Notes on "Blockchain and Health IT: Algorithms, Privacy, and Data" whitepaper (1 of 15 in the ONC blockchain series)

I read through Blockchain and Health IT:Algorithms, Privacy, and Data , a whitepaper prepared for the ONC* and re-invigorated my enthusiasm for blockchain in Healthcare.  The authors start with the growing awareness that current centralized databases "cannot assure security and data integrity, regardless [of] de-identification and controlled access requirements." And, they suggest that "Safe, vetted queries that are distributed to private, encrypted databases assure that organizations and participants can share health care data with cryptographic guarantees of privacy with various stakeholders, assuring momentum for a new era of medical research and practice." Sounds good.

They propose that an MIT platform project called "OPAL/Enigma" provides a blockchain-driven, secure environment suitable for healthcare data.  Furthermore, they suggest that the platform will improve interoperability and reduce time and cost of utilizing infrastructure to analyze and process data that supports clinical trials and development of drugs and treatments.  In short, the OPAL/Enigma platform (and other blockchain solutions) end the legacy of centralized healthcare databases that are essentially (my thoughts inserted here) large safes of gold awaiting a hacker's demonstration of safe-cracking (and/or people-cracking, termed "social engineering") skills.

One of the core concepts to the security and privacy mechanism in this solution is that "significant security compromises would require consensus" among the ledger holders. In layman's terms, I assume that this plays out like this:
Bad Actor: "I want to get to this record on Ben Franklin's Syphilis treatments and sell it"
Ledger Owner (a computer somewhere in the world): "Are you entitled to this record?"
Bad Actor: "Yes"
Ledger Owner: "I'm going to ask 1,000 other ledger co-owners if this is true."
Bad Actor: "You're a bit of a nuisance."
Ledger Owner: "I asked around. You're not entitled to this record. And, I've logged your request"
Bad Actor: "I bet you're not much fun at parties."

My summation of this is that, in this case, the hacker's-gold is distributed all around the world and requires multiple key-holders to turn their keys in order to release the data.

So, how do the "good actors" get to the data they need?  This occurs through "smart contracts". These are electronic contracts that govern access, use, payment, and other terms for use and operation of the shared infrastructure and data. I imagine some possible smart contracts, such as:
1.) Provider: contract to view, and update patient record (IF the patient has consented)
2.) Health system business office: contract to view patient record (again, with the patient consent)
3.) Patient: contract to view, update certain portions, and request changes from provider for other portions.
4.) Patient's sister: contract to view data and message with provider team
And, so on.  These smart contracts would also be spread across the blockchain ledger ecosystem for integrity enforcement.

Should the health system need greater access to a repository-like bucket of data, then smart contracts would govern allowable queries of the encrypted data, and in many cases these queries would return only de-identified data as governed by a usage agreement.

The authors reveal a bit of Enigma's security framework that includes concepts that quickly suck us into an ooze of vocabulary that becomes more and more difficult to learn. The ooze includes terms like "secret sharing", "multiparty computation", and "Proof-of-Multiparty Computation" that lead to even more complex topics such as, "reverse cryptographic computation", "ciphertext pieces, called 'shares'" and "reconstitution of data".  At this point, I have to just believe what they say until I can prove it through further understanding; it's more secure than what we have today in healthcare. I guess this is the equivalent of saying, "I've heard a few people on the internet say..."

Note, that I (and the authors) used the word "ecosystem" above. This is because the people who provide computing resources for the distributed blockchain ledgers of data are remunerated for their participation. The data is of value and so are the networking and computing assets used to manage it. Here is my un-educated guess about how this works:
1.) My healthcare system sends a share of my data into the network which ten computers pick up and store.  Let's say it's my allergy list and it's completely garbled based on an encryption key not held by those ten computers.
2.) Ten computers log to the distributed ledger that they have the data. (I'm guessing here. Maybe it's not this simple)
3.) The ten computers collect a microfee for storing the shares (some fraction of cents, maybe)
4.) If the share is accessed later by someone holding the appropriate smart-contract, some or all of those ten computers will collect another micro fee.

Now, here's where it gets even more exciting. What if we want to learn from aggregated data without exposing it? The MIT Engima platform provides a "multiparty computation" (MPC) construct that provides for this.  So, if my health system wants to know how many diabetics are behind on getting blood glucose tests, it can submit the query and get an answer without ever calling back or storing the large data set that exists on the patients.  These queries would be pre-vetted as allowable and "safe" in preserving privacy. Then, given the right smart-contract, the health system could also get more specific as to who the patients are and their routine primary care provider once they've processed the first query. And, again, multiple computing nodes, called peer-to-peer (P2P) nodes, across the world (or across the established network) would need to confirm the identity of the query requester and the terms of the smart-contract. Sounds bullet-proof, right? I couldn't say, really.

Imagine this additional scenario in the population health realm. A patient signs an electronic smart-contract which includes a clause allowing his/her de-identified and aggregated data to be accessible for public use. A pre-vetted query is submitted by a panel of experts and submitted into the ledger system for any contract holder to use. Maybe this particular safe query is to see all body-mass indexes (BMIs) and zip code of any patient who signed the contract.  This would allow just about any researcher, health system, insurer, or BMI obsessed blogger (who has an appropriate smart-contract) to run reports on BMI trends across the planet and cross-match it with other data sets on zip codes of fast-food chains and hot-yoga sweat lodges.

Here's an excitement killer though. The authors warn that the limitations of the OPAL/Enigma solution include "a lack of standardized APIs (application programming interfaces) in the healthcare IT relative to other industries." Oh yeah, there's that.  Personally, I think our healthcare application vendors better get on it. And, many of them are doing this with new projects using the FHIR (Fast Healthcare Interoperability Resources) interoperability standard, but also required is storing and manipulating the back-end data from their products such that the data can easily be retrieved through APIs.  This is a lot of work so bring on the multi-million (billion?) dollar investments.

To recover from that excitement-killer, I'll regale you with a new possibility for healthcare infrastructure. The blockchain ecosystem could expand, on-the-fly, to provide more computing resource as you need it. Too many providers accessing the data? No worries, additional nodes could automatically start participating in your network, given the proper smart-contracts are in place. Then, they scale down as demand slows. All at a cost, of course, but with the right contract could cost less than over or under-specifying a large data center full of processing and storage power. If it doesn't then we'll have a problem.

I use a fixed-cost (relatively speaking) population health analytic system today, and I can tell you from staring at a spinning hour-glass (actually, it's a circling bracelet thingy) for ten minutes at a time that an automatic scale-up of computing resource might be worth an extra, on-demand cyber-fee.  What if our Health Information Exchange (HIE) could automatically add lab interface messaging nodes when the network became congested in the morning?

The MIT folks (the authors) also add some more icing to this cyber-cake.  They are working on a clinical trials platform that is driven by this smart-contract, blockchain infrastructure.  Organizations that enter into a contract could query a clinical trials blockchain ecosystem for patient eligibility and submit tolerance, response, and outcomes data for those patients that participate. Other contract holders could issue the statistical analysis needed to make sense of all the aggregated and encrypted data in the form of safety and outcomes reporting. And, it's worth mentioning, that this ecosystem would keep a ledger of every query and querier (MIT uses this as a word , so there it is) for future audit. I imagine, and this is purely my rumination, that there could also be rules in place to detect if query patterns are worrisome. At any rate, MIT is proposing that this clinical trials implementation could be a solution in support of the White House initiated Precision Medicine Initiative.

The good news for me is that MIT proposes Enigma and OPAL as open source projects. Which means, at some point and in my not copious spare time, I can play with Enigma. If I'm smart enough.
_______________________________________________________
* Article cited above and throughout was Prepared for: Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Prepared by: Allison Ackerman Shrier, Anne Chang, Nadia Diakun-thibault, Luca Forni, Fernando Landa, Jerry Mayo, Raul van Riezen Project PharmOrchardTM of MIT's Experimental Learning "MIT Fintech: Future Commerce" & Thomas Hardjono MIT Connection Science . August 18, 2016.  Prepared for Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services