Blockchain technology has been touted as an important innovation when it comes to storing and securing data, which abounds in healthcare. Some experts say the technology could help facilitate the creation of a more comprehensive, secure and interoperable repository of health-related information.
Many healthcare organisations in Europe are eager to use blockchain; however, they are wary of complications over how to protect data while using it under the latest law, the General Data Protection Regulation (GDPR).
You might also like: Smart contracts in healthcare
Indeed, the European Union Blockchain Observatory & Forum has acknowledged that there are ongoing "tensions" over the issue of data privacy and use blockchain under GDPR, which took effect in May 2018. GDPR is designed to reach a balance between keeping data secure while still allowing its free movement.
The problem, as noted by the forum in its recent report, is that the law was crafted while blockchain was evolving, and therefore was based on the linear flow of information between providers and users. Since blockchain is based on the decentralisation of data, interpretation of GDPR in relation to the use of blockchain, becomes difficult.
"There is no such thing as a GDPR-compliant blockchain technology," the report says. “There are only GDPR-compliant use cases and applications.” The report also points out that many of the GDPR’s requirements are easier to interpret and implement in private, permissioned blockchain networks than in public networks that don’t require permission.
The forum provides these tips for using blockchain while being able to comply with the requirements of GDPR:
• Start with the big picture. Determine how the user value is being created, how the data is being used and whether blockchain is really needed.
• Avoid storing personal data on a blockchain. Make full use of data encryption and aggregation to make the data anonymous.
• Collect personal data off-chain. Or, if the blockchain can’t be avoided, collect personal data on private, permissioned blockchain networks. Consider personal data carefully when connecting private blockchains with public ones.
• Continue to innovate. But, be clear and transparent as possible with users.
Source: EU Blockchain Forum
Image credit: Pixabay