Blockchain in Heathcare – are standards needed?

Last weekend, in the lead in to HIMSS in Las Vegas, several of the FHIR team met with a number of block chain specialists, most particularly including David Huseby from the Hyperledger project at the Linux Foundation. We discussed various use cases for use of blockchain, with the intent of understanding what – if anything – HL7 should do to support blockchain adoption through the standards process. During an open and wide-ranging discussion, several of us came to the following consensus about the use of blockchain in healthcare (and we thank David greatly for his assistance).

Legal Assurance on Audit Trail

The first use case we recognised where blockchain has an obvious and appropriate usage is to provide strong legal assurance that an audit trail has not be tampered with. There’s all sorts of functions that a healthcare provider carries out where they may eventually be asked to provide evidence concerning past actions, and where there is a need to demonstrate that the audit trail has not been tampered with – and that includes against tampering by the system administrators themselves (that’s a very real concern – highly authorised insiders are the most likely attackers on the audit trail). If the audit trail is kept in electronic form, the only IT resource I know of that is proof against this level of attack is a distributed block chain where the system administrators don’t have total control of all the nodes.

There’s any number of compelling use cases for this in healthcare:

  • Compliance with GPDR removal-of-data requests
  • Keeping records around infection control
  • Keeping records involving cases of sexual abuse or other criminal behavior
  • etc

Technically, this is a really unchallenging use of blockchain – the head that creates blocks is completely trusted, so there’s no need for any form of voting/contest creating new blocks (e.g. no energy penalty cost for mining). And the audit trail only needs to contain encrypted copies of the actual records (or, alternatively, hash values for the records, though this introduces uncertainty around keeping hash methods constant over a period potentially spanning decades – though simply encrypting the records just moves the instability of system/version rot around). All the institution needs is one or more partners that can support the blockchain – it can be either private or public.

In fact, given how compelling this use case, it’s surprising that there isn’t commercial escrow type services simply hosting blockchains as a business service (at least, we didn’t know of any such service). It’s something that should be pretty easy to turn into a commodity using something like hyperledger, and there are strong reasons for healthcare providers to pay attention to storing these kinds of records really well.

Of course, this use of block chain is hardly scratching the surface of what block chain can do.

Need for Legally Established Trust

There’s lots of proposals floating around for using blockchain to create new trust arrangements. But whenever we considered actual use cases, we kept finding that in healthcare, any sharing of information, or delegation of trust or responsibility from one party to another starts in a closed regulated system, loaded with legal liability etc. You can’t begin to share information until you’ve established the legal basis for trust by contract – legal agreements and business agreements. And once you’ve established all those agreements, you don’t actually need a block chain – you can just have a central managed database by some consortium or foundation that acts on behalf of it’s members. This is a classic well established pattern in healthcare (see under Commonwell and Carequality – there are many others).

So, in practice, the need for legally established trust in a closed system turns out to mean that many of the proposed uses for blockchain involve quite a lot of hype.

But not all of them. For a start, while you’re going through the negotiations to set up such a consortium agreement, the fact that all the information associated with the agreements will be provably shared amongst all the participants can make it much easier to set up agreements that involve potential commercial benefit to one advantaged player… and I’ve seen several otherwise very useful initiatives flounder on this point.

And given my first law of interoperability – it’s all about the people – that means that blockchain turns out to be potentially pretty useful for interoperability after all, as a tool for changing how people think.

In fact, even just mentioning blockchain right now gets people’s attention – that’s a clear use case for using it, even when there’s no technical merit to the use of block chain directly.

Clinical Credential Tracking

We did discuss one very specific use of a public blockchain where it appears to be very useful – clinical credential tracking in USA. So it was somewhat ironic to see this headlines in USA Today today:


Standards Support for Blockchain

The upshot of all this is that it’s not at all clear that there’s any need for HL7 to work on blockchain related standards. We’re mainly going to sit back and watch this space and observe to see whether any compelling use case for standardization emerges – because it hasn’t yet (a compelling use case for standardization needs much more than just a compelling business use case for use of blockchain). But we are going to investigate 2 things:

  • Is there anything useful we should do about creating standard ways to create function specific audit trails from FHIR resources/bundles or CDA documents?
  • Should HL7 work on data and format standards to support clinical credential tracking (including, is this a real problem – we didn’t have consensus on this). Also, there are already communities working on it, and so we’d need to reach out to them to see whether formal standards support is useful for them

Comments welcome….


  1. Ewout says:

    Another thing we might want to look at is how to fingerprint medical data (or more specifically FHIR resources) in such a way that we can be reasonably sure that in, say 10 years, we can still reproduce and use that fingerprint. This would be useful, since there are usecases where you would want to store a fingerprint in a transaction in lieu of a full instance. But it’s not obvious that after several system upgrades and data conversions you can still reproduce the fingerprint….

    • Grahame Grieve says:

      I think that’s a huge challenge. storing actual resources is a lot safer, because you move the verification problem into the human review domain, rather than on the computer side of the crypto…

  2. Doteasy says:

    The advent of Fast Healthcare Interoperability Resources (FHIR) promises to allow EHR users to expand their functionality through third party apps without having to pay for special interfaces. To their credit, the big vendors have shown some flexibility by letting outside vendors play in their digital sandboxes and develop FHIR-based apps.

Leave a Reply

Your email address will not be published. Required fields are marked *

question razz sad evil exclaim smile redface biggrin surprised eek confused cool lol mad twisted rolleyes wink idea arrow neutral cry mrgreen


%d bloggers like this: