Jennifer Georgino talks with David Houlding, Director of Healthcare Privacy and Security at Intel Health and Life Sciences (HLS), about enterprise blockchain implementation. This is the second and final addition to her series that covers her in-depth interview with David. The first part of her series, which covered how blockchain technology can address the pressing demand for stronger digital safeguards around health data, can be read here: Using Blockchain to Secure Patient Data – Interview Part 1 of 2 with David Houlding, Director of Healthcare Privacy & Security at Intel
Georgino: What guidance would you give organizations in healthcare looking at where to begin or apply blockchain technology?
Houlding: There are amazing benefits blockchain technology can bring to the industry in terms of improving the quality of patient care and reducing the cost of healthcare. It will require healthcare organizations to be proactive in terms of figuring out where the ROI is, the real value beyond the hype and where does it make good business sense. Then actually conduct pilots this year and testing, learn and refine, and make decisions on how to roll out into production use.
Georgino: We would all have assumed a CIO or CISO (Chief Information Security Officer) for a substantially large community healthcare organization would already have redundancy and DR (disaster recovery) in place for digital records and interfaces with third parties, or are they still inundated with EMR adoption implementations and upgrades? That was indeed a disruption years ago.
Houlding: Absolutely, healthcare is struggling with current issues independent of blockchain disruption. Ransomware attacks and breaches internally are ongoing issues and in dire need of more attention. Blockchain brings other challenges from a security standpoint. We would be remiss if we did not caution folks that blockchain is not a panacea for security. It does, however, bring some key security benefits in terms of protecting availability as previously discussed, and also of immutability and protecting the integrity of data – once on chain, it cannot be altered or deleted without detection.
Georgino: How is the HIPAA issue handled in this environment?
Houlding: Beyond availability protections we discussed earlier, more needs to be done around confidentiality than what blockchain provides, that is deciding what information goes on the blockchain vs data that remains off-chain in existing enterprise systems and is referenced by data on the blockchain. One sees blockchain as augmenting, not replacing, these existing enterprise systems. Blockchain sits in the middleware space between the network of healthcare organizations and outside the internal firewall of any one healthcare organization. To help mitigate privacy and security risks, and enable compliance, data used on the blockchain should be minimal but sufficient in terms of only what is required to support the target use case. We definitely caution against putting all data on the blockchain and figuring out later how to make use of it. Most blockchain use in healthcare in the near term will be private or consortium blockchains, as opposed to public blockchains.
Georgino: Could you comment more about permissioned or private blockchains vs public blockchains?
Houlding: We think many healthcare organizations will opt for private consortium blockchains that are permissioned, at least as they pilot or adopt early for production use. Over time, most healthcare blockchain networks will grow, but will remain private consortium blockchains. Many regulations, including HIPAA, require only authorized access to healthcare data. When it comes to blockchain technology, in private consortium blockchains, organizations connecting to the blockchain are well known and highly trusted, and access is controlled and permissioned, like role-based access control but on the level of organizations. Access control and encryption will be used, so the privacy, compliance, and security officers will need to be involved at the outset – at the very start of the blockchain conversation- to determine the impact of basic things like what kind of data such as PII (Personally Identifiable Information) will be on-chain and what will remain off-chain in existing enterprise systems, and referenced from the blockchain.
Georgino: Are there particular consortiums out there leading the healthcare industry today with a particular use case?
Houlding: Yes, there are in many of the use cases we referred to. There are traditional clearing houses which are like middlemen, wherein blockchain technology could be dropped in to provide compelling benefits in terms of transparency and operational efficiency, lower costs, etc. and PokitDok (www.pokitdok.com) is one of the startups leading the charge in this space. They are doing some very exciting things. These startups will have consortia or alliances of healthcare organizations, for example PokitDok manages the DokChain Alliance. It will be a decentralized blockchain network, used as a “clearinghouse” for transactions. To enlarge on this, you will of course have public blockchain platforms that may be the best option for certain use cases such as public health. However, we think for most use cases healthcare will opt for private consortium blockchains. Each blockchain will make use of a particular blockchain platform and software stack, such as Ethereum, or Hyperledger Sawtooth, or several other options currently available. In a private consortium blockchain deployment, you have a closed network where only well-known, trusted organizations can join, and have access to the associated decentralized ledger. In this scenario, access would be minimized to authorized organizations and individuals only, and this in turn will help healthcare organizations in networks maintain compliance with regulations such as HIPAA.
Georgino: As you know the issue of interoperability has plagued the HIT industry for many years now and remains a veritable stumbling block as the largest of EHRs remain silos of data with limited or no data sharing. What are you seeing in this regard with the advent of blockchain’s disruptive technology?
Houlding: I think the big EHR vendors are absolutely looking at blockchain right now because a lot of the providers will require integration with blockchains. There could be multiple blockchains an EHR needs to integrate with, across various use cases, for example for billing and clearinghouses transactions, for provider credentialing, medical device tracking, drug supply chain, health information exchange, public health, and others, so it is not about connecting the EHR to just one blockchain. Interoperability is definitely a part of all of these blockchain integrations. You have to identify the data formats, versions, and so forth for interoperability on a blockchain for it to be useful. Blockchain by itself does not solve the interoperability issue, but we can layer on top of blockchain all the good work already done around interoperability initiatives such as FHIR (Fast Healthcare Interoperability Resources). We think the opportunity with blockchain is around targeted secure sharing of data. There are massive silos of data in in all kinds of healthcare organizations. Within these silos a percentage of the data can be used to improve the quality of patient care and reduce healthcare costs. Blockchain can enable the targeted secure sharing of this data across various blockchain use cases, where it makes business sense. For example, with regard to the provider credentialing use case, the time it would take for a clinician to be credentialed would be lower, enabling them to practice sooner, and vastly reducing redundant verifications and associated waste that drives up the cost of healthcare. I have seen some concerns that blockchain may replace enterprise systems such as EHRs, but we do not see that happening in the foreseeable future, rather it is going to augment them. We see blockchain proving itself in existing B2B networks near term on the evolutionary path, and this will be a stepping stone to build trust necessary for more revolutionary, fundamentally new blockchain use cases, in the long term, and these blockchain networks will increasingly also empower patients.
Georgino: It would appear the pharmaceutical drug supply chain of the healthcare ecosystem could most easily adopt blockchain technology to help with security, anti-fraud, and cost savings.
Houlding: Yes, definitely. The drug supply chain is one of the leading use cases and we are working with a startup called iSolve (iSolve.io). There is a consortium forming called The Center for Supply Chain Studies (c4scs.org) around this use case. Pharmaceutical companies are very interested in rooting out counterfeit drugs. Blockchain technology enables pharmacists to verify the authenticity of the medication, the provenance, and the safety. Blockchain for drug supply chains will also provide more transparency, more visibility and more efficiencies across the whole supply chain from manufacturer to distribution through retail to patients. In the US, the Drug Supply Chain Security Act calls for certain capabilities that blockchain technology could provide, though it does not dictate or specifically require the use of blockchain currently.
Georgino: What about clinical data sharing for research, trials, etc.?
Houlding: Blockchain can be used to verify the integrity of the clinical research data and facilitate the discovery of data to reduce redundant efforts and minimize costs. The blockchain may not need to have the actual clinical research data on it, but rather metadata pointing to that data which remains off-chain in existing enterprise systems. Blockchain can also be used to engage and incentivize the participation of patients in clinical research studies, using cryptocurrencies or tokens to create a whole new value system on blockchain. This can be used to incent more patients to participate in clinical trials and enable them to benefit more directly from doing so. The tokens could then be redeemed for a service, for example. Some of the most exciting things happening in the industry now is artificial intelligence or machine learning, which requires a large volume of such high-quality data, and blockchain can enable the publication, discovery, record location, and secure sharing of data to power AI and ML, enabling much better models, inference results, and ultimately benefits in improving patient care, and reducing healthcare costs
Georgino: What is your understanding of how blockchain can be applied in the public health arena?
Houlding: I think it is one of the leading use cases for blockchain technology with fantastic opportunities. This would involve vast numbers of organizations collaborating around an epidemic threat, or even the flu that has become deadly. Blockchain has the potential to play a unique role in facilitating collaboration and speeding up real time response using a shared decentralized ledger on blockchain.
Georgino: I attended an event locally at Emory recently referencing AI technology. The issue came up of ethical concerns, as well as medical doctors possibly losing their jobs, such as in radiology, albeit a doctor shortage has existed in the US for decades.
Houlding: AI is an amazing, very powerful technology that stands to deliver immense benefits in terms of improving the quality of care and delivering whole new insights, while reducing costs. But like any technology, it can be used or abused. I think technology needs to serve healthcare in terms of improving the quality of care and reducing costs. AI has major potential benefits, so we have to find a way to make it work. It is a tool that providers can use to help them augment their work, but hardly replace them in the foreseeable future. Note that AI in healthcare is “narrow AI” focused on a specific task, and not replacing a clinician’s role. It has the potential to enable them to do a better job and provide them more time to see patients. AI in this respect can help with triage for a medical doctor, analyzing tons of data or images in near real-time. Tracking the provenance of data using blockchain can help filter out the highest quality data to build the best AI machine learning models. Training data, models, results, and validations can all be tracked on blockchain, enabling them to be audited. AI machine learning models are improved with more data, and higher quality data. Sourcing data from a network of healthcare organizations using blockchain can enable vastly improved AI / ML models, vs building models from one the data within one healthcare organization. Sharing of data across blockchain networks can be incentivized using cryptocurrencies and tokens. Shared models and co-evolution of these models are possible with blockchain. Trust can be built in AI much faster by sharing collective experience using blockchain.
Georgino: GDPR (General Data Protection Regulation) is coming up soon, which aims primarily to give control back to citizens and residents in the EU over their personal data. It is intended to strengthen and unify personal data protection. Read: The Impact of the GDPR on the Healthcare Industry
Houlding: Yes, organizations based in Europe, as well as multinational companies that have data of European citizens, are going to be held to the GDPR. As the healthcare industry worldwide looks to implement blockchain across multiple use cases we need to ensure this can be done while maintaining compliance. Compliance requirements are impacted by the data on the blockchain and the location of the blockchain nodes, and applicable regulations and data protection laws in each location. Some of the more challenging requirements including a patient’s right to review and amend data, and a patient’s right to be forgotten, which can present a challenge with the immutability of data on blockchains. (See Healthcare Blockchain: What Goes On Chain Stays on Chain for further discussion on this.) Data sovereignty and trans-border data flow requirements and restrictions can also be a challenge with blockchain. When considering compliance requirements, it is important to consider both the initial blockchain deployment, as well as the eventual growth internationally where more regulations and data protection laws could come into scope.
Georgino: Tell me about Intel’s Security Readiness Program.
Houlding: It is a way for organizations to benchmark their security to see if it is lagging or vulnerable and proactively re-mediate any gaps. This worldwide program is available to any company that works with sensitive patient data, small or large. Intel and over 40 partners worldwide offer a one-hour complimentary, confidential security readiness workshop. What healthcare organizations get back is a very detailed, data-rich, confidential, encrypted report that shows how their security priorities and readiness across 8 breach types, and capabilities across 42 key security safeguards compares with their peers and the rest of the healthcare industry. It is all about proactive bench-marking, identifying and re-mediating gaps, mitigating risk, and bringing security up to par.
Georgino: How could a national or international telemedicine start-up company, utilizing blockchain technology, address these issues?
Houlding: If the blockchain spans borders, they must make sure to comply with whatever regulations or data protection laws are in scope. Locations would include the point of care, as well as the location of the remote physician helping to deliver the care. Care has to be taken to assure sensitive patient data is adequately secure, at rest and in transit. This is an example of where the Security Readiness Program could be beneficial. Security Readiness Reports are actionable by healthcare security teams both in terms of helping to prioritize remediation of gaps, as well as to help rally support from stakeholders to address gaps.
Georgino: I have to mention as we close the Intel drones displayed during the recent Winter Olympic Games. Most impressive. I attended an AI-ML event in Atlanta and was told we will soon have our own little drone following us around for whatever reason.
Houlding: In the future you will not need a drone pilot, they will just follow you, monitoring your activity, etc. They are getting more and more intelligent.
Georgino: Clearly Intel is investing a great deal to further this cutting-edge technology as well.Thank you, David for your time.
***May 1- David will be speaking at Blockchain in Healthcare in DC, where the focus will be Identity Management and AI/ML