Blockchain, the distributed ledger technology at the heart of digital cryptocurrencies like bitcoin, has the potential to transform and re-imagine connected healthcare. As we discussed previously, three key areas for blockchain’s focus in healthcare appear to be in health data interoperability, supply chain validation, and revenue cycle management. To realize the full potential of blockchain to transform connected health, however, there are key legal, regulatory, and governance issues that will need to be resolved.
Privacy and security. HIPAA and related privacy and security regulations require that covered entities – such as providers and payors – and their business associates meet certain standards regarding the confidentiality, availability and integrity of protected health information. Blockchain’s cryptography, together with the use of existing “off chain” HIPAA-compliant computer systems to store PHI, may be sufficient to satisfy these privacy and security requirements, although questions remain about whether the blockchain hashes allow for the impermissible re-identification of de-identified data in violation of HIPAA. Additional guidance from the HHS Office of Civil Rights would be useful in clarifying how HIPAA applies to blockchain technology.
Patient consent. The promise of greater interoperability, along with access or restriction of records, will necessitate a more relaxed view of patient authorization that can be more easily, yet legally, accomplished through the click of a button. Likewise, if the blockchain will allow for access to any patient substance abuse records, the special Part 2 regulations governing the confidentiality of substance abuse records would likely need to be updated to permit the sharing of such records through the blockchain.
Medical record storage. Many states require that providers maintain patient medical records for a minimum time period, such as 6 years after the patient’s last visit. To ensure that the patient’s records (if stored “off chain” to more easily comply with HIPAA) remain available through the blockchain long after the patient’s last visit, states will likely need to pass new laws that require providers to maintain records for a much longer period of time, or seek to encourage (and perhaps subsidize) the adoption and use of personal health records for patient’s to store their own patient medical records after the provider’s storage obligation has terminated. A new patient health records company called Patientory is already using blockchain technology to help patients store their own medical records.
Smart contracts that are legal contracts. One interesting application of blockchain is the use of smart contracts. A smart contract is an agreement between parties written in code into a digital “smart contract” that automatically executes with no human intervention once coded conditions are met. The acceptance, enforceability, and ultimate legality of smart contracts will need to authorized by state legislatures, which some states have started to do. In addition, governments will need to explain how smart contracts will be enforced across different jurisdictions. Finally, the process of translating current agreements into smart contracts composed of software code will require a wholesale, different relationship between lawyers, their clients, and computer programmers. Both lawyers and judges will need to develop an expertise in understanding the smart contract’s code and in the underlying blockchain technology.
Blockchain community engagement. One of the most important factors that could hinder blockchain innovation is if blockchain supporters ignore the need to engage their governments in the regulation of this nascent technology. It will also be critical that government regulators enact a careful and balanced regulatory regime that ensures both patient privacy and access rights yet allows for the full exploration of potentially beneficial applications of blockchain in healthcare. A difficult balance certainly, but a balance that is more likely to be struck when the blockchain community is fully engaged in the process. Indeed, just the lack of government guidance in how blockchain technology works within existing regulatory requirements can be a huge roadblock to innovation.
With blockchain, we see the rise of a new distributed technology that has the potential to transform connected healthcare. In order for blockchain’s distributed ledger technology to realize its full potential in healthcare, existing laws will need to be changed and new laws will need to be adopted. But the potential for this technology could be revolutionary in scope. As IBM suggests: forget “big” data; think “long” data. Imagine the value of an accurate and complete patient medical history that is stored on the blockchain; for the patient, no more need to have to fill out those same annoying medical history forms for every doctor visit because every vital sign, lab test, and doctor note is readily available; for the provider, they can have easy access to a patient’s complete medical history that can also be trusted as accurate; and for the researcher, rich new sources of population-level health data can available at their fingertips. Blockchain’s true potential in connected healthcare is a more patient-centered care model that gives patients control over their health data and, ultimately, even the ability to monetize that data. Let’s hope the legal system can keep up.