Healthcare PHI Interoperability & Management

The COVID-19 crisis has exacerbated the hiccups in legacy healthcare platforms and technologies. Any pandemic of such potency is bound to do the same. If there is one thing that we have learnt from the current situation, it is to not be complacent. What has happened now can and will happen in a different form in the future.

So, it is important to take precautions and adopt cutting edge technology into healthcare IT systems in order to be in the best possible shape when/if a similar scenario hits the fan in the years to come.

Importance of Data Fluidity:

The seamless flow of data is crucial for the smooth and efficient functioning of a healthcare system.

  • Freely communicating systems increase operational efficiency by cutting down on manual administrative tasks.
  • A well-functioning interoperable system also avoids duplication of lab results, imagery, thereby decreasing the overall healthcare cost borne by the hospital and the patient.
  • It also improves patient safety by reducing the number of potentially invasive or radiation intensive procedures.
  • Interoperability will also improve clinical care by improving access to relevant information at the point of care, helping physicians to make the best possible decisions.

In essence, we can term Interoperability as the democratization of patient health care information giving them the power to control their data, that too at a granular level.

Interoperability Challenges in the traditional system:

The traditional healthcare interoperability landscape gravitates around healthcare providers such as hospitals, private practitioner clinics, and pharmacies. Data is siloed and distributed, creating complexity in data exchanges. Those data exchanges that do happen are most often financially motivated or through regulatory pressures that emphasize data liquidity for better healthcare.

For instance, the 21st Century Cures Act (21CCA) and HITECH lay strong emphasis on data sharing and the establishment of statewide health information exchanges. The bottom line of this model is that the data is scattered and no single institution has the complete picture of the entire medical data of a patient. Blockchain can change all that.

A train that cannot be robbed!

Blockchain technology is ideal for healthcare PHI data exchanges because it is like a train that cannot be robbed. Imagine a train with an infinite number of carriages, with each carrying a specific cargo identified by a specific hash of its own, a unique timestamp based on its induction into the chain along with a hash based on the previous carriage in the chain. A hash is like a digital signature or a unique fingerprint that is immutable and cannot be tampered with. Imagine that each carriage in this blockchain train has a sentient robot that has interconnected memory to all other sentients in each of the carriages.

If someone tries to rob or modify the content of one carriage, all the other sentients of the other carriages will know about it, hence making meddling or data breaches a near-impossible task. If at all a data breach occurs despite the complexity, the amount of time taken to identify and arrest the breach is very less when compared to systems using legacy technologies where data breaches have prevailed for years.

A brief about the salient features of Blockchain:

Blockchain bestows the following values on a healthcare data transmission system if implemented.

  • Decentralized management
  • Crystal clear audit trail that is immutable
  • Data provenance & robustness
  • Vastly superior security and privacy.

Making the sensitive data patient-centered rather than the traditional model of institution driven interoperability has been a notion that has been gathering support ever since the advent of wearable fitness devices and personalized medicines. Users now expect the same level of independence and privacy when it comes to owning and transferring access to their medical data.

Blockchain technology achieves patient-centered interoperability and facilitates the below:

Digital Access Rules:

The major advantages of using Blockchain for access rights control are listed below:

  • The transfer of access of a particular resource from one subject to another can be done by a subject who holds the rights without the intervention of the resource/policy owner, through a Blockchain policy creation transaction.
  • The access right is initially defined by the policy owner who is on most occasions the resource owner too. This initial definition and all other subsequent transactions of access rights either by subjects or the resource owner are recorded in the Blockchain. Thus, any user can check which user currently holds the right to perform a particular action. Also, if a user is denied access, validating whether the entity that denied the request had in fact made the right decision is also possible.

The most commonly used Access Control mechanism is the Attribute-Based Access Control (ABAC). It specifies a series of attributes combined with a set of conditions paired to each subject. The rules, at the discretion of the policy owner, are either conjunctively or disjunctively combined to provide the necessary access to the subject. The eXtensible Access Control Markup Language (XACML) accredited by the OASIS consortium is widely used to implement the ABAC mechanism.

The conditions are a set of rules that are tied to each subject and can be as defined below or more:

  • Unique ID of the subject to whom the policy owner grants access.
  • The set of values that are allowed by the attributes of the subject in order for access to be granted.

Once a subject receives particular access to transfer rights to other users, it is only logical that conditions are appended to the ones already defined in the policy but never reduced. In other words, the policy can become more restrictive than the original one but never lesser. Also, the policy updates can only be performed by the policy owner (the patient) and not by any of the subjects.

Each piece of data that is appended to the Blockchain forms a permanent part of the chain and cannot be removed. This has the potential to constitute a permanent burden on the entire network and hence it is key to store only the essential information on the Blockchain. Storing the policies in XACML as such in the Blockchain could cause serious space concerns. The easiest solution for this is to store the XACML policy separately and have the Blockchain store only a link to this policy. The external storage will be encrypted with a cryptographic hash similar to that of the policy-making it tinker proof.

Data Aggregation:

In the traditional PHI management, there is lack of interoperability between different healthcare system databases holding patient data, lack of transparency in the pharma supply chain, and general dispersed nature to the entire medical data related to the patient, prescriptions, related medical staff and other clinical data from different hospitals. Using Blockchain technology all the dispersed data can be aggregated, shared, and stored in a transparent manner. Blockchain-enabled with digital access rules can help in accumulating all of the clinical data of a patient and map it to the patient’s anonymous digital identity.

Thus a patient can connect to the healthcare portals of different organizations using a Blockchain key and the same goes for the medical staff and physicians — if provided with the necessary access, they can see all of the history relating to that particular patient in the Blockchain irrespective from where the data was generated.

Data Liquidity:

What if you are on a vacation and suddenly have a medical issue? You could be miles away from your home but you need immediate medical attention. You get admitted to a local hospital that does not have any of your medical records or data about medical allergies. It is of vital importance that highly sensitive clinical data needs to be easily available at the point of decision making/care delivery for healthcare to be successful. In other words, the data needs to be highly liquid. A healthcare data transaction system built on Blockchain would have a buyer — the hospital which currently needs the patient data for treatment purposes. The request from the buyer will be cryptographically signed and the hospital which provides the requested data will validate the legitimacy of the request, approves the request, and issues a key pair. The key pair successfully enables secure access to the data on the blockchain.

Patient Identity, Matching, and Consent:

Patients can access or retrieve their data from the blockchain by using their public key infrastructure implemented by a multi-signature wallet or a mobile device. By using PKI, the hospitals and the physicians can rest assured that it is indeed the patient who is requisitioning the data.

Patient consent is essential for maintaining the privacy and the sharing of medical data between legitimate users for the purpose of quality healthcare. There is often ambiguity and confusion regarding the means of acquiring this consent which blockchain can resolve.

Patient matching is the process of mapping patient data from two different systems and ensuring that they are in sync. The more the number of systems, the harder it is for them to synchronize their data. It is estimated that at least 20% of the EHR are duplicates. Since blockchain is by design a decentralized distributed ledger architecture, it can solve the fundamental problem of Patient Identity, Patient consent, and Data sync. With the data being stored in a decentralized manner, there will be no single entity that stores it or a single authority having access to it.

Reduce the cost of verification of Medical Records:

All clinical data transactions have verifications costs — the cost of securing the data, the cost of checking if they follow HIPAA guidelines, and the cost of maintaining the original source of truth. This cost is compounded when the data is stored in disjointed systems. But when the data is interoperable, the cost is cut down several times by the use of security and privacy personnel, technical support, and health information management offices. Using blockchain, the verity of the medical records can be validated by multiple stakeholders at regular intervals. The records have a digital signature or a fingerprint which allows for accurate validation and denial of falsified records. User engagement can be further boosted by monetary rewards for network participation.

One such example of such incentives is the smart contract component. Incentives help in driving contributions, easy reconciliation of records by different healthcare organizations, and managing of updates. With blockchain, the cost of verifying a transaction and the process of ensuring data integrity is reduced than in traditional systems. The second cost deals with the elimination of traditional intermediaries such as financial institutions, hospital management offices, etc as there is no need for such entities once blockchain is implemented for PHI access. This is bound to have a significant effect in making it a level playing field for different entities in the same market, providing a greater deal of privacy and lowering the barriers for new players.

Challenges and Mitigation Strategies:

The volume of Medical Data:

Despite all the advantages that blockchain provides, there are certain challenges that need attention. The first of which is the sheer size and volume of clinical data that is exponentially increasing by the year. Given the nature of blockchains, it will not be feasible to store such large volumes of data on the chain without causing network burden. Mitigation strategies for this problem include the implementation of bitcoin’s Lightning Network and permissioned blockchains. Permissioned blockchains build for specific geographies are suited to handle large volumes of data without time-intensive validation.

Privacy of Sensitive Data:

The second challenge involves the security and privacy of health data. The identity of the patient is obscured in blockchain by the PKI but the other attributes are publicly shared. Once the basic demographic information validates the patient, and if the patient’s identity is matched with the public key, then all the data on the chain that is associated with that public key are linked to the individual. While it would be catastrophic to implement healthcare data on a public blockchain, a private blockchain is also not without its set of problems as patients might not want to reveal their data to all the members in the same chain.

What we need here is a blockchain that allows for selective disclosure of sensitive information — for example, Zcash with zero-knowledge cryptography. The combination of these provides a high degree of privacy for the underlying data. The actual medical data can be stored off-chain and only the metadata or permission related data can be maintained on the chain — which would increase privacy.

Patient Engagement:

Since the blockchain model is patient-centric, the patient’s engagement is carried higher prominence than in the traditional institution centric model. Patients become autonomous digital stewards and hence they would need avenues to easily access and perform actions to their data. Mechanisms to recover lost digital assets such as keys, passwords should be in place — maybe a process similar to cryptocurrency exchanges would be best suited for such technical support. Patient-friendly mobile apps then become mandatory to provide seamless and independent management of data.

Incentives & Monetary Motivation:

Perhaps the greatest challenge facing the transition of PHI to blockchain from the traditional model is the motivation involved in making the players undergo the transition. Encouraging institutions to set up patient-facing data connections without proper financial backing would be challenging. Money is definitely the biggest motivating factor in any business. Incentives for data sharing will improve and strengthen the API economy which will lead to more patient data autonomy.

Government backing and continual federal incentives for API expansion and coverage would certainly be a big leap forward. Association of open data with a value for reimbursement is another step. Peer pressure of blockchain API enabled establishments to encourage the non-API enabled systems to invest and transition to being API enabled would accelerate the transition and consequently make the traditional system obsolete.


The transformation from institution-driven interoperability to patient-driven interoperability is an interesting and potentially rewarding trend in healthcare and promises to fundamentally alter the approach for clinical data exchange and ownership. While blockchain technology has a crucial role in promoting this change, there are some challenges for which the prescribed mitigation strategies and the newest improvements in the technology must be adopted.

Meanwhile, continuing to encourage patient-facing data exchange will enable patients and providers to shift to a patient-centric data perspective, which is the first step in fueling patient-driven interoperability.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty + 17 =