There’s a natural tension between information sharing and privacy. Providing reliable health care requires having all relevant information available, but people don’t want just anyone knowing what conditions they have and what medications they’re taking. Nor are they thrilled with having a central authority manage everything. They want information to be reliable, available, and under their control. Startup companies are looking at technological solutions to this problem.
Secure information sharing
Cyph MD offers a novel approach to the problem, using the distributed trust of the blockchain. Its creator is Brontech, a startup in Sydney, Australia. Brontech adapted the Ethereum platform for “smart contracts” for health information. Ethereum’s design allows people who don’t know each other to establish an identity and authorize a sequence of actions.
A contract is basically an “if-then” requirement that two or more parties accept. The concept has many applications beyond business agreements. Software developers use “design by contract” to avoid defects resulting from unexpected conditions. In the healthcare realm, people who hold information contract with those who need information to release it only when properly authorized. The patient ought to be able to authorize releasing information, or to designate others who can release it.
Identity is a key concept, since healthcare information is always tied to an individual. Most of us take for granted that we can establish our identities, but many people, especially those displaced by war and violence, can’t do it easily. All of us want safety from impersonation and identity theft. Co-founder Emma Poposka says, “We are trying to build a digital identity that’s like bulletproof, and that can be used by everybody, even by people who don’t necessarily have legal identities in their countries.”
Cyph MD manages identity with hierarchical certificates. A hospital can issue identity tokens to all participating practitioners. How patients with minimal access to technology will establish their identity remains an open question, which Brontech hopefully will address soon. Perhaps biometrics will offer a solution.
The regulatory situation could pose problems for any blockchain-based management of health information. Many countries have strict regulations, such as HIPAA in the United States, of storage and transmission of personal health information. The blockchain approach is fundamentally different from the usual model of a central server which is carefully protected. Anyone can see the blockchain, but no single party is responsible for it, and its protection rests on the strength of its cryptography.
Medical organizations are conservative about protecting patient information. Before they’ll adopt a new way of storing and conveying it, they’ll want a high level of confidence that it won’t leak information, either because of flaws in the technology or mistakes in using it.
Since its usefulness depends on sharing, multiple organizations have to adopt Cyph MD before it offers much value. So far Brontech isn’t saying much about its customers. It will need to get at least one major institution, or a significant number of smaller ones, to adopt the technology before there’s a viable ecosystem.
In CIO Magazine, Peter B. Nichol calls Brontech one of “the top three blockchain-based companies to watch in 2017.” Cyph MD was the “People’s Choice Winner” in the Westpac Innovation Challenge for ways to improve productivity in Australian healthcare.
Brontech also publishes Owlee, for identity management. It uses the same blockchain technology as Cyph MD. Owlee offers peer verification and authentication of credentials and references.
Revolutionizing how institutions share healthcare information and how patients control it is an ambitious goal for a startup company. Success would mean fewer mistakes in treatment, faster access to information, better privacy, and continuity for people experiencing major life changes.