Blockchain potential in mHealth
This time in Tech Talk, Dr Neil Polwart, Novarum Founder and BBI Group Head of Mobile, looks at blockchain technology in mHealth.
There can be few people working on a mobile health (mHealth) concept who haven’t been asked: ‘Are you using blockchain?’
Blockchain technology is the underlying principle behind virtual currencies such as Bitcoin. The idea is simple, elegant and solves a key problem with currency transactions — yet, how can you trust the transaction without relying on a central authority to authenticate it?
So, does blockchain have a role to play in mHealth? Possibly. However, it certainly isn’t a panacea and, likely in many implementations, does little to actually solve security or privacy issues.
The idea behind blockchain is simple, each time a transaction is performed it is passed through an algorithm which generates a seemingly random string of letters and numbers — known as a cryptographic hash.
Change any of the inputs to the algorithm, even slightly, and a totally different hash is returned, but if you enter exactly the same inputs, you will receive exactly the same output and so it is easy to verify whether the content has been altered.
One of the inputs to the algorithm is the hash from the previous transaction in the chain and this continues all the way to the original transaction. As a result, it becomes impossible to alter any individual record without also updating every other record in the chain.
If the list of transactions (often referred to as a ledger) is stored in multiple locations (a distributed ledger) and rules are in place to resolve conflicts between the multiple copies, it becomes possible to authenticate a transaction without relying on a central trustworthy source.
The downside of blockchain is inherent within its design. The computational effort and complexity in generating blockchains are what brings the inherent robustness, but also uses huge amounts of electrical power and so their green credentials are poor.
Moreover, the concept that transactions can be checked implies that their contents must be visible or accessible to others. One solution is a ‘private blockchain’ held by the institution — however, that brings little benefit over a classic secure database.
Conceptually, some medical records could be held by and only decrypted by the individuals involved, in some ways mimicking how people ‘hold’ Bitcoins.
However, if you lose your credentials you lose the value of the coins — a mistake some people have found very expensive. Not many of us can say that we have never forgotten a password or lost a file which we forgot to back-up.
Now, what if the consequences of that were the loss of medical records? Given that many patients are the most vulnerable in society — expecting them to manage a technological solution may be impossible.
One of the main benefits of blockchain is the ability to move away from a single trusted central authority. That benefit is primarily of importance where there is a risk that a central authority might intentionally manipulate data.
However, if we have lost faith in our medical providers not to modify our data then we have a trust issue, which seems way more fundamental than data storage.
It is clear society and its lawmakers still trust medical professionals with extremely sensitive data, with the recent GDPR regulations having special carve-outs for data where doctor-patient confidentiality could be assumed for example.
The greatest vulnerabilities to medical data security come from two completely different extremes — firstly, poor user compliance and secondly, in system-wide security vulnerability that enables hackers to access data.
Rather than jumping on the blockchain bandwagon as a marketing stunt to suggest we have unparalleled security, we would be better investing our efforts in good user-experience to help avoid people using bad practice, adding features such as two-factor authentication and designing infrastructure and software that is robust to attack and kept up-to-date.
So, I suggest if you are asked; ‘Are you using blockchain?’, ask yourself what problem you are trying to solve first.