Blockchain – A HIPAA Solution
Blockchain – A HIPAA Solution?
There is no questioning that the term “blockchain” generates interest and traffic. But what is a blockchain and is there an application for it in healthcare? Moreover, how will it impact HIPAA?
Blockchain is a distributed secure ledger. It is not a database. My friend Dennis Nordstrom tells me, “If someone is pitching their great blockchain idea to you and you can replace the term blockchain with database without a change in meaning, run!” A ledger is efficient for recording specific transactional data, like a checkbook register (that’s why Bitcoin works so well on it). It is different from a relational database. This ledger is not centrally controlled by any entity. Transactions are confirmed by consensus mechanisms. Once confirmed valid, a block of transactions is encrypted and linked to other blocks. These changes are then replicated across all nodes. If an historical transaction is changed at one node the other nodes would not have the change and after reaching consensus the changed transaction would be replaced. That is overly simplified, but that is the general process.
This could be helpful for medical studies. By writing specific patient data to a blockchain, using encryption to protect personal identification information (PII), researchers can be given access to the blockchain without access to the encrypted PII. Likewise, health transactions recorded to a blockchain could be accessed by insurers as a single point of record.
Would having this data available across a blockchain violate HIPAA? No, not if the PII is encrypted. Would connecting to a blockchain suddenly make a practice compliant? No, for the same reasons adding a compliant EHR doesn’t make a practice compliant – but it would facilitate sharing data in a compliant way.
Is blockchain a healthcare solution now? No, but it is an area of high activity. In the meantime it is important to be sure that all health data is secure for HIPAA compliance, as HIPAA is real and it is in place today.
Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. As a part of our All in One HIPAA Solution, we offer our clients a free risk assessment for their environment.