Imagine that vacation you’ve been looking forward to for months, it’s finally here! Everything is packed up and ready to go, it’s Saturday night and by lunchtime tomorrow you’ll be ways away from home on your way to the sunny retreat of your dreams. As you plug in your phone next to the nightstand, you see a new message pop up on the screen: “Medication refill available for pickup on Monday”. Sure enough, the medication you packed for the trip is almost empty and won’t last through the three-week vacation. “Oh well”, you think, “I’ll just refill it there”. Without much extra thought, you go to sleep with a mind full of scenes of white sand beaches and palm trees.
You arrive at your destination late the following day. It’s a Sunday, so everything is closed until the next morning. You wake up and look around for the nearest pharmacy, walk over and attempt to get the refill you need.
“I’m sorry, you’ll have to visit the pharmacy you’re registered at to pick up this refill.”, the pharmacist tells you. The pharmacy you’re registered at is currently far away back home, where you don’t plan to be for another three weeks. You can’t get a refill anywhere else and no one else can pick up your refill and send it to you.
Two choices present themselves: Either you go all the way back home and lose out on three days of sunny vacation, or you go without your medicine until the vacation is over. Unfortunately, the medication is critical to your health and you’re left with no other choice than to begin the journey back home, wasting time and money. “There has to be a better way”, you think to yourself.
Fortunately, with modern technology, there is!
Currently, medical data may be available when needed by doctors or patients, but this data is often not interoperable. Each hospital has its own Hospital Information System (HIS), pharmacies have their own Pharmacy Information Systems (PHS), and medical data resides within many different silos. Information in these silos is often not shared between parties, resulting in high amounts of data duplication. Often, patients are not aware of all the places in which their private data is stored or used, making the process of keeping the data in all these silos updated with current information next to impossible.
This non-transparent siloed situation needs to change.
The GDPR came into effect in 2018, making (private) data storage a serious liability. Recently, British Airways received the largest fine ever levied by the UK’s data privacy authority for failing to protect over half a million of its customers’ data in a breach. British Airways will have to pay €205.5 million to the Information Commissioner’s Office (ICO). By placing control over who can access and use private data back in the hands of individuals, transparency is increased and data can be shared on a case by case basis.
MSD, in partnership with HappiApp, contacted TheLedger (the blockchain guild of TheGuild) with the goal of completing an analysis track to explore the available options to solve the issues related to data silos, privacy, and GDPR compliance. The situation described in the vacation tale above is one of the problems driving the push for change. Currently, patient data resides in multiple data silos controlled by healthcare providers and healthcare institutions. Patients should have control over who has access to their data, in this case, their medical records which are extremely sensitive. Not only should they have the control to give and withdraw access permissions to their medical record, but they should have the option of viewing a transparent history of all actions related to their record.
These access permissions would be granted to pharmacies and healthcare providers, each then having the possibility to modify or add to a portion of a patient’s medical record. For example, when on vacation, a patient could give a new pharmacy temporary access to their record to receive a prescription refill. When a patient changes healthcare providers (doctors), permissions can be revoked from the current provider and given to the new provider, effectively “transferring” their medical record instantly.
How can such a system be implemented with the technology available now?
Privacy, technical impossibilities, and restrictions caused by competitors increase the likelihood of fragmented data, especially in the medical sector. Data is redundantly stored in multiple silos (e.g. Hospital Information Systems) and individuals have no control or insight in how or where their data is used. With the trust-less, decentralised infrastructure that blockchain technology provides, new ways of solving these issues have emerged.
We proposed a system that would both give a patient control over their medical record as well as transparency in the events related to it. This is made possible by implementing blockchain, specifically Hyperledger Fabric, to form a transparent and trust-less architecture in which to store and manage medical records. A consortium of participating stakeholders can each run nodes, guaranteeing decentralisation of the network.
Patients, pharmacies, and healthcare providers all interact with the system through an API interface, enabling relatively simple integration with existing infrastructure. The core functionality of the system revolves around the medical records being stored within. Since a blockchain is immutable, meaning it can not be changed after a data (transaction) is stored to it, it is also not a good place to store sensitive data. One of the requirements of GDPR compliance is the ability for a user to have their data removed, something not possible when using a blockchain for the data storage.
Instead, medical records are stored in an off-chain database running within each node in the blockchain network. However, a database can be modified. How can one validate data in a database while also maintaining GDPR compliance? With a combination of technologies, called data linking. Medical records are hashed, with the resulting hash being written to the blockchain. In this way, no sensitive data is stored on the blockchain but data in the database can be verified at any point by simply comparing the hash of the current data with the hash stored on the blockchain. When data is removed from the database, the related hash is still on the blockchain but can not be used to recreate the deleted data, enabling GDPR compliance.
A patient has one medical record, and each medical record has portions that can be modified or extended by certain user roles. A patient can add or remove pharmacies and health providers, effectively transferring their medical record at will. Healthcare providers can create new prescriptions as digital assets, whose origin can be verified. These prescription assets are bound to a certain medical record and the patient to who that record belongs can use the prescription asset to pick up medicine at a pharmacy of their choosing, whether it’s in their home town or a distant foreign country. Each event is logged to that medical record, including prescription creation and pickup, access control events, and personal usage logs.
The proposed system relies on the stakeholders all participating in the same network. Each participant, whether it’s a patient, healthcare provider, or pharmacy, needs an account on the same identity service in order to authenticate themselves. This identity service is the connection between users and identities on the blockchain and adds additional complexity to not only the system but also to the simplicity of adoption. With the introduction of Self-Sovereign Identity, this identity service could be avoided.
Self-Sovereign Identity is a permanent, portable digital identity for any person, organization, or thing. It doesn’t depend on any centralized authority or system and can not be taken away. Instead of username and password combinations or federated authentication (Facebook, Google, etc), Self-Sovereign Identity could become the identity solution of the future.