by Matt Ferrari
Chief Technology Officer
In this episode of my podcast series of CTO Talk on HealthcareNOW Radio, I had the chance to connect with David Houlding, CISSP CIPP. David is the Director of Healthcare Experiences for Microsoft Azure, and has focused much of his impressive career on privacy, security, and compliance in healthcare. Lately, he specifically is focusing on the healthcare and life sciences cloud and use cases for AI, machine learning, and blockchain. David is also serving as the Chair of the HIMSS Blockchain Task Force, so if you’re planning to be at HIMSS20 like me, register early for the Blockchain Symposium.
In this recording, we dive deep into the topic in an effort to move from the often conflated and confused buzz around blockchain (it often feels like all Bitcoin all the time) to understand what it really means to healthcare, and what healthcare organizations need to be thinking about in terms of privacy, security, and compliance when working with blockchain.
David shares why he is excited about this, and spoiler alert, it’s not just because blockchain is “the next cool thing.” As he points out, “blockchain in healthcare is not an if, it’s a now, and there are several large-scale initiatives in pilots and in production because blockchain is showing business value in healthcare.”
Does that mean we should all dash out and create blockchain nodes and begin publicly sharing data on common ledgers? Probably not, but there are use cases for blockchain that should be considered when architecting new healthcare cloud solutions. David’s expertise brings some useful advice to bear on being very deliberate about how to use blockchain and how not to. He cautions against storing PII or PHI, at least at this time in the technology’s evolution, on the chain for some very good reasons, not the least of which is privacy concerns, and the need to be able to accommodate requests such as GDPR’s right to forgotten. He advocates for keeping PHI stored on enterprise systems and using blockchain as it was intended: in a B2B middleware capacity.
One use case he shares that made a lot of sense to me is that of a patient getting an x-ray at Provider XYZ. Should Provider XYZ store the x-ray on their blockchain? No, says David. It’s too hard to protect and it’s too heavy for the resources blockchain would need to take on heavy data like imaging. Instead, he suggests using the blockchain to store the metadata about the x-ray, and providence information such as a pointer to which provider has it, and what kind of x-ray it is. Then, when the patient goes to another provider for another x-ray, that new provider can see on the chain that they can reach out directly to Provider XYZ with a peer to peer secure request for the image.
You’ll hear us talk about why healthcare is moving to highly trusted private consortiums on blockchain, and how these can mitigate risk.
We also talk about compliance and why you should think about it early in the blockchain process, because although your nodes may start out local, even within one or two states, your chain can quickly grow to include regional, national, and international boundaries. At that point, data locality and sovereignty concerns come into play with GPDR and other regulations.
Is blockchain the be-all end-all for healthcare data sharing? No, but it is a great way to share the right data in order to speed scaling, bust silos and reduce cost. It’s absolutely showing business value in improving patient outcomes and experiences as well. You just have to do it thoughtfully, and David offers some great advice for how to approach your blockchain initiatives in this session.
Give it a listen here. I’m looking forward to discussing this more with David at HIMSS20. See you there!