A never-ending story, or so it seems: According to German law, citizens with statutory health insurance were supposed to receive a functional electronic health card (elektronische Gesundheitskarte, eGK) in 2006. However, the eGK did not replace the now obsolete Krankenversicherungskarte (KVK; health insurance card) until 2015. Fast forward to 2017: Here we are, still waiting for the first useful applications of the eGK and its accompanying telematic infrastructure (Telematik-Infrastruktur or TI).
One application, in particular, will be paramount in realizing the potential for increased quality and efficiency in healthcare: the inter-institutional electronic health record (EHR). Its importance has been recognized by a number of stakeholders in healthcare, and thus there are several pilot projects implementing one of several different types of EHR. Some examples from Germany are the electronic case record (elektronische Fallakte or EFA, www.fallakte.de), in whose development and deployment the Aachen University Hospital plays a leading role, the electronic health record (elektronische Gesundheitsakte; eGA) as a project commissioned by the Techniker Krankenkasse (TK) health insurance company and implemented by IBM, and another electronic health record project of CompuGroup Medical Deutschland AG, presented to the public at the industry conference MEDICA 2016.
The electronic health record problem
As these examples illustrate, there are two distinct concepts in EHR: Electronic case records are restricted to storage and sharing of data of a single case, ending with the patient’s convalescence and thus beneficial from a privacy point of view. Other kinds of electronic patient records and electronic health records – terminology is variable here – store health data over a patient’s life time. Furthermore, there are solutions that address the problem of data exchange between providers without aspiring to implement a complete EHR, such as Hamburg-based LifeTime.
The EHR problem is not merely a problem of data sharing logistics: Every solution that deserves serious consideration in a national healthcare system needs to put patient privacy and informational freedom of choice first in its list of priorities. Traditionally, starting with a landmark court ruling of 1983 (the national census judgment) or even earlier, German citizens have been more sensitive to privacy issues than other nationalities – even more so today when their personal health data is at stake. Physicians’ concerns regarding their patients’ privacy – voiced time and again at the annual general meetings of the Federal Medical Chamber – was one of the main obstacles to swift implementation of eGK and TI in Germany. When the new German e-health law was issued in 2015 (effective in 2016), great care was taken to allow for a high degree of patient autonomy in choosing which applications to use and which data to share with providers. However, the law was vague as far as actual implementation issues are concerned.
This current landscape of EHR begs the question: Can blockchains be employed in a useful manner to facilitate data sharing in healthcare and at the same time preserve patient privacy and empower patients to autonomously decide who will have access to which kind of data? The Estonian government has answered “yes” to this question; here, the startup Guardtime is working on a new patient record infrastructure.
But in order to answer this question for ourselves, let’s first look at the circumstances in which blockchains are not the technology of choice. To quote Gideon Greenspan of MultiChain in his essay “Avoiding the pointless blockchain project”: “If your requirements are fulfilled by today’s relational databases, you’d be insane to use a blockchain.” Common database technologies such as SQL have been tested and refined for decades, after all.
However, there are some conditions in which a conventional database has its shortcomings: Whenever a shared database has not only multiple readers, but multiple writers, when these writers don’t necessarily trust each other, and when one would like to forgo having a so-called trusted intermediary that is responsible for permissions to write to the database, and for the correctness of that which is written. A common example for the trusted intermediary is a notary; in healthcare, it might be more appropriate to think of it as a central organ that is responsible for integrity and privacy of EHR – maybe a large hospital or a third-party institution like the Gesellschaft für Telematik im Gesundheitswesen mbh (gematik) that was formed to take charge of the implementation of TI in Germany.
Why would one want to forgo such a trusted intermediary and use a blockchain instead? The first reason is, of course, economy. Trusted intermediaries are usually quite expensive to run. Especially in healthcare, unnecessary expenses in one place lead to scarcity and a lower quality of care in other places. Another reason is that having a central intermediary means having a central vulnerability to outside threats, be it malware and other IT-related dangers, or real-life adversaries, human and otherwise (fire, water, earthquakes, et al.). Finally, the trustworthiness of a trusted intermediary may be disputed by some of the parties. This is a salient point in healthcare: There are few other industries in which so many different viewpoints and agendas need to be reconciliated to achieve a common goal (good patient care, presumably).
Interdependent transactions and blockchain
Another strength of the blockchain is that it is designed to handle transactions that are dependent upon another. In Bitcoin, you can only spend money that you have received previously. In healthcare, you may only be booked for surgery when the results of your blood tests have come in and coagulation is within normal parameters. In Bitcoin, “proof of work” makes sure that no conflicting transactions are included in a block, and that no transaction in a new block is contradictory to transactions in a previous block. For this quite labor-intensive work, so-called miners are rewarded with the coinbase and some transaction fees. In healthcare, physicians and researchers might be willing to do the validation work for a “fee” in form of anonymized patient data, for instance, derived from the blockchain that they may then use for scientific purposes (see "A Case Study for
Blockchain in Healthcare").
These are the advantages of a blockchain-based EHR system. But isn’t the blockchain also the tool of choice to improve a system’s privacy? This is something that is often misunderstood in popular media: Blockchains generally do not confer anonymity. Quite the contrary: The original blockchain as proposed by Sakamoto is designed to be transparent for each participant as far as transaction IDs are concerned (see also "Security and Privacy in Blockchain Environments"). While transaction IDs are not linked to personal names, the tracking of transaction patterns can enable identification of single participants. The need for improved privacy has been identified by entities from the financial and cryptocurrency communities and has, for example, led to the development of truly anonymous currencies such as ZCash, using zero-knowledge cryptography. In healthcare, however, complete anonymity is neither necessary nor desirable. Instead, solutions should be sought in which patients themselves control whom to divulge their identity, where to remain pseudonymous, and which pieces of data to share. Such solutions have been developed, for instance, in the field of online identity management.
Bottom line: The blockchain is no secret weapon of privacy and security. In specific circumstances it can, however, confer considerable economical and organizational advantages over conventional database technologies – and these circumstances are remarkably similar to the present day conditions of the healthcare sector. Pilot projects of blockchains in healthcare are underway in the US; German healthcare professionals will have to turn to similar projects to see whether or not blockchains will transfer successfully to applications in the medical field.
Dr. Christina Czeschik is a physician, consultant and author (www.serapion.de) specializing in e-health and digitalization of healthcare. She also heads Intellicore Press; a new and independent research and publishing firm, providing startups and established companies with technology intelligence and assessment with focus on the e-health sector.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.
Early 2018, eco will host the Blockchain Masters conference in Frankfurt. More details will be online on blockchain.eco.de in a few weeks.