HealthManagement, Volume 19 - Issue 1, 2019

img PRINT OPTIMISED

Blockchain revolutionises data security, research and monetisation

Blockchain can provide the backbone for a health data infrastructure that enables patients to control and benefit financially from their health data.


The power of health data 


The tsunami of personal data brought about by the digital revolution now extends far beyond consumer preferences, as monetised by Facebook, Google and the likes. As life sciences merges with information technology, our most precious health data is also being digitised. In the last 10 years, quantified health has gone from electronic medical records to massive DNA or microbiome sequencing. The Precision Medicine Initiative launched in 2015 prompted the National Institute of Health to create a research cohort gathering all available data for one million people, allowing scientists to explore why people get sick or stay healthy. With similar ambitions, Verily Life Sciences’ (formerly Google Life Sciences), Project Baseline collects phenotypic health data from approximately 10,000 participants over four years to identify tipping points in the transition from health to disease. These initiatives are paving the way for better diagnosis, preventative alerts and more personalised treatments. 

Beyond research, this new wealth of data is being used by the Food & Drug Administration (FDA) to modernise how it monitors the safety and efficacy of new products. The FDA’s commissioner Scott Gottlieb laid out a clear policy for the agency in 2018: “we are expanding the opportunities for digital health tools to become a part of drug review, to couple these capabilities to drug delivery to form a drug delivery system.” 

But to fulfill the outstanding promise of digital health, we must still trust third parties with our most intimate data. Of course, regulations exist to protect our privacy. In the U.S., the Health Insurance Patient Portability and Accountability Act (HIPAA), was enacted in 1996 to secure the confidentiality, integrity, and availability of electronic Patient Health Information (ePHI). HIPAA imposes technical safeguards and processes to restrict access to data, avoid or report any disclosure. But HIPAA compliance is mostly self-declared, and providers share information freely with third parties, provided they sign a Business Associate Agreement. This transfers responsibility to third parties, but it does not extend controls. Most startups analysing ePHI on behalf of providers will say they comply with HIPAA. Few are ever audited. 

Blockchain’s privacy promise


It should come as little comfort to patients that unauthorised access to ePHI is commonplace. The numbers are staggering. HIPAA breaches affected more than 5 million patient records in 2017, 27 million in 2016 and more than 100 million in 2015. More than a third of medical records have been compromised in the last five years, mostly because of insiders mishandling our data. With such figures, and lack of trust undermines the very willingness of patients to share sensitive information with care providers. Because the laws that try to protect our privacy have essentially failed to achieve desired results, we urgently need to invent tools that let patients become the custodians of their own data. The good news is that this is exactly the value proposition of Blockchain for healthcare. How does it work? Today, no patient knows where his health data goes for lack of access to transaction logs ie who shares what with whom. By distributing ledgers of transactions across all participants (nodes) in a given network, Blockchain essentially creates trust by design. Indeed, no participant of the network can falsify the log, because a consensus algorithm reconciles the information across nodes, spotting any discrepancy. This means each participant, ie patient, knows at all time what happens to his data. It also offers a way to share the same information with all stakeholders in real time, fine-tuning who has access to de-encrypted data.

To avoid any misconception, only the information on the Blockchain is public, ie the index of what data is shared with whom. Sensitive patient data, however, can stay off-chain, secured in HIPAA compliant clouds, in accordance with legal requirements. Transparency with Blockchain technology is a first step to allowing patients own their data.

Revolutionary elimination of the third party 


Ownership goes beyond controlling how data is shared. It involves appropriation of data as an economic asset. But today, our records are being sold without patient buy-in. Typically, when life sciences companies investigate a particular disease, they are required by regulators to benchmark the efficacy of new treatments or monitor the safety of new. Studies are slow and expensive. Brokers will buy datasets from hospitals and pharmacy chains, and resell it to pharma, for what constitutes a $15 billion business. The emergence of new digital platforms has created new ways to acquire medical records. For instance, when Roche bought Flatiron (a software vendor that tracks cancer data) for $1.9 billion, it got hold of the complete medical history of 200 thousand patient records. This valued each record at nearly $10,000. Even if pharmaceutical companies have good reasons to acquire these datasets, ie accelerate the discovery of new treatments, patients never get a single dime for their own data. Here, Blockchain opens up a revolutionary possibility: for the first time, individuals will be able to own their digital assets. Quite simply, distributed ledgers eliminate the need for a third-party reseller. It makes it possible to automate payments in cryptocurrencies via smart contracts. A person can be paid for giving his consent to his data being aggregated within a cohort. 

Data as ‘Information Age’ oil 


The technology is here. Now, the law must also evolve to treat personal data-like property, much in the same way that it evolved to create real estate laws when land was the prime asset, and to invent intellectual property and finance during the industrial revolution. This would secure equitable trade for the Information Age’s new "oil". Citizens should be able to grant licenses on their data for specific purposes and be compensated with royalties. This would also mean outlining the difference between data that cannot be sold, for instance one’s name or age, and that which represents an economic asset In healthcare, the stakes far exceed the business of selling health data, even though the possibility of compensating patients does offer a promising new way to reduce their economic dependence. Pricing data provides unprecedented transparency, as opposed to current-day opacity. More importantly, giving patients access to a marketplace where their health data could be funneled into clinical research expands their medical options. This is especially true for rare diseases, where wider access to data is acutely needed, and holds the potential to radically accelerate the development of treatments, and monitor their effects in real time.

Key points

  • Health data is used for health and drug safety purposes, amongst other research 
  • Unauthorised access to health data is commonplace
  • Patients rarely know how their health data is used and monetised
  • Blockchain provides framework for patient control over data
  • This increases monetisation opportunities for patients and greater access to medical options