For my 3rd reading from the ONC Blockchain Challenge winners, I found a fairly down-to-earth explanation of applying blockchain to the healthcare EMR and research universe. The authors described a solution called "MedRec" in a paper* originally published by IEEE at the 2nd International Conference on Open & Big Data 2016 (this is known by the cool kids as "OBD2016" which is another great blog topic to save for later). Not only did they inform us about a practical architecture for blockchain on-ramps and off-ramps for healthcare organizations but they helped me envision the role of the Healthcare Information Exchange Leader in this new approach to data sharing. The unwieldy, but descriptive title is, "A Case Study for Blockchain in Healthcare: "MedRec" prototype for electronic health records and medical research data". Best yet, their solution is in trial use today.
The authors set out to address the market need for "patients to engage in the details of their healthcare and restore agency over their medical data". The solution they propose and have begun pilot testing is called "MedRec" and it "manages authentication, confidentiality, accountability and data sharing" among patients, providers, researchers, and other medical stakeholders. They also propose a novel research driven economy that incentivizes these medical stakeholders by providing them with access to aggregate, anonoymized data as a reward for providing the computing power for the distributed blockchain network that serves "MedRec".
Their proposed economic model is intriguing since it addresses the question of who will pay for the computing power required for the data encryption and ledger update transactions. In a bitcoin economy, each entity that provides computational power is rewarded by a small bit of currency. This becomes problematic for the healthcare community since we rarely want patients or community healthcare providers to have to pay to participate in active and complete data sharing activities. So, the author's propose that consumers of aggregate data would actually pay for the computing infrastructure and, in reward, get access to continuous and rich aggregate, anonymized data sets. This in turn, may lead to new solutions for population health, genomic research, precision medicine, social support programs, etc. How such an economy would be effectively governed and kept fair is a question for another time.
The "MedRec" solution addresses "fragmented, slow access to medical data; system interoperability; patient agency; [and] improved data quality and quantity for medical research". It uses data references and encoded hash pointers to build the blockchain ledger based on the work of Zyskind et al. (the wizards of Enigma , a solution I mention in different posts). What all of this means is that when the healthcare data gets into the blockchain that it is virtually unrecognizable to anybody on the internet until blockchain participants are engaged to start decrypting and reassembling data back to a trusted requestor with a digital identity. MedRec's role is played by using Application Programming Interfaces (APIs) to connect existing electronic medical record (EMR) systems to the blockchain network to enable data sharing while adding the distribution and security advantages of blockchain infrastructure.
MedRec developers decided to implement this system utilizing the growing open-source blockchain solution called Ethereum. Ethereum provides ready-made developer tools and programming code for creating "smart contract" transactions. "MedRec" smart contracts include patient-provider relationship associations, viewing permissions, and data retrieval instructions. Additionally, the smart contract includes requirements for sending notifications to participants when data changes. The smart contract participants are verified using their Ethereum registered identification. This is like a domain address and allows for identification of the patient or provider without exposing Social Security Numbers or date of birth.
So, now I will try to perform a walk-through of how I might participate in the MedRec infrastructure as a patient based on my understanding of this paper:
Step 1: I goto Ethereum, or MedRec's on-ramp to Ethereum and establish my account for identity. This becomes my "Registrar Contract" or RC.
Step 2: My healthcare providers must also do the same.
Step 3: Using some sort of portal, setup by a MedRec sponsor, my provider and I establish a "Patient-Provider Relationship Contract" or PPR. This contract contains a bunch of information not limited to: who we each are (identities), what data can be shared, what data can be stored locally, what records are held by the provider, the provider's network location, and so on. The data sharing and viewing contract is mapped to query strings that define allowable inquiries into the data. Through use of a portal, I am able to define at a very granular level which part of my data is viewable and by which participants. This contract is then dispersed among the blockchain nodes like so many pieces of puzzle dust.
Step 4: A "Summary Contract" or SC contains a "list of references to Patient-Provider Relationship contracts (PPRs). This allows me to see all the participants who are involved in sharing my data and allows other authorized participants to see the same. Apparently, I can leave the network at any time and join back in later. The SC will also inform me of changes in relationships and allow me to approve new ones. So, for example, if I go to a new provider or hospital, a new request may pop up and require my approval for allowing the new participant to join in the data sharing fun. This means that if I am diagnosed with a psychosis due to overexposure to technical information, that I can choose not to share that information with all providers. As a side note, I hope this will create an entry that indicates I have blocked some information so that a provider will know to ask me what I might be hiding.
All of the above steps occur through encrypted transactions among many, distributed participant computers that throw my data all over the place in unrecognizable bits (or blocks) so that they are not recognizable until a connected MedRec Node grabs it back to gain understanding of the contract. The same is true for my healthcare data except that it can still reside locally in the healthcare provider's database. This is convenient for both providers and hackers; however, I think the authors are looking to create a transitional solution for interoperability and patient agency that is useful today. Eliminating all large, local caches of patient data is a challenge for another paper. I do speculate though that using the MedRec solution could give us a quicker path to eliminating dates of birth and SSNs from patient databases. (note, most healthcare organizations no longer require SSNs but it sure makes patient matching easier if it is provided)
So, who pays for all these computers that process the blocks in the chain? This part gets interesting. MedRec incentivizes "miners" to "participate in the network and contribute their computational resources to achieve a trustworthy, gradual advancement of the chain". So, essentially, anybody who finds safe, aggregated queries for healthcare data to be a thing of value will provide computing infrastructure to continuously process transactions for the Ethereum blockchain. The authors call this a "bounty query". This bounty query then belongs to the miner and the miner can get updates on an ongoing basis. For example, a query on geographic distribution of toe fungus patients would provide an ever changing dataset for a researcher intent on wiping out toe fungus across the country. This same researcher would decide how many nodes to contribute to the network in exchange for more and more data.
This practical solution is meant to be interoperable with the EMRs in use today. As a result, local databases are still targets for hackers; However, this solution eliminates the problem of centralized data stores that are currently employed to support information exchange and population health. The authors also warn that bad actors can observe activity on the blockchain to infer patterns of interaction. E.g., they may be able to discern frequency of entity interactions in case it might be useful for identifying targets for further hacking activity. The authors propose that one way to avoid this is to limit the participants of the network to only pre-approved nodes so that outside observers are excluded. This, of course, requires some centralized administration.
What I really like about this paper is that it describes something that is approaching immediate utility. MedRec is designed with open APIs that can also support HL7 and FHIR data exchange standards. Integration approaches have been assessed with EPIC and Cerner and a demonstration system is in evaluation at Beth Israel Deaconess Medical Center. MedRec creators are in the process of creating tests to secure compliance with the ONC Roadmap's guidelines for "Ubiquitous, Secure Network Infrastructure." And, some part of their research will be made available on GitHub for geeks like me to download. This could keep me busy for quite some time.
____________________________________________________________
* Ariel Ekblaw, Asaph Azaria, John D. Halamka, MD, Andrew Lippman, MIT Media Lab, Beth Israel Deaconess Medical Center. A Case Study for Blockchain in Healthcare: "MedRec" prototype for electronic health records and medical research data, White Paper. August 2016.
Parts drawn from IEEE, 2nd International Conference on Open and Big Data 2016.
I have read this post. collection of post is a nice one Blockchain Online Course Bangalore
ReplyDelete