HIPAA Rules and regulations limit the direct use of a public blockchain to store electronic Protected Health Information (ePHI).
We know blockchains are secure, so why is the technology non-compliant? Because the blockchain’s cryptographic process relies on pseudonyms that are mathematically derived. HIPAA’s Privacy Rule prohibits the use of these pseudonyms as tools to de-identify private information.
In addition to being non-compliant with HIPAA’s Privacy Rule, a traditional blockchain ledger faces storage and access roadblocks. A system allowing direct posting of ePHI to the blockchain might require each provider to maintain a database with the complete medical records of all patients – data storage and ease of access would quickly become large problems.
Additional steps are needed to ensure blockchain solutions don’t violate HIPAA requirements –Enter MedChain and the HIPAA adherent blockchain governed Distributed Storage Network.
Goals with a Blockchain-based Solution for Medical Records
MedChain offers a creative solution that can act as an intermediary between the providers’ HIPAA-compliant database and the blockchain network or as a standalone EMR system, delivering the benefits of blockchain technology while maintaining the HIPAA Privacy Rule:
Goals for more effective management of medical records include the following:
- Patient Controlled Access. Providers would be granted access to Electronic Medical Records (EMRs) through a verification process allowing the patient to approve or deny the access request through use of our Smart Phone application or webApp.
- Distributed Storage Network. With no single point of failure, no master password and no single data silo; information would be secure yet accessible when needed. Data will be fragmented into ‘shards’ and stored across hundreds of HIPAA compliant storage servers. MedChain uses a blockchain transaction ledger to reference storage location; data fragmentation, end-to-end encryption, private/public key encryption, and cryptographic hashing functions to keep the off-chain ePHI secure.
- Interoperability. When granted access to patients’ records, providers will be able to access EMRs associated with their granted level of permission. Patients will have access and control of their medical records from a single account, avoiding the time and cost of requesting files from individual providers, that could take days or longer to arrive.
Why Blockchain Can Work with Medical Records
- HIPAA requires providers and associates to guard the integrity, availability, and confidentiality of PHI. The security controls aren’t universal and HIPAA entities haven’t always been careful when transmitting and storing data.
- EMRs have developed with clunky momentum, system by system, provider by provider, patient visit by patient visit. Inconsistencies in the current system make EMRs less accurate, difficult to access, and vulnerable to security breaches. The U.S. Department of Health and Human Services Office for Civil Rights has almost 400 PHI breaches currently under investigation.
- The HIPAA compliant Distributed Storage Network provides the starting point for MedChain, removing the need for centralized data silos, mitigating the threat of external data loss.
- Blockchain governed software encrypts EMR transmissions and relies on transparent Smart Contracts to facilitate access control, eliminating traditional failure points.
- Bridging EMR systems with the blockchain will facilitate ease of access and interoperability, saving time, money, and possibly lives.
MedChain’s secure and reliable system will help providers and patients stay connected. With MedChain, resources used to prevent data breaches and store data can be shifted to a more valuable objective — delivering better healthcare.