Originally published at pharmaphorum.com
How the technology behind Bitcoin can facilitate trusted data sharing and unlock innovation in healthcare through distributed ledgers.
A major barrier to healthcare innovation is the question of whether industry should be allowed to access patient data. No matter how much governance is in place, and how careful we are with anonymisation, pseudonymisation and aggregation, there always seems to be some argument about how industry should not be trusted, despite the incredible potential for public-private partnerships in this area.
For example, look at how the Royal Free NHS Foundation Trust was attacked for its data partnership with Google Deepmind.
Block chain technology could hold the key to this issue. Block chain was invented to enable the cryptocurrency, Bitcoin. Its algorithms mean transactions can be aggregated into blocks and then added to a chain of other blocks (hence ‘block chain’) in a ledger relying on a cryptographic signature.
Bitcoin is only one example of this kind of ledger (others include Ethereum and Ripple), but the focus here is on how to modify the basic block chain approach to incorporate rules, smart contracts, digital signatures and an array of other new tools for a distributed ledger in healthcare.
Physical ledgers have been used for thousands of years. They are simply asset databases. Digital ledgers took them a step forward last century, but a distributed digital ledger allows multiple shared copies of the same ledger where responsibility for its management is distributed and rules can be set up to allow one, some, or even all, participants to make changes based on consensus.
The advantage is that distributed ledgers built on block chain technology can record transactions securely and accurately based on a cryptographic approach using signatures and keys to mandate who can do what within the ledger. It enables us to record, amend and access data while managing risks around identification and without unduly compromising confidentiality. Distributed Ledger Technology (DLT) can take many forms, each with a different level of risk. They can be permissioned or permissionless, open or closed, tokened or tokenless. However, most important is not the options the technology provides but the challenge to be overcome.
There’s already some excitement about this and 2016 even saw the publication of a report by the UK Government Chief Scientific Adviser on going beyond block chain with DLT and how assets such as leading universities, the Open Data Institute, Alan Turing Institute and the Digital Catapult, as well as significant private sector expertise, mean the UK is in a unique position to explore the potential for trusted transactions.
Importantly, it is not just the case that DLT can help secure public trust and manage risk in data transactions; it could be the answer to the entire structure of data sharing, privacy, security and consent in this country.
To provide some context, there’s already a bright spotlight on how health and care information should be used. Last year, the Department of Health (DH) held a public consultation following the publication of a review of data security, consent and opt-outs by the National Data Guardian, Dame Fiona Caldicott.
The consultation elaborated on a proposed eight-point consent/opt-out model. Interestingly the fourth point was that patients have the right to opt out of their personal confidential information being used. Reading between the lines, the intent of this is that we are opted in to sharing our data automatically. N.B. Point 7 is that the opt-out will not apply to information sufficiently anonymised that it may be used in controlled circumstances without breaching anyone’s privacy, so we won’t be completely bereft of data.
The proposed opt-out even has two levels; one for information being used to provide local services and run the NHS and social care system, and the other for information being used to support research and improve treatment and care.
The review was clear that a patient should be able to state their preference once (online or in person), confident in the knowledge that this will be applied across the health and care system, but how would a healthcare provider know if the patient they were treating had opted out (and, if so, what level they had decided to opt out of) so they could respect the decision?
This would involve every single provider of care in the country having access to a resource where the decision had been noted. What if the patient notified the healthcare provider of their intention to opt out at that moment? Could the healthcare provider amend the record there and then to reflect this? Does this mean that hundreds of organisations must make changes to their IT systems across all the various settings of care? This would be a monumental achievement in an NHS that has failed in major national IT projects in the recent past.
The DH helpfully clarified that ‘NHS Digital will be testing with users the preferred means to achieving this in a simple way’, but that it was ‘not yet able to go into more specifics on what this will mean in practice at this stage’. However a Government response on the issue is expected shortly.
Here, again, DLT could act as the single ledger that all healthcare providers access and amend to resolve the issue of consent or opt-out. It would resolve the requirement to change systems and data flows and could do so in a distributed fashion.
Information Governance (IG) around healthcare data is therefore likely to be a big topic in 2017 and DLT can go even further to support IG healthcare. A new EU data protection regime called the General Data Protection Regulation (GDPR) will have to be in place by May 2018, regardless of Brexit, so all those dealing with sensitive and identifiable data will be working hard to ensure they are compliant in time or face the consequences, which include huge fines for infringement (something WhatsApp, Facebook and Google will also have to be aware of when it comes to encryption and nonconsensual tracking of users). DLT could well be the answer here too – and wherever else a ledger can be useful, in fact.
Innovation in cutting-edge areas such as Artificial Intelligence and machine learning involves stepping into the unknown, so security and governance concerns will be paramount to guard against the potential risks. We need technology that manages risk and increases public trust in transactions and that is why DLT has such a wide range of other applications in healthcare, from interoperability, the internet of things, smart contracts, digital identities, pragmatic clinical trials, precision medicine and cutting-edge analytics. A lot of technologists use the phrase ‘revolutionary’ but block chain might actually be so.