#Medical records on the #blockchain – the history of a bad idea


Patients having control over their own medical data — whatever “control” means here — is a perennial favourite blockchain pitch. Even if it’s blithering nonsense.

The claim is vague, ill-formed and varies between perpetrators — but it’s generally that patients will be able to control who has access to which of their data at what time, in what context.

The following image is from a survey sponsored by the Personal Connected Health Alliance, who love “blockchain,” and also “AI,” whatever they think those things are. The survey was about “connected healthcare” — apps, devices, Fitbits, smart watches and so on:

Have you heard of any of the following patient data right / data management providers using ‘blockchain technology,’ i.e. technologies that promise to give patients greater control over their health data.

Well, blockchains sure promise it … but they don’t, in fact, achieve it. There are no blockchain systems that do this.

How do you tell someone that blockchains do not do this? How do you get them back to reality, from a place where this sounds like a reasonable question?

This particular survey appears to be marketing for MintHealth, a “decentralised health information” startup, which also — gosh, who’d have thought! — has an ICO for a “security token offering” (archive).

But they’re just the latest in a long line of snake oil salesmen. I first encountered the idea in 2016 — to quote chapter 11 of Attack of the 50 Foot Blockchain:

I sat in on one presentation by a Big Four accounting firm on the Blockchain in health care: three blokes (one with a tie, two without) talking about the hypothetical possibilities a blockchain might offer health care in the future, all of which was generic extruded blockchain hype, and much of it Bitcoin hype with the buzzword changed. When an audience member, tiring of this foggy talk, asked if there was anything concrete that blockchains could offer the NHS, they responded that asking for practical uses of Blockchain was “like trying to predict Facebook in 1993.” The main takeaway for the health care sector people I was with was swearing never to use said accounting firm for anything whatsoever that wasn’t accounting.

The idea was first put forward in November 2014 — and the current version of the concept seems to originate with the MIT Media Lab’s Digital Currency Initiative in 2015, as we’ll see shortly.

What can a blockchain do?

The “blockchain” is the data structure behind Bitcoin. It’s a ledger you can only add new entries to — plus a “consensus mechanism” to decide who gets to add new entries.

It gets weird because Bitcoin is a bit cultish, and literally based on conspiracy theories. And that’s before you even get to the bit where the real draw is the promise you’ll get rich for free. People will talk any magical nonsense if they think they might get rich from it.

“Blockchain” in business is an attempt to market this idea as the solution to literally any organisational problem. This was originally to evangelise Bitcoin, but the big push these days is from consultancies looking to sell billable hours.

Also, there’s not in fact any agreed technical definition of “blockchain” — in practice, it really does just mean “whatever I’m trying to sell you today.”

If you want more detail, the simple non-technical introduction is this talk I did for market researchers — that’s a 22-minute talk with slides you can crib, and some questions after. Blockchains are really simple, and the usual reaction is: “What? That’s not magical at all. How do they get all of this nonsense out of that?”

The health care pitch is mostly “unalterable record” and “no central control.” Neither of these is really true enough for the job — and neither is what you’d actually want.

The problem with patient data

Patients worry about their personal data. They want their doctor to have everything the doctor needs to help them — but that data is highly sensitive and personal, and it’s nobody else’s business. It’s not even the business of other medical personnel in the same organisation, unless they’re actively working on your case.

The obvious way to control access to patient data is a conventional centralised database, with a suitable structure of access control lists (ACLs) — who’s allowed to see what, and when. You will be unsurprised that this is precisely how the National Health Service (NHS) in the UK does it in practice.

There are important issues with large central pools of data — specifically, data protection, susceptibility to leaks, and what a private service provider may have access to. The NHS databases are arguably too centralised.

The hard part in practice is to come up with an ACL structure that’s comprehensible and usable by mere human NHS employees and patients — and which meets their social expectations.

Blockchain proposals tend to claim that the patient’s threat model is the healthcare providers themselves. Nobody likes being messed around by bureaucrats — but cryptography will save you!

The American-style health insurance industry is another excellent bogeyman — it’s clearly evil and superfluous. You can sell technical “solutions” to this 100% political problem, whether or not the solutions would do a single thing about it.

How would you even use a blockchain for this?

So — how would you do any of this with a blockchain? And what does a blockchain in particular bring to the problem? This is where the various projects’ white papers start getting a little vague.

There’s the brittle-but-obvious ideas — like encrypting data, or its hash, in a message field on a blockchain, with conventional PGP-style public key encryption. This means you could permanently lose your healthcare record as easily as you can lose your bitcoins, just through a fat-finger fumble.

I think of users like my 85-year-old mother — who is reasonably competent and has all her marbles, but can barely work a computer, let alone manage PGP cryptographic keys.

And what do you do when a patient is incapacitated, or unable to consent?

You can’t provide customer service — fixing basic human error — in a decentralised system. If you need problems to be fixable — and, of course, you do — there’s no reason not to just use a centralised system, like the present NHS database.

And if problems aren’t fixable, your patient outcome numbers are only going to be negative.

The problem is not the mechanism — it’s the politics of who gets access to what. The legal structures, and the social structures. These needs are complex and often inchoate, and not easily reduced to a few lines of Solidity code.

It’s easy to put already-encrypted data onto a blockchain — the entire hard part of the problem is digital identity that is usable by ordinary humans. It turns out that replacing a social construct with a computer program is difficult.

So the usual strategy is to write hundreds of pages about how well you’ve done with the easy bits — and the hard bit’s coming some time in the astounding future.

It turns out that medical records regulations exist

I won’t go into great detail — but almost everything about blockchain proposals for medical records is laughably illegal under almost any health information privacy law.

Every American I asked who deals with this stuff went “what on earth, HIPAA, HITECH” and “do these people know anything about this at all?”

The answer is: no, of course they don’t — because blockchain promoters pretty much never do.

Blockchain promoters are never going to get US institutional providers to adopt systems that could possibly violate privacy laws. I can’t overstate how seriously the providers take HIPAA.

Systems that are adopted will be built from a standpoint of complete regulatory compliance — and whether the backend database runs on something blockchain-descended will be absolutely the last thing anyone worries about.

The source of the disease

The very earliest medical blockchain proposal my readers and I can find is a November 2014 blog post by Ryan Walker. This outlines some of the present-day promises.

Factom claimed a medical blockchain initiative, in partnershp with HealthNautica, in April 2015 — based merely around adding encrypted records to a blockchain. This press release was retracted when HealthNautica found out about it. (Good thing Factom didn’t announce it on a blockchain, then.)

A May 2015 presentation by Melanie Swan, “Digital Health Revolution: Blockchain Health and Crypto Wellness Futures,” promises all manner of ill-specified nonsense, some time in the astounding future, with magical added blockchains.

But as far as we can tell, patient zero for the present-day forms of medical blockchain claims is a November 2015 presentation by the MIT Media Lab’s Digital Currency Initiative.

Chelsea Barabas: Patient-Centered Health on the Blockchain

Chelsea Barabas, then at the MIT Media Lab’s Digital Currency Initiative, gave this presentation at Singularity University’s Exponential Medicine conference.

Barabas’ talk seems to be the direct ancestor for many claims about medical blockchains since. Not just the ideas — including some technically bizarre ones, like blockchain-based logs of all accesses to patient data — but some of her phrasings.

Barabas’ talk also gives away much of the thinking behind the advocacy of medical blockchains — it’s a weird version of Bitcoin libertarianism.

The Digital Currency Initiative was founded to fund Bitcoin core development. This would be why MIT’s pitch here — for software that’s supposed to make administration work better — is so heavy on talking up Bitcoin.

(If anyone ever tries to tell you that “blockchain” is totally separate from Bitcoin — it’s always the same people talking up both of them, in the same venues.)

This talk is worth watching, even at 2× speed with captions on.

Barabas starts by pitching Bitcoin, including in terms of its “market cap.” She claims (2:31) that “there’s five and a half billion dollars right now tied up in Bitcoin.” Of course, it’s completely false to claim that $5.5b of money is “tied up” — you’re just talking about that day’s volatile price, multiplied by the number of coins that someone thinks are accessible. If the price goes up $10, did more cash suddenly get “tied up”? Of course it didn’t.

Marketing Bitcoin with made-up numbers catches the singularitarians’ attention. So let’s sell them on “blockchains,”  which Barabas describes in terms of how the decentralised Bitcoin blockchain works.

And you can put any kind of data onto the blockchain — at 6:23, Barabas specifically suggests putting MP3s or videos on the blockchain. This is while talking about Bitcoin’s blockchain in particular — which really just doesn’t have space for arbitrary quantities of cat pictures.

The threat model to medical service provision is governments, apparently — “Especially for the libertarian-leaning type of people in the audience.” (5:27)

We eventually get to medicine at 6:38:

How could this be useful within the context of medicine? This is a question that I posed just two weeks ago to a group of MIT researchers, and health professionals back at MIT, and together we collaboratively came up with a list of what we call the “blockchain superpowers” — basically, features of the blockchain that we think are particularly exciting to explore moving forward.

The specific medical use cases Barabas outlines are:

  • Interoperability — that is, blockchain will apparently fix your data formats and connectivity. Blockchain will also work around those pesky laws on access to medical data — “to access data across jurisdictional lines” (7:11). At best, Barabas is describing a problem that’s correctly solved with a centralised database.
  • Data integrity — that you just have to make things “cryptographically authenticated on the blockchain this way” (9:03) to be accurate. (This turns out not to be the case.)
  • Counterfeit drugs and supply chain integrity — because the people who forge documents now will, for some reason, not lie to a blockchain. At  best, this is another problem that’s correctly solved with a centralised database.
  • Access control to patient data — this is where the dream is set out in full. Barabas proposes you work around institutions by using … other institutions? Remember, this is what MIT is saying that ordinary people — e.g., my mother — will be expected to go out and do. Quoting Barabas from 13:27 on:

There are a group of researchers who are thinking about using the blockchain as a way to transform this paradigm, from an institutional-centric approach to data management, to an individual-centric approach around data management.

What this approach would look like is using the blockchain as a means for doing data access management. What you would do is, instead of having that data being diverted to third-party servers that you have no control over, you would either set up your own server or pay for a service by a trusted third party to store that data yourself.

  • Access logs for patient data on the blockchain — this one is frankly bizarre. There is no blockchain that offers this functionality — but this too has become a standard promise for medical blockchains. Quoting Barabas from 14:08 on:

You’d register pointers to that data in the blockchain that then would enable you to set up a wide range of very detailed transactions about who has access to that data, when they have access to it, and very specific detail about what specific data you have access to.

  • Zero-knowledge proofs — we can answer questions about encrypted data without decrypting it — which Barabas literally claims “wouldn’t be possible without the blockchain as it currently is” (17:10), and never mind that zero-knowledge proofs were first put forward in 1989.
  • Smart contracts — these will apparently “cut through a lot of those bureaucratic inefficiencies” (19:39) in an unspecified manner, thus making health insurance cheaper — rather than the actual problem being the dysfunctional American private health insurance system.

MIT’s MedRec — protecting medical data with Proof-of-Work

The Media Lab tried putting their ideas into practice with MedRec, a system for patient-controlled medical data, in August 2016.

MedRec proposes a Proof-of-Work system, where massive quantities of electricity are wasted to secure highly sensitive patient data. That’s the best idea they could come up with. Rather than, e.g., a centralised database with access control, in a functional legal system and society.

Thankfully, the initial implementation used “Proof-of-Authority” — in which a closed pool of participants just take turns to add blocks:

In the current design, providers themselves maintain the blockchain. The rationale for this is that providers are already trusted keepers of medical data.

That is — “trustless” decentralisation works so much more efficiently if you centralise it to trusted entities.

It’s not clear if the MedRec initiative is still active — the only institution involved was Beth Israel Deaconess Medical Center, and it’s not even clear if they ran a trial or just hosted the test instance.

The current state of play

It’s 2019, and, of course, no systems using blockchains for access control of patient data are in production. Because this is snake oil that claims to work around political, social and legal issues using impossible and nonexistent technological magic.

The only beneficiaries will be blockchain consultancies. Patient outcomes — which is a number that you have to provide for literally every exciting new medical initiative — will only be negative.

The claim is nonsense in detail. It’s been reprehensible marketing rubbish since it was first put forward. If these guys show up trying to sell you “blockchain,” escort them off the premises immediately.

Read More