnostic database for many different service providers and consumers to share content. NEM works via JSONrest API meaning that each company with its own proprietary system can easily connect to the NEM protocol to share data while remaining fully firewalled and secure. In this case, NEM provides a secure and encrypted medium for cross-platform exchange.
The patient will have full access to his data and control over which persons/institutions her data will be shared. The patient can set access permissions and designate who can read and write healthcare data to his account. This access-control management could be utilized using an off-chain application. The application would allow the patient to see which persons/institutions have access to data and allow the patient to assign new permits and revoke already issued permits and/or make limited time sessions for reviewing data.
This concept would provide transparency and allows the patient to make central decisions about what healthcare data is collected and how the data is shared between relevant persons/institutions.
In one model for providing blockchain based healthcare records, when a healthcare entity is approved access to the patient's’ health data, it queries the blockchain for the data and uses the account bound key mixed with a SALT to decrypt data. Second layer intermediary software can act as a further form of encryption with the data encrypted with a SALT that is time bound. The healthcare entity could utilize a customized application to view and analyze the data. Querying the blockchain is API-based, and this would allow any programming application to interface with the blockchain. This means that a hospital using an EHR system could easily integrate their system with the NEM blockchain.
In another model, the architecture is built around cryptography, mosaics (NEM assets) and the multi-signature contracting available on the NEM protocol. The multi-signature contract enables several entities to admin the activity of an account, control assets from one account, such as mosaics, or create additional contracts. NEM’s multi-signature makes a contract that assigns rights and powers of a certain account to other accounts; this contract can be edited. You can create the multi-signature contract in such way that any number of the signatories need to sign a transaction. This is called m-of-n multisig, where m can be any number equal to or less than n. In the architecture of the healthcare blockchain, we would use a 2-of-n multisig contract.
In such a case, the patient would control two keys in the contract and each healthcare entity included in the contract associated with the patient's account would hold one key. This means that the patient will remain in control of the account because he has the required number of keys to edit the contract. Healthcare entities still have the ability to view the account information (such as encrypted messages) and initiate transactions. The patient would still need to co-sign transactions initiated by other entities, but that could be set up to be done automatically or within certain rules in the off-chain application layer.
New data would be stored on the blockchain in the following manner: the patient or a healthcare entity with at least one key associated with the patient’s multi-signature account would initiate a transaction, sending a data-mosaic with included data as a message. The message would be encrypted, and the decryption key would be sent back to the multi-signature account in another transaction. When the data-mosaic transaction is co-signed manual or automatic the transaction is sent to an account related to that specific data type. This ensures that only persons/institutions with access to the patient's multi-signature account can read the patient's data using the decryption key(s). In practice the patient would control several multi-signature accounts – each account would be allocated to a specific type of data. This architecture would allow differentiating access to different type of data between healthcare providers.
In yet another model, data can be encrypted with Shamir's Secret Sharing model. In this method, each data input can be sent with multiple passwords. There can be an individual password just for that line of data and message, or passwords that are included for multiple messages and therefore unlock multiple blocks of messages. This latter example could be used to associate a set of messages with a doctor, hospital, or medical record category. So, for instance, a patient that wanted a specific doctor to see said information can include the doctor's secret key in each message. Or in the case that one patient had multiple doctors in many regions over long time spans, they could have one password that unlocks all the messages for those specifically related health issues.
In some cases, a patient is not capable of releasing their records due to their medical condition. In the case the patient is incapacitated, the necessary access permit in cases of emergency where the patient is unable to approve new persons for reading and viewing rights can be solved by using a trusted party. A trusted party could hold an additional key-pair, and the emergency procedure can be regulated by local legislation.
Data with large volumes such as medical images are not suitable for storage on the blockchain. This can be resolved by adding a data lake storing encrypted data with references in the blockchain holding the decryption keys. Data lakes are highly scalable and can store a wide variety of data such as images and time series.
Another viable option already being applied to some blockchain projects is to apply the above-mentioned methods with IPFS where each file is stored in encrypted format on distributed servers hosted by healthcare providers and can not be accessed without both the link and the password to decrypt the data. These can be encrypted or secured with the methods in the sections above for privacy and security.
The potential for improving healthcare data management is enormous. The healthcare sector is known for being conservative in structural changes. Hopefully, this blog and similar ideas could lead the way and demonstrate that already working and proven technology, such as NEM, could be used for implementation of ‘The healthcare blockchain.'
Working Applications on NEM
One such company in India specializing in AI, Big Data, Blockchain, and IOT, RapidQube Digital Solutions, has already been a working prototype built on the NEM Blockchain implementing an advanced medical health records application.
Their app utilizes the NEM protocol to allow patients to share selective medical records with their medical care providers in time locked sessions on an as-needed basis. This gives patients full rights to their data and makes them more active participants in their treatment process.
Icons made by DinosoftLabs & Freepik from www.flaticon.com, Creative Commons BY 3.0