Background
What is it Trying to Solve?
How to make sensitive personal health data shareable and interoperable while keeping health data private and secure? How to make a system that is scalable and auditable at the same time in a decentralized structure? Simply, it’s the quest of achieving all of the following attributes in a system without compromising one’s standards over another:
Abstract
With different providers and diverse markets, healthcare solutions have become increasingly fragmented. Thus, a truly decentralized, secure, and permissionless Healthcare Infrastructure continues to be a holy grail in the healthcare ecosystem. The pursuit of data privacy and security, which are of utmost importance, is also what makes it very difficult and challenging to make data more interoperable and shareable across different providers.
Over the last few years, there were experimental attempts to address this concern using blockchain technology. However, blockchain, despite showing potential, still falls short given its limitation on scalability, privacy, and auditability. If every healthcare transaction is placed in the chain, for example, this will be resource-intensive. Furthermore, blockchain’s ‘transparent, anyone can see’ setup becomes a liability to some degree as data privacy can never be compromised at any rate. Simply put, blockchain needs an additional element to optimize its power.
We propose Hippocrades - a solution that intends to finally resolve this dilemma. First, by adding a zero-knowledge proof cryptographic protocol on top of blockchain: addressing security, privacy, and scalability. Second, by providing healthcare applications and tech infrastructure designed for Web 3.0: any health system providers can easily utilize to create or augment their existing solutions making them secure, compliant, interoperable, and integrable in the blockchain. Third, by setting it up as a Decentralized Autonomous Organization (DAO): governed by set rules in a smart contract that is transparent and controlled by the organization members.
Hippocrades is beyond just a concept. Its three (3) technologies are already existing as presented here.
Data Breaches
Health Information Exchange (HIE)
Many studies have shown the enormous benefits of having a Health Information Exchange (HIE) - from the improvement in the quality of care, better healthcare delivery, increased safety, elimination of duplicate testing, to the reduction of healthcare costs.
An HIE allows the exchange of healthcare information electronically from one organization to another among different information systems. The demand for this is growing along with nationwide efforts to improve the quality, safety, and efficiency of health care delivery. The supposedly efficient, timely, and safe access and retrieval of health data bring about the many advantages of having such a platform.
In the US, meaningful use requirements, new payment approaches that stress care coordination, and federal financial incentives drive the interest and demand for health information exchange.
For many countries, especially the emerging ones, implementing an HIE is still a far cry from reality. This is because of the many significant challenges in building one, such as standardizations, at-scale interoperability, data security, data privacy, data integrity, identity assurance, risk management, and auditability. Even for developed countries that have taken big steps toward this direction, there are still ongoing obstacles in achieving the intended setup.
Simply put, having a decentralized, secure and permissionless Health Information Exchange (HIE) platform has always been quite an impossible goal. Most, if not all, of the existing HIEs now, while functional, still have not fully addressed the security and trust concerns. On top of this, there are apprehensions of private data being managed on a centralized platform by a single organization.
HIE in Blockchain
The advent of Blockchain technology has brought much potential to stamping out these challenges. In 2016, different whitepapers were submitted in the Healthcare Blockchain Challenge by the US Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The papers were from reputable organizations that provided sound concepts and ideas on the uses and benefits of blockchain and how it can be integrated in achieving a decentralized healthcare infrastructure.
It was emphasized that blockchain technology would change the model for engaging with and governing a Health Information Exchange giving patients more control over their healthcare information. And since records are guaranteed to be cryptographically secure, there is no possibility of bad actors threatening data integrity. Fraud and abuse are reduced with blockchain-timestamped protocols and blockchain-enabled traceability and accountability allowing health providers to share networks without compromising data privacy, security, and integrity.
In addition, a blockchain-powered health information exchange could unlock the true value of interoperability. In this interoperable blockchain, smart contracts can be created to a Hub as the gateway to store standardized information, which can be immediately accessible to all organizations allowed by the blockchain. This can be accomplished by creating an application program interface (API) oriented architecture to feed the smart contract. The APIs will be published and made available to all participating organizations connected to the blockchain – enabling frictionless integration with each organization’s existing systems.
Capitalizing on this technology has the potential to connect fragmented systems to generate insights and to better assess the value of care. In the long term, a nationwide blockchain network may improve efficiencies and support better health outcomes for patients.
Indeed, there is no lack of literature pointing out the numerous opportunities of blockchain in healthcare. Concepts including frameworks have been provided on how it can be set up.
Today, while there have been attempts to implement these ideas, an effective, decentralized, secure, trustless HIE platform and healthcare infrastructure have yet to emerge. This is primarily because of the limitations that decentralized ledgers supporting rich applications create: scalability, privacy, and auditability.
Fortunately, a cryptography method that has found its way to blockchain, called Zero-Knowledge (ZK) Proof, a protocol, where prover (A) can prove that A knows information X to a verifier (B) without sharing any other knowledge to B other than that A knows X.
Popularized and deployed by Zcash, this indeed may be the missing piece to address these concerns and finally fully optimize blockchain’s potential.
Health Infrastructure
As an important aside, designing and building this decentralized HIE is only a part of the pie, albeit a big one at that. It necessitates looking at the macro view of the ecosystem’s healthcare infrastructure in general. This is to discover if there are other gaps in the processes that need to be addressed. The sector is a deluge of different markets with varying needs resulting in numerous providers creating independent solutions to these differing requirements.
First, the availability and effectiveness of Health Information Systems and solutions (such as Electronic Health Records or EHR) used by the health facilities are in various stages. Many are still using old technologies that are neither interoperable nor compliant with today’s standards. Some health facilities do not even have their own EHR applications while some use systems that lack important modules and functionalities. Second, all these health information systems, as they integrate with the HIE, should comply with standards so as not to compromise security, privacy, and auditability. Currently, not all industry-set standards are met.
Furthermore, the main point of having an HIE is to centralize the exchange of transactions, but aggregating all these under one platform and organization does not lead to a decentralized approach. Why? Because of the hesitation and resistance of giving this responsibility to one single entity. There are trust issues with providers, transparency and integrity of the application, and the potential vulnerability to attacks.