When cryptocurrencies became very popular in the fin-tech industry, the professional and scientific community started thinking of new ways of applying blockchain technology. Although blockchain is generally associated with Bitcoin, Ethereum, and other virtual currencies, its applications go beyond financial transactions. Many governments are introducing this technology to their processes. Internet of Things, insurance, real estate, supply chain, and even the music industry can benefit from the advantages offered by blockchain.
A sufficient amount of research has been conducted to assess the possibilities of using this technology in the healthcare industry. Some companies are already working toward ubiquitous integration of blockchain into medical services. One of the most significant works on blockchain in healthcare is the study of Khezr, Moniruzzaman, Yassine, and Benlamri (2019). In their comprehensive review, the authors cover the current state of blockchain in healthcare, and how this technology is being leveraged to meet the industry demands. The paper goes from explaining how blockchain fits into the workflow of healthcare applications to listing the present usage scenarios.
They conceptually organize blockchain and associated healthcare technologies and stakeholders into a layered architecture. The authors stress that this technology can even be used to improve the quality of health education (Khezr et al., 2019).
Although their work is thorough and covers most of the concepts related to blockchain, it does not talk about how blockchain works, why it is suitable for healthcare, and why companies and governments need to make enormous amounts of investments to develop blockchain applications that target the healthcare industry. The researchers also claim to provide directions for future research. However, they failed to meet this goal because the paper only presents a list of potential applications of blockchain.
No predictions and forecasts are given to direct the prospective researchers on what should be enhanced to meet which goals. Iansiti and Lakhani (2017) claim that blockchain is able to reduce the cost of data verification and transactions, which is relevant to the healthcare industry because of rising prices. Therefore, the research community should consider this technology as a potential solution for current challenges.
This paper aims to fill the gaps in current literature by summarizing the material from the most relevant articles and adding missing details. Notably, this literature review provides extensive information about blockchain, how it works, what infrastructure it needs, and what resources it consumes. It also covers current applications that leverage blockchain and specific examples that demonstrate some particular aspect of the technology. Concepts like security and data sharing in the context of healthcare are also presented. For completion, the paper lists the current challenges of using blockchain in the medical industry and provides a forecast on the direction of development.
Blockchain Overview
How it Works
Blockchain is a continuous sequential chain of blocks that contains information, built according to specific rules. Most often, copies of blockchains are stored on many different computers independently of each other. For the first time, the term appeared as the name of a fully replicated distributed database implemented in the Bitcoin system, which is why blockchains are often referred to as transactions in various cryptocurrencies (Crosby, Pattanayak, Verma, & Kalyanaraman, 2016).
However, blockchain technology can be extended to any application that uses interconnected information blocks. Blockchain does not have centralized control – it is open to any network participant and is stored on participants’ hard drives (Iansiti & Lakhani, 2017). No one is responsible for the integrity of the records, but the coherence is strictly defined by the architecture of the distributed database itself.
The underlying system is an ever-growing sequence of blocks that are shared between participants using peer-to-peer networks. These networks are available to any computer user, and most people are already acquainted with them – they are often used to distribute torrents. The blockchain exists in a massive number of copies, and for a malicious user to alter a single record, he or she has to penetrate a very large number of computers (Iansiti & Lakhani, 2017). This task is practically impossible, even for the greediest and technically competent criminal.
Blockchain architecture has other cryptographic methods to enforce the security and integrity of the whole system. One rule of blockchain is that it is not possible to alter a block in the chain – one can only add a different block describing the edits to the tail (Crosby et al., 2016).
When a participant writes a block, the system adds a timestamp or a hash sum to it. One can perceive these hash sums as unique fingerprints associated with each block. When someone tries to rearrange the sequence of blocks, the system will reject the chain due to the mismatch of the structure and the hash sum (Crosby et al., 2016). To ensure that no one can change the timestamp and recalculate the hash amount that will be correct from the system’s perspective, blockchain uses several methods of protection – Proof of Work (PoW) and Proof of Stake (PoS) (Crosby et al., 2016). These algorithms also choose the generator of the next block, because the system would be impractical without a consensus mechanism.
To avoid tampering with data, the blockchain network uses one-way hashing algorithms. However, generating a random hash is too easy for contemporary computers. To make this process more difficult, blockchain uses PoW algorithms that require users to solve a specific mathematical problem (Crosby et al., 2016). Only upon successful completion, a user will be able to add a new block to the chain. It may take trillions of attempts for a user to generate a valid hash that meets the requirements of the puzzle, but it is easy to verify whether it is correct or invalid (Crosby et al., 2016). By providing the generated string, the user is essentially proving that they have done work and now are able to add the data to the blockchain.
The most significant part of this concept, however, is that any new work is based on the results of previous blocks. If a malicious user attempts to alter prior blocks to be able to generate a new section with falsified information, they will be rejected because of the hash mismatch. PoW serves several purposes – it decreases the likelihood of denial-of-service attacks, because the required computational work is very costly, and it prevents data manipulation because any new block with incorrect data is immediately rejected.
PoS is an alternative consensus mechanism that was proposed because of the impracticality of PoW. PoW requires tremendous amounts of computational resources, which result in a waste of power, mainly electricity (Crosby et al., 2016). In PoS, the generator of the next block is chosen based on various combinations of random selection, age, and wealth (Crosby et al., 2016). Despite requiring less computational power, PoS is criticized because of potential vulnerabilities, such as the “nothing-at-stake” problem, and Fake Stake attacks. Therefore, PoW stays as the primary way of achieving consensus.
Blockchain Infrastructure
Blockchain should not be viewed as a single monolithic system that offers the mentioned security and integrity benefits. It is just a combination of appropriate fundamental computing blocks that can be used for the development of decentralized applications. Processing, storage, and communications are essential elements of computing, and there are various manifestations of these elements that are unique and relevant for a specific environment. Different devices and applications use these elements differently to meet specific needs.
For instance, the communications element includes both the physical infrastructure that is needed for information exchange and software protocols that govern the communication. Blockchain technology, too, manifests these computing elements in a unique way. The processing element includes smart contracts and high-performance computing. In the storage space, there are token storage, databases, and file systems. Finally, from the communications perspective, one can send data, value, or state.
Processing
The processing element in the context of Blockchain is composed of smart contracts, which are essentially decentralized applications that are available to all network nodes. They were first used to provide anonymous parties with a solution for trusted transactions and some specific terms of the agreement (Crosby et al., 2016). For instance, a person makes a payment, then some business logic is run without the need for a central authority or a legal system, and the person receives some value.
It is a contract between blockchain participants, and the agreement is shared between all nodes. There are several benefits of using smart contracts – it removes the need for brokers or lawyers, and backup is built into the architecture because the data is replicated to all participants. However, the cost of a single mistake is very high – because smart contracts are computer programs that are shared between all parties, all participants can view bugs and security holes.
Although smart contracts are distributed across all participating network nodes, each copy of the software is executed individually on each machine. This approach is appropriate for a business logic that is not resource-intensive in terms of computational power (Iansiti & Lakhani, 2017). However, smart contracts should not be related exclusively to payments or legal contracts – it can be any computer program that is intended to be run in a decentralized fashion (Cachin, 2016).
Therefore, computationally intensive programs cannot be run individually on each machine but should be shared between many computers. In other words, one node is responsible for the execution of one piece of code, while other parties execute different portions of the program. The resulting outcome is then combined and stored on the blockchain. High-performance computing is not a new concept, but decentralized approaches allow blockchain technology to extend to applications beyond financial transactions.
Storage
For distributed processing to be possible, appropriate storage technologies are necessary. Within the context of blockchain, the storage element is comprised of token storage technologies, distributed databases, and file systems. The need for each of these emerged from how blockchain was aimed to be used in the early stages of its development. Financial transactions with cryptocurrencies involve the movement of assets, and there should be a uniform representation of these funds. For these reasons, token storage was developed, where tokens represent value (Iansiti & Lakhani, 2017). Also, blockchain was aimed to decentralize applications, and it would not be possible without distributed databases and underlying filesystems.
Managing digital assets with smart contracts provides many opportunities both for businesses and individuals. The healthcare industry, for instance, may benefit from decreasing the costs of issuing and tracking health insurance. These opportunities are possible because of token storage technologies. The primary purpose of such storage is to provide, transfer, and track tokens while enforcing some rules likes prevention of double-counting (Crosby et al., 2016).
In the early days of decentralized asset exchange, double-spending was the primary concern because competent users were able to copy their digital assets and transfer them to several merchants. However, contemporary token storage mechanisms successfully prevent such fraud.
Distributed databases are where the blockchain data is actually saved. Traditional databases, both relational and document stores, can be installed on several machines and be used as if they are a single database, but there should be a central node which manages others. Therefore, despite being named distributed, such databases are centralized and not suitable for blockchain applications (Crosby et al., 2016). BigchainDB is one of the examples that are specifically targeted to decentralized programs. It is based on MongoDB and supports token storage, and querying, and features immutability. Different applications may use different databases depending on the requirements, budget, and complexity.
Although blockchain databases are decentralized and distributed, appropriate filesystems reduce the complexity and allow individuals to view it as if there is only a single instance. One example is IPFS, which is a peer-to-peer file-sharing system but with a simple interface to access files that are dispersed through thousands of nodes. Such systems increase the usability of blockchain applications, hiding the complexity while maintaining all advantages that are obtained from decentralizing the processing and storage.
Communications
From the communications perspective, conventional applications exchange only data. TCP/IP has been an industry standard for many years, and still remains a decentralized method for data transmissions. For privacy, a Tor overlay can be used, though it adds some amount of centralization. While data may be used for the exchange of digital assets, there is no value in the information itself. One can resend as many packets as they want with no risk. However, for blockchain applications, the ability to transfer assets securely is crucial.
Therefore, modern blockchain applications should be able to move both regular data and value. For these reasons, appropriate protocols have been developed, such as the Interledger Protocol and Cosmos. These protocols also facilitate scalability, usability, and interoperability between different blockchains (Crosby et al., 2016). For a unified ecosystem of blockchain products, there should be a way of using different tokens in various networks. In other words, there should be a possibility to transfer state from one system to another. Polkadot is one example of such a platform, which allows blockchain networks to communicate with one another. Security is ubiquitously enforced via uniform mechanisms that facilitate interoperability and stability.
Blockchain Applications in Healthcare
The history of blockchain in healthcare started not with the intention of transforming the medical industry using decentralized applications but because of ransomware. Health providers used the Bitcoin blockchain network to pay to malicious hackers who had encrypted their data (Kuo, Kim, & Ohno-Machado, 2017). Such attacks have caused significant damage both in terms of financial resources and the confidentiality of patients’ records (Kuo et al., 2017). However, the professionals in the field have realized that blockchain may potentially bring many comparative advantages, besides payment options.
Key Benefits
Decentralization
Decentralized management is the primary benefit of using blockchain in healthcare. Because of peer-to-peer communications and storage, no single node in the network has the exclusive authority. Introducing blockchain to the biomedical field would allow independent stakeholders, such as hospitals, patients, and insurance companies, to collaborate and interoperate with each other without spending money on an intermediary that would coordinate the actions of each participant (Kuo et al, 2017).
Instead, smart contracts can be used to manage business logic. Blockchain use cases in healthcare provided by Angeles (2018) have decentralized architecture as their main feature. Because the volume of data collected by medical devices and healthcare professionals is growing unprecedently, systems that store sensitive patient data have been subject to a high number of malicious cyberattacks. Resulting data theft led to a loss of reputation and substantial amounts of financial resources (Khezr et al., 2019). However, decentralized solutions with PoW consensus mechanisms will disincentivize the attackers because any attempt to manipulate with the data may incur unbearable costs in terms of processing power and memory.
Immutability
The second significant advantage is the immutability of added information. In traditional systems, one can add data, read it, edit it, and delete it. In blockchain applications, however, a record cannot be easily modified or removed (Kuo et al., 2017). Once it is published to the chain, all participating nodes can view it, but cannot change it (Iansiti & Lakhani, 2017). Therefore, critical information, such as insurance claim records, can be stored without any risk of data tampering or loss. As stated by Zhang et al. (2018), patient data will be less prone to thefts. Another critical aspect of immutability is the ability to see the full audit trail.
For instance, consumers willing to examine where a particular medicine came from and how it was produced may easily explore all related information on the chain with confidence in the integrity of the supply chain history.
Ownership
Proving the ownership of digital assets is not a trivial task in traditional applications because the data can be modified by a system administrator or an intruder. For this reason, organizations often use supplementary methods, like two-factor authentication and one-time passcodes. These approaches not only increase costs but also lead to inconvenience in usage. Furthermore, in some circumstances, even these security measures can be bypassed. In contrast, blockchain’s cryptographic protocols enforce the rule that only the owner of the asset can modify ownership information (Kuo et al., 2017). It is also possible to trace the origins of the assets and confirm the sources of the information (Kuo et al., 2017). The chain holds the whole history of transactions and changes – the system is designed to be traceable (Esmaeilzadeh & Mirzaei, 2019).
Therefore, the management of vital digital assets, such as patient consent records, is much more comfortable with blockchain. Currently, patients’ health records are usually managed by healthcare providers at their facilities. Patients do not have any control mechanisms over what is happening with their medical data. Theoretically, health records can be transferred to third-party organizations or can be lost as a result of a failure in the system or an external attack.
However, if the information is transferred to the blockchain, the situation changes fundamentally. Blockchain applications can be developed, with which patients will temporarily provide access to their data to attending physicians or research organizations. They will be responsible for access of third parties to their medical records and will be able to see who and how is using their data.
Robustness
High availability is another notable aspect of applications based on blockchain technology. Traditional programs may store data in a distributed fashion, removing the single-point-of-failure. Nevertheless, there are times when an entire cluster fails, which may lead to discrepancies in the service. On the other hand, blockchain applications do not suffer from such problems because each node on the network has a full copy of data records (Kuo et al., 2017). This feature makes such programs suitable for scenarios where high availability and data preservation are necessary. Iansiti and Lakhani. (2017) claim that the contemporary economy cannot function adequately without information services that work without any discrepancies.
Confidentiality
Security and privacy are also critical benefits provided by blockchain. Because this technology was initially architectured for decentralized financial transactions, security and confidentiality were part of the design. Currently, the 256-bit Secure Hashing Algorithm (SHA-256) is being widely used for encrypting data. Bitcoin blockchain uses the same algorithm to protect its transactions (Suo et al., 2017). In the wake of continuous events of patient data theft, privacy is one of the most significant concerns of the healthcare industry today. With blockchain, the safety of medical records will be more feasible, and several working solutions already exist (Angeles, 2018).
Electronic Health Records
Electronic health records (EHRs) are electronically stored health data of patients. This data is collected via systematized methods and is stored in a digital format. Connected information systems can be used to transfer EHRs between different healthcare settings. For instance, when a patient needs to move to a different hospital, the treatment history and health records of the patient can be easily moved to that hospital through interconnected information systems. Esmaeilzadeh and Mirzaei (2019) suggest that blockchain has potential because it can ensure the security and integrity of the patient data. Therefore, it is fair to conclude that EHRs and associated blockchain opportunities are critical for research in the biomedical field.
The risk of data replication is also reduced because each patient is associated with only a single file. Whenever there is a need to make alterations regarding a patient, only one file is modified. Data replication can be completely eliminated using blockchain, because each patient will only have one package of information which is shared with health providers. Searchability is also a significant benefit of EHR systems because the required data can be easily retrieved and examined.
With blockchain, this data will also be traceable, thus ensuring the validity of the information. Report and analytics functionality can be built into these programs, which allow doctors and researchers to perform analyses to identify any long-term patterns in a patient’s well-being. The worldwide adoption of EHR will also make it easy to conduct population-based research. However, the lack of interoperability is a significant challenge that needs to be solved to fully utilize the potentials of EHR systems.
Interoperability
To effectively leverage the opportunities provided by the presence of EHRs, healthcare providers and other stakeholders should be able to exchange it and use it. Interoperability has other benefits – it can decrease operational costs and improve efficiency (Gordon and Catalini, 2018). The current state of interoperability in the healthcare industry can be described as divided and non-uniform because different organizations have varying incentives that motivate data exchange. Although EHR systems hold consistent information within themselves, in the context of intercommunicating institutions, the data is scattered, and there is no uniform and complete picture of a patient’s health (Gordon and Catalini, 2018).
There are also challenges related to implementing interoperability in practice. Significant collaboration and funding are required to build a robust data-exchange system that features security, transactional authentication, and other critical mechanisms (Gordon and Catalini, 2018). Blockchain technology may be utilized to address some of the issues related to interoperability. For instance, Zhou, Wang, and Sun (2018) describe a blockchain solution that mitigates some common issues that occur between hospitals, patients, and insurance companies. In current solutions, hospitals send complete spending records to insurance companies; this data includes what services patients used and what medications they received.
It is possible for malicious users to intercept the traffic while the data is being transferred. To overcome this challenge and keep hospital and insurance company systems interoperable, Zhou, Wang, and Sun (2018) proposed an environment in which insurance companies process patients’ spending records without having detailed information on what services they had used in the hospital. Such a scheme reduces the risk of data leakage, because detailed records are not shared.
Instead, the system checks if the information provided by the hospital is valid, requests the patient to confirm it, and sends the verification to the insurance company, which receives the total sum of payment with no detailed entries. The common issue, however, is making such a system generic, so that any healthcare organization can quickly adapt it. The same problem is highlighted by Magyar (2017) – developing data storage systems based on blockchain is an intricate objective, because there is no clear understanding about what data should be kept on-chain and what information should be kept off-chain.
Patient-driven interoperability
A traditional approach to interoperability is when the data is exchanged by institutions, and patients do not have any access to that data. However, a recent trend suggests that interoperability can be patient-driven (Gordon and Catalini, 2018). In other words, patients will be in control of their health records – they can view them, make additions, and share them with others. However, such an approach brings additional challenges in terms of privacy and security, required technology, and governance.
These issues have not yet been solved even for the traditional interoperability (McGhin et al., 2019). Blockchain, however, can be a suitable technology for such a use-case – this technology is tailored explicitly for data-sharing, resilience, security, and privacy (Iansiti & Lakhani, 2017). As a sole owner of health records, the patient should be able to manage digital access rules.
When the patient shares the data with healthcare institutions, health providers should only be able to access the data for a set period of time. In traditional information systems, these constraints would require the development of access token issuing and tracking system. In blockchain, however, this functionality is built-in because each block of data is encrypted with a one-way hashing algorithm. The patient will only have to issue a key with expiration time and share it with the health provider. Subsequent paragraphs provide additional details on how blockchain may facilitate patient-driven interoperability.
Traditional interoperability requires a sophisticated platform because the process has many collaboration points. The patient data should exist in several systems, and there should be a complex mechanism that governs the communication process. As the industry moves toward a patient-centered approach, however, the professional community may leverage blockchain to provide a platform for data exchange (Gordon and Catalini, 2018). Because the patients will be in control of their records, there will be no need for intercommunicating systems. Instead, there will be only one chain of blocks that patients have access to.
Managing digital access is a common problem for data exchange platforms, and blockchain may solve this challenge at an architectural level. Access rules related to patient records can be centrally managed in the blockchain. For instance, smart properties, like smart contracts, facilitate clean ownership, and the owner of that data can grant access rules to other parties (Crosby et al., 2016). More comfortable sharing and precise representation of owners on the blockchain are among the benefits.
Ease of data collection is another important feature of blockchain that can be beneficial for patient-centered interoperability. Because the data is managed by the patient, it is their responsibility to collect health data from different health providers (Gordon and Catalini, 2018). This task is challenging if the patient has to do it solely on their own, as they will have to access each provider’s system and retrieve appropriate records manually. However, blockchain is a shared platform by design, and providers can just broadcast a patient’s records linking this data to the patient’s anonymous identity (Gordon and Catalini, 2018). Digital access rules will ensure that only the user with the required identity can manage the uploaded data.
There are also other benefits, such as continuous availability of data, the presence of uniform patient identity, and immutability. Because data will exist on all machines participating in the network, the records are not tied to a single centralized database that may fail (Magyar, 2017).
There is no system that features universal patient identifiers; therefore, it is not trivial to combine health data from multiple sources (Gordon and Catalini, 2018). In the context of blockchain, however, identity can be tied to a user’s public key that is used to encrypt the data (Gordon and Catalini, 2018). Communicating entities will not need specialized mechanisms for resolving the patient object. Immutability provides not only security and integrity but also grants an opportunity to trace the origins of the data.
Security and Data Sharing
Searchable encryption
Secure transmission of health records is a paramount objective of any medical information system. Any leakage can compromise the privacy of patients and the confidentiality of the files. Current research includes attempts to implement a searchable encryption scheme to exchange EHRs safely (Chen et al., 2019). Researchers suggest that blockchain features the most suitable architecture for developing such systems.
However, instead of uploading the record themselves to the chain, only the search indexes are added to the chain, and the data is stored on a public server in an encrypted form. This unusual scheme allowed the authors to achieve faster record retrieval results while maintaining the security of data. As in patient-oriented interoperability, Chen et al.’s system (2019) required authorization from the data owner to access the records. The results of the experiment were positive because the system was proved to be efficient and feasible while meeting all the functional requirements.
Smart contracts fit excellently into the proposed scheme, as they may facilitate users in navigating the health records. Along with the indexes, data owners may upload complimentary smart contracts that show how to use indexes to search for required data. Indexes can be put inside these contracts to reduce complexity and increase the speed of search. The data be encrypted with asymmetric keys and safely uploaded to a public cloud.
To keep the system decentralized, the authors suggest a scenario where the data owner publishes the records to some distributed and peer-to-peer network, such as the InterPlanetary File System (Chen et al., 2019). The resulting system is not only searchable but encrypted, robust, resistant to failures, features high availability, and does not have a single-point-of-failure.
Secure data sharing
To implement a secure data exchange system, a number of requirements should be met. These requirements include verification of identity and authorization of multiple participants to the same data entity, secure storage, and transmission, managing access rights, data consistency, and modularity to facilitate further development. In their work, Zhang et al. (2018) address each one of these requirements and proposed an example implementation of such a system. The problem of storing health-related patient data is ubiquitous in the biomedical industry. Recent data leakages and information theft scandals serve as proof.
Even uploading EHRs to the cloud in an encrypted format has high risks because encryption algorithms may be hacked in the future (Zhang et al., 2018). With the development of new decryption methods, current security techniques may become obsolete (Iansiti & Lakhani, 2017). Therefore, the authors suggest keeping health records off the blockchain and only uploading reference pointers to the chain (Zhang et al., 2018). An additional level of protection can be added by implementing an expiration configuration, where the data owner chooses the period reference pointers are valid for.
Managing permissions is also a challenge in blockchain-based applications because conventional methods like OAuth are not suitable. They do not produce deterministic outcomes for other network nodes to check and verify. Zhang et al.’s (2018) solution to this problem resembles a token-based model through a “sign then encrypt” cryptographic method. For instance, if a patient wants to share their data with a health provider, he or she first signs the reference to that data with their private key and encrypts it with the recipient’s public key.
The recipient uses their private key to decrypt the data and verifies the source by applying the sender’s public key. This scheme works well when there is a need to see that the records were not tampered with, and to ensure that only designated recipients have access to the EHR.
Making new blockchain applications adhere to the healthcare industry’s data formats is not trivia, because different healthcare organizations have varying structures and formats to organize health-related information. However, as the researchers suggest, this problem can be solved with protocols and conventions that have been present for many years (Zhang et al., 2018). These conventions and rules include HTTP, JSON, and REST; other blockchain solution also rely on these fundamental protocols and standards (Angeles, 2018). There is a Fast Healthcare Interoperability Resources (FHIR) interoperability standard recommended by the authors (Zhang et al., 2018). It is suggested that enforcing FHIR will lead to more consistent efforts in developing EHR exchange platforms.
Keeping solutions modular and reusable is a general principle of high-quality programming in the software development society. It also applies to blockchain-based solutions because the development process may be eased if the components are reusable and feature simpler interfaces. Zhang et al. (2018) suggest adhering to the Model-View-Controller design pattern. This approach allows developers to write a backbone blockchain-based code once and provide different user interfaces to patients and other stakeholders.
In the MVC pattern, developers separate the application into several layers for modularity. In the context of healthcare solutions, the software is divided into entities, business logic, persistence, controllers, and views. Entities layer holds data structures that are used throughout the application and are persisted in the chain. This information could be the exchanged data, users, and pointers to data blocks on the chain. Business logic is comprised of smart contracts that interact with entities to perform certain functionality.
Persistence deals with how the data is stored in the blockchain. Controllers interact with the business logic and formats the data according to the requirements of the data requester. Views are what consumers of the data see – user interfaces and client applications are example implementations of Views layer.
Privacy preservation in wearable health devices
The notion of Internet-of-Things (IoT) is generally related to drones and other internet-connected consumer devices. However, in the contemporary healthcare industry, IoT serves a much more critical purpose. Various smart devices may report health-related information to the owner. Heart rate monitors and blood pressure devices report vital data to doctors and other medical personnel. Because of this ubiquitous collection of sensitive data from the patients, it is imperative that privacy is preserved. Hassan, Rehmani, and Chen (2019) provide a notable paper to present challenges related to the privacy of patients and possible solutions for overcoming the issues.
Because single IoT device does not possess enough processing power for the PoW consensus mechanism, mining happens collectively. To control the network, at least 50% of mining power should be owned (Hassan et al., 2019). Malicious users may launch a Sybil attack by exploiting this feature of the PoW mechanism – attackers create as many fake nodes as possible to control the network and gain access to personal information. Researchers propose using sophisticated algorithms, such as NetFlow, that calculate the trustworthiness of participating nodes, to mitigate the consequences of Sybil vulnerability. However, the authors recognize that research is needed to implement a comprehensive solution against Sybil attacks.
As the industry is moving toward blockchain-based applications, there is a need to connect IoT devices to the chain. The first challenge is developing an appropriate implementation of continuous data transfer because most wearable devices provide real-time data. The second concern is about securely keeping that information because, on public networks, any malicious user can attack the nodes and get access to private data (Iansiti & Lakhani, 2017). Previously mentioned encryption strategies might be suitable for this scenario, too, but with particular side effects.
Encrypting the data prior to transmission is probably the most effective way of preserving privacy. In the context of blockchain and patient-oriented interoperability, the patient chooses who gets access to the information from wearable devices. Hassan et al. (2019) suggest an approach where, for instance, a heart rate monitor, obtains physiological signals from the patient, encrypts the messages with a one-way algorithm, and only then broadcasts them to the network. However, it should be noted that any encryption and decryption comes at the cost of additional processing power. Therefore, developers should consider the trade-offs between privacy and the price of encryption.
Examples
Patientory
The blockchain-based solution from a SaaS company with the same name, Patientory, is a platform for accessing, storing, and sending health-related information. This solution can be used by patients, clinicians, and medical providers to increase the quality of coordination between healthcare participants (Angeles, 2018). It is very suitable for exchanging EHRs because it integrates easily with various database systems, such as Allscripts, Cerner, and Epic (Angeles, 2018). There is a companion mobile application that can be used to collect information from sensors and fitness trackers.
Patientory was developed to overcome the current challenges of the healthcare system in the United States. Many EHR systems are isolated and centralized, posing a hindrance to interoperability (Angeles, 2018). These problems are solved by Patientory acting as an intermediary between EHR systems. The functionality is architecturally divided into three parts – encrypted middleware for transaction exchanges, a storage system that meets HIPAA requirements, and an API (Angeles, 2018). The resulting software is robust, reliable, and convenient to use.
There is an internal token called PTOY to support the network’s operation. All purchases and subscriptions are based on this digital token. Upon initial registration, a patient is given a pre-defined amount of space for storing health data (Angeles, 2018). Additional PTOYs must be purchased to gain access to more storage capacity. Since Patientory is based on Ethereum, it supports smart contracts, and organizations may acquire PTOYs to run custom contracts on Patientory’s network. The company also uses machine learning algorithms to detect patterns in population health by aggregating the data stored in the system and running analyses (Angeles, 2018). They may provide such services to external organizations or researchers who are interested in population health.
Pharmacosurveillance blockchain system
One of the critical problems directly affecting patient outcomes and the healthcare industry as a whole is drug counterfeiting. The percentage of counterfeit drugs in the market may reach 30% (Sylim, Liu, Marcelo, & Fontelo, 2018). As an attempt to mitigate this issue, Sylim et al. (2018) developed a blockchain-based solution for detecting falsified pharmaceuticals in distribution. The output system can be viewed as an intervention strategy that targets the drug supply chain.
The solution is a distributed application that is powered by the Ethereum blockchain. A distributed file system is used for storage and back-end operations (Sylim et al., 2018). The network, however, is not public as the solution is designed for private use. Smart contracts are used extensively for developing business logic and other functionality. Ethereum, by default, uses proof-of-work as a consensus mechanism, but it requires a large amount of processing power.
For optimization purposes, the pharmacosurveillance system uses a delegated proof-of-stake mechanism (Sylim et al., 2018). Some other strategy, such as a practical Byzantine fault tolerance algorithm, can also be used. The system is being proposed for government agencies that are responsible for drug administration. Among the first adopters is going to be the Philippine FDA. The authors intend to engage the agency in the formulation of policies and implementation at a national level.
The solution is designed to detect five types of anomalies in the drug supply chain operations. These are missing nodes, distribution chains that failed to complete after a predefined threshold, incorrect node certificates, presence of unregistered products, discrepancies in a data point, and aberrations in timestamps (Sylim et al., 2018). Despite being a promising solution for alleviating the effects of drug counterfeiting, such a system is not accessible for adoption (Sylim et al., 2018). It may significantly disrupt drug supply chains in developing low-income countries. The primary reason is that it requires a regulatory agency, such as the Food and Drug Administration, for proper functioning. Suitable national laws regarding drug supply chains are also necessary.
MIStore
In the field of health insurance, there is a platform called MIStore, which stands for Medical Insurance Storage System. It was proposed by Zhou et al. (2018) as an example of a highly credible and tamper-resistant platform for insurance companies, patients, and hospitals. At its primary state, hospitals and insurance companies can use the system for mortgaging, sharing spending records of patients, and paying hospitals.
Because the system is based on blockchain, transactions are used for exchanging information. Smart contracts are also applied for publishing a certain amount of coins that are guaranteed to be mortgaged by a participating hospital. After mortgaging, the system may be used in an eight-step process. First, the hospital initializes a transaction and sends it to the blockchain. The system has trusted record-nodes that verify each message before adding them to the tail of the chain. After the operation is added to the chain, the system’s servers perform additional verification. If the check fails, the hospital’s smart contract receives a message with related evidence.
Otherwise, the hospital may proceed with sending record-transactions that contain information on patient’s spending. Each spending record is associated with a unique invoice number. As the next step, the patient verifies whether the spending data provided by the hospital is accurate. At this point, the network can be queried by the insurance company. The servers send a response containing the total spendings of the patient.
Despite having a straightforward scheme of use, MIStore may be attractive to related stakeholders because it is a blockchain-based solution, which means it features security, tamper-resistance, immutability, and high availability. Its performance directly depends on the type of blockchain used – the authors’ choice was Ethereum, but a different platform might be more suitable (Zhou et al., 2018). However, at its basic configuration, MIStore delivers satisfactory results.
Potentials
Favorable Patients’ Perspectives
The current challenges of the healthcare industry are well-known and very popular in public media. The primary purpose of the new technology that is being introduced to healthcare is to decrease cost, minimize human errors, and facilitate interoperability between healthcare providers, patients, and regulating entities; improving patient outcomes is also vital (Plantier et al., 2017). However, various challenges emerge when pursuing these aims – lack of patient control, security risks, privacy, and lack of transparency in the system’s operations. Blockchain technology has the potential to address all these challenges successfully.
Prior to the study conducted by Esmaeilzadeh and Mirzaei (2019), there was not much information on what patients think about blockchain and its potential benefits. The study results show that patients do not have a uniform attitude toward current health information exchange mechanisms. The significant portion of the respondents, however, indicated that they support the development of blockchain-based applications, because they enhance privacy protection, ease coordination, and make information sharing processes more convenient (Esmaeilzadeh & Mirzaei, 2019). These findings should serve as a motivation for both academic researchers and field practitioners.
Patients are generally skeptical when sharing sensitive information with electronic systems. However, blockchain systems have the potential to change it, because the significant portion of the respondents said they are likely to share their data if the platform is based on blockchain (Esmaeilzadeh & Mirzaei, 2019). Furthermore, most people believe that such applications alleviate privacy concerns and facilitate trust between patients and health providers (Gordon & Catalini, 2018). This finding indicates that blockchain can facilitate the adoption of EHR systems because more people will be willing to opt-in.
Reducing Costs
Blockchain can serve many purposes, and different applications usually target only a sub-portion of all goals. For instance, the most feasible goal to achieve is probably the reduction of costs related to intermediaries and transactions (Iansiti & Lakhini, 2017). Automating some of the processes with smart contracts may also bring benefits in terms of lower expenditure. With the help of this automation, a level of administrative burden can also be decreased.
One of the reasons why healthcare costs are high in the United States is because people choose the most expensive insurance provider because they lack information about alternatives. Hospitals, in turn, charge more money, and the amount of copay rises for patients. An open blockchain network can be used to keep prices transparent and allow people favorable economic choices. Price-transparency can be reached by integrating full audit trail functionality of blockchain to health provider’s supply chain. As people will have more knowledge and opportunity to choose between available options critically, the competition will make prices decrease.
Another point where costs can be decreased is the elimination of insurance payers – almost all of them are for-profit companies and are supporters of higher healthcare service prices. For instance, blockchain may allow individuals to form groups and report better deals on insurance. In turn, the system would reward the individual for making a smarter choice.
Professional Credentialing
Blockchain may benefit not only patients and health providers but also medical licensing organizations. Currently, most of the systems used for managing competencies of healthcare workers and verifying their degrees run on outdated platforms (Mackey, 2019). To support these systems, organizations suffer from avoidable expenses and operational inefficiencies. Dishonest applicants worsen this situation – it was reported that 28% of job candidates claim unearned degrees and academic achievements (Mackey, 2019).
Blockchain has significant potential in this area because decentralized and immutable systems will provide organizations verifiability of records, including educational credentials. Blockchain can be used to build a single system that holds information about every person entering the healthcare industry. The system will have data on education history, professional career, where the individual worked, and what feedback he or she received. This information would deprive job applicants of an opportunity to provide invalid data because transparent details through the blockchain system would be available for employers to check.
Biomedical Research
In academic research, blockchain may solve a number of current challenges. These problems are related to the integrity of data and their authenticity, participants’ consents, the privacy of data, information exchange, and provenance (McGhin et al., 2019). There is also a belief that blockchain can facilitate the efforts toward open science, which is comprised of transparency of scientific knowledge and enhanced accessibility to the latest findings (Mackey, 2019).
However, many people are still skeptical about the practical benefits of blockchain in the research field. Only empirical studies are able to show whether there is a significant difference between blockchain-based research and traditional approaches. However, immutability and verifiability offered by blockchain are exemplary for recording and storing the results of experiments, as well as their verification by other groups of researchers. In addition, the scientific publications themselves can be stored in the same way, which will speed up the release of new scientific works and protect scientists from fears that their discoveries might be stolen by someone else.
In theory, this will help quickly identify dishonest individuals and reward the most successful scientists. It will also allow for a more accurate calculation of their ratings and evaluation of the quality of their work.
Clinical Trials
Eliminating intermediaries can also enhance the process of clinical trials. In such a case, stakeholders can be placed into a decentralized network that features immutability, verifiability, transparency, and trust (Mackey, 2019). This approach would allow the clinical trial sponsors to reduce the costs, and subjects and investigators to have more convenient access to data and trace it when needed. Some of the most critical issues in clinical trials are maintaining patient consent, recruitment of subjects, management of clinical trial data, and provenance for regulatory purposes (Mackey, 2019). Each of these challenges can be solved by implementing a blockchain-based solution.
The most significant stakeholders in clinical trials are patients, but when they leave the test, they rarely have access to results and conclusions. Uploading the data to the blockchain will ensure that the patient has access to information during and after the trials. Also, because the patient’s EHR will also be on the chain, the recruitment process could be enhanced because suitable candidates would be offered to recruiters automatically.
Challenges
Identifiability
One of the challenges is the ability of blockchain network participants to have multiple accounts, which decreases the identifiability. However, the Office of the National Coordinator for Health Information Technology requires all healthcare participants in the United States to be identifiable (Zhang et al., 2018). This requirement creates a challenge of implementing a separate user base that is different from blockchain-provided identities. The use of digital health identities can solve the problem – the system should provide both the public and private keys to healthcare participants who passed verification (Kuo et al., 2017). Public keys denote patients, and private keys grant access to the EHRs of those patients.
Security
Despite bringing many benefits in terms of security and privacy, challenges are related to these factors. The architectural design of blockchain is prone to several security vulnerabilities. These risks include distributed denial-of-service (DDoS) attacks, double-spending attacks, selfish mining, difficulty raising, and others (Hussien et al., 2019). Proposed consensus mechanisms, such as PoW and PoS, are not significant factors when battling these threats, because current consensus models are designed for different purposes (Baliga, 2017).
For instance, DDoS is not aimed at compromising information, but at creating service outages, up to the complete inaccessibility of the resource. This can be done by issuing a high number of fake transactions. Because of their fraudulent nature, these transactions will not be included in the blocks, but network nodes will have to perform PoW on this data also. It will lead to a waste of computational resources and degradation in the convenience and speed of the system. A more favorable solution is to develop a protocol with appropriate countermeasures (Hussien et al., 2019). However, implementing such a complex low-level protocol requires tremendous amounts of resources, both in terms of money and time.
Privacy
Distributing identifiable data on the blockchain is not recommended because such data is considered to be sensitive. This limitation creates a challenge for health providers because they need to associate a health record to a specific person in order to provide personalized services (Hussien et al., 2019). There should be a mechanism that maps EHRs with patients while maintaining privacy and there are no perfect solutions that offer such functionality yet (Mackey et al., 2019).
Any mistake in the implementation may lead to massive data leakages and theft of confidential information. The systems must also stay convenient for use because mass adoption is not possible without this factor. One of the potential solutions is to keep identifiable information off-chain and instead upload pointers. However, deciding on where this data will reside is another obstacle, because both patients and healthcare providers need to access this information. If patients hold this data, they will become targets for social engineering attacks. If this data is held in the hospital’s servers, data theft may occur as a result of a cyberattack.
Processing Power Limitations
Most of the wearable and other medical devices are not robust in terms of CPU speeds and the amount of available RAM. Therefore, much of the sophisticated algorithms required to access a blockchain network cannot be used in such devices (Hussien et al., 2019). For instance, a simple encryption of data using SHA-256 may need substantial amount of time for an IoT device to complete (Iansiti & Lakhini, 2017).
Signals from IoT devices should travel instantly because they are part of a real-time system that is necessary for tracking critical indicators. However, leaving these data collection methods out of the chain may undo the benefits proposed by decentralized applications (Hussien et al., 2019). In such a scenario, medical devices are connected to traditional centralized databases, while EHRs are referenced on the chain. Inconsistent performance because one part of the system works faster, security holes because developers should ensure the interoperability of two completely separate systems, and inconvenience in both development and use are only a portion of consequences.
Storing the full blockchain on an IoT device is also not possible because of limited storage. The challenge can be overcome by increasing the computational capacity of medical devices. However, this approach would drastically increase the cost of the equipment.
Storage and Scalability
General principles of blockchain dictate that each participating node holds a full copy of the history of transactions. However, this approach is not feasible because much of the devices that collect information and are to send this data to the chain do not have such large storage capacities. The information on the chain may be immutable and verifiable, but storage requirements may undermine all these benefits. For instance, if the hospital has thousands of IoT devices that collect medical data, each of the nodes will have to hold a full copy of the blockchain. Scalability is also a challenge because of computational and storage needs.
Currently proposed solutions have only been tested on small sets of data and using a limited number of nodes (Mackey et al., 2019). As the number of participants grows, so will the volume of generated data. A high number of participants may lead to increased network latencies and lower throughput. A high level of network latency is unacceptable because much of the devices should provide real-time data. If a single device fails to deliver the required information, it could lead to critical consequences and threats to human life.
Conclusion
Blockchain gained acclaim in the financial industry because of popular cryptocurrencies, such as Bitcoin, Ethereum, and Ripple. However, in recent years, it has been introduced to various fields, including government, multimedia, and education. The healthcare industry is also attempting to leverage the benefits offered by this technology. Key advantages of using blockchain in healthcare, along with potential drawbacks and prospects, were covered in this paper.
There is a number of successful implementations of blockchain-based healthcare applications. As research in the area of blockchain and healthcare advances, the adoption of this technology by the industry will spread as well. As the trend continues, so will the adoption of healthcare solutions based on blockchain. The decrease in costs of electronics and processing power will allow all medical devices to become part of the chain in the future. Researchers are likely to find solutions to current challenges of using blockchain in healthcare because the effort is ubiquitous, and the importance of this technology and potential benefits it may bring to the health industry are recognized by the majority of big companies and institutions.
References
Angeles, R. (2018). Blockchain-based healthcare: Three successful proof-of-concept pilots worth considering. Journal of International Technology and Information Management, 27(3), 47-83.
Baliga, A. (2017). Understanding blockchain consensus models. Web.
Cachin, C. (2016). Architecture of the hyperledger blockchain fabric. In Workshop on distributed cryptocurrencies and consensus ledgers (pp. 4-7). Zurich, Switzerland: IBM Research.
Chen, L., Lee, W. K., Chang, C. C., Choo, K. K. R., & Zhang, N. (2019). Blockchain based searchable encryption for electronic health record sharing. Future Generation Computer Systems, 95(1), 420-429.
Crosby, M., Pattanayak, P., Verma, S., & Kalyanaraman, V. (2016). Blockchain technology: Beyond bitcoin. Applied Innovation, 2(1), 1-19.
Esmaeilzadeh, P., & Mirzaei, T. (2019). The potential of blockchain technology for health information exchange: Experimental study from patients’ perspectives. Journal of Medical Internet Research, 21(6), 1-24.
Gordon, W. J., & Catalini, C. (2018). Blockchain technology for healthcare: Facilitating the transition to patient-driven interoperability. Computational and Structural Biotechnology Journal, 16(1), 224-230.
Hassan, M. U., Rehmani, M. H., & Chen, J. (2019). Privacy preservation in blockchain based IoT systems: Integration issues, prospects, challenges, and future research directions. Future Generation Computer Systems, 97(1), 512-529.
Hussien, H. M., Yasin, S. M., Udzir, S. N. I., Zaidan, A. A., & Zaidan, B. B. (2019). A systematic review for enabling of develop a blockchain technology in healthcare application: Taxonomy, substantially analysis, motivations, challenges, recommendations and future direction. Journal of Medical Systems, 43(320), 1-35.
Iansiti, M., & Lakhani, K. R. (2017). The truth about blockchain. Harvard Business Review, 95(1), 118-127.
Khezr, S., Moniruzzaman, M., Yassine, A., & Benlamri, R. (2019). Blockchain technology in healthcare: A comprehensive review and directions for future research. Applied Sciences, 9(9), 1-28.
Kuo, T. T., Kim, H. E., & Ohno-Machado, L. (2017). Blockchain distributed ledger technologies for biomedical and health care applications. Journal of the American Medical Informatics Association, 24(6), 1211-1220.
Mackey, T. K., Kuo, T. T., Gummadi, B., Clauson, K. A., Church, G., Grishin, D.,… Palombini, M. (2019). ‘Fit-for-purpose?’–challenges and opportunities for applications of blockchain technology in the future of healthcare. BMC Medicine, 17(68), 1-17.
Magyar, G. (2017). Blockchain: Solving the privacy and research availability tradeoff for EHR data: A new disruptive technology in health data management. In 2017 IEEE 30th Neumann Colloquium (NC) (pp. 000135-000140). Budapest, Hungary: IEEE.
McGhin, T., Choo, K. K. R., Liu, C. Z., & He, D. (2019). Blockchain in healthcare applications: Research challenges and opportunities. Journal of Network and Computer Applications. 135(1), 62-75.
Plantier, M., Havet, N., Durand, T., Caquot, N., Amaz, C., Biron, P.,… Perrier, L. (2017). Does adoption of electronic health records improve the quality of care management in France? Results from the French e-SI (PREPS-SIPS) study. International Journal of Medical Informatics, 102(1), 156-165.
Sylim, P., Liu, F., Marcelo, A., & Fontelo, P. (2018). Blockchain technology for detecting falsified and substandard drugs in distribution: pharmaceutical supply chain intervention. JMIR Research Protocols, 7(9), 1-12.
Zhang, P., White, J., Schmidt, D. C., Lenz, G., & Rosenbloom, S. T. (2018). FHIRChain: applying blockchain to securely and scalably share clinical data. Computational and Structural Biotechnology Journal, 16(1), 267-278.
Zhou, L., Wang, L., & Sun, Y. (2018). MIstore: A blockchain-based medical insurance storage system. Journal of Medical Systems, 42(149), 1-17.