What is Blockchain?

The National Institute of Standards and Technology (NIST) defines it as “tamper-

evident and tamper-resistant digital ledgers implemented in a distributed fashion
(i.e., without a central repository) and usually without a central authority ([e.g.,] a
bank, company, or government). At [its] basic level, it enables a community of users
to record transactions in a shared ledger within that community, such that under
normal operation of the blockchain network no transaction can be changed once
published.”

While there are differences, oftentimes the terms blockchain and DLT are used
interchangeably, especially when discussing the business value of the solutions.

Blockchain describes a chain of data or transactions as blocks linked or chained

together by cryptographic signatures, each of which is called a hash, stored in
shared ledgers and supported by a network of connected processes called nodes.
Nodes maintain a copy of the entire chain and are continually updated and kept in-
sync.

While depending on well-known and tested underlying technology, such as

networking, hashes and encryption, this technology is very different from traditional
programming, networks, databases and web interfaces. A new understanding of
design, patterns, data sharing and implementation is required.

The application of blockchain in healthcare is nascent; nevertheless, early solutions

shown the potential to reduce healthcare costs, streamline business processes, and
improve access to information across disparate and diverse stakeholders working
toward a common goal.

Adding or Updating Data

Adding or updating data requires consensus of the network making it

nearly immutable. This means that once a block is written to the chain, it cannot be
altered or deleted. Transaction records are immutable, because each block of data is
linked to the previous block by including the previous block’s unique hash, which is
mathematically derived from the block’s content.

If a bad actor were to change the content of a block, the block’s hash would change,
which would then break its connection to the subsequent block. This would require
the bad actor to then re-hash the next block, and all subsequent blocks in order to
cover their tracks. However, since there are multiple copies of the ledger, the bad
actor would have to simultaneously change every version of the ledger at each
location, which is practically impossible especially as networks grow large and risk of
collusion becomes negligible.
To correct or remove data from the chain, one may append a new record with
corrected data that supersedes the original, or one may append a record that marks
a previous record as deleted. However, the original records added earlier remain as
is. This is an intentional characteristic that enables verification by all parties in the
consortium and helps to build trust.

As this technology is not a panacea for data quality and accuracy, we recommend
reviewing data storage considerations for an overview of what to store on-chain.

A Decentralized Solution

The technology is characterized by being a decentralized, or a distributed solution,

rather than a centrally controlled solution. It is typically a peer-to-peer network—
where participants interact directly and transactions are shared across all—hence
there is no single point of failure. The technology is available on a variety of
platforms and protocols, and brings with it concepts that may introduce nuances or
changes to existing healthcare business models.

While it achieves a certain level of democratization of data—or accessibility of data

to the average end user—the technology does not necessarily open access to the
fullest extent, but it may address existing needs and uncover new business,
administrative, and clinical opportunities that were not previously considered.

A Focus on Transactions

This technology depends on consensus for the validity of transactions, and while

transactions can be interpreted widely, not all healthcare activity is transaction-
based, and not all healthcare transactions may be appropriate for the technology.
Blockchain brings with it the potential for smart contracts, digital computer code that
automates the execution of programs, functions or transactions. The technology also
provides the ability to create value for transactions through tokens. This tokenization
has been implemented in cryptocurrency settings as well.

Strengths and Weaknesses

The technology holds significant promise as a solution for a number of use cases in
various industries, but as with any emerging technology, it still has its drawbacks. It’s
important to weigh both strengths and vulnerabilities to determine suitability for each
use case.

A Single Source of Truth

The primary benefit of the technology is its ability to provide a single source of truth
for those who participate in the network. Since all nodes must reach consensus, this
ensures that all participants are in agreement about the nature of the data contained
in the network. Its ability to settle disputes and provide a ledger of all activity on the
network gives it a unique transparency that eliminates the need for middlemen.
Its transparency and immutability also makes it ideal for industries that have regular
audits of their data.
Lack of Privacy

Blockchains, especially those available publicly, are not ideal for storing private
information due to the transparency that they provide. For the use of blockchain in
healthcare, privacy considerations for protected health information (PHI) are critical
when considering the technology for certain transactions.

Security Vulnerabilities

The technology provides resilience to certain types of attacks but are by no means
entirely secure. Since they are essentially just code, they are still susceptible to zero
day attacks and technical bugs. Also, the technology is almost always accessed by
people, making it susceptible to one of the greatest risks in information technology,
social engineering. Due to this, the technology needs just as much scrutiny towards
information security as any other network or piece of software, especially for
blockchain in healthcare.

Blockchain Components

Blockchain is a type of DLT. DLT is a decentralized data structure where the data
are distributed across all computers or nodes within a network and every node in the
network stores a copy of the ledger. There is no central administration of the data
and the data are agreed upon by consensus by all nodes in the network.

DLT components include data models to describe what data are captured in the
ledger and agreement for protocols, such as a consensus protocol to determine how
transactions are accepted into the ledger.

Ledger

Similar to the common use of the word ledger, a ledger in the context of DLT is
simply an electronic record or collection of transactions.

An important distinction is that the ledger is not a collection of assets. While assets
are a part of transactions, the ledger records the transactions of those assets. For
example, bitcoin is a well-known asset and transactions involving bitcoin are
recorded using a distributed ledger.

Blockchain technology constructs the ledger by building a chronological and

consecutive chain of blocks. It can also record a collection of code called smart
contracts that enable functions to be run on the blockchain.

Transactions, Blocks and Chains

Transactions in this context are:

A record, for example of an event

Verified and secured cryptographically

Ordered chronologically

Bundled to form a block

A block is a set of transactions that are bundled together and then appended to a
chain of other blocks. Hence, the name blockchain. When the blocks are chained
together, each new block contains a reference to a unique identifier from the
previous block called a hash code or a cryptographic hash. Blocks can include one
or more transactions. In other words, it is possible to batch transactions into blocks,
and this is often done to improve the transaction throughput rate for a blockchain
platform with a given block throughput rate.

The block contains the following information:

Previous Cryptographic Hash: Unique identifier, called a hash, referenced from the

previous block

Timestamp: Timestamp of each block added to the chain

Merkle Root Hash: Merkle tree root hash for all of the transactions included in the
block

Nonce: Stands for “number only used once.” The nonce is the cryptographic
challenge number that nodes are solving for in order to propose a new block. It is a
number added to a hashed block, and, when rehashed, meets the difficulty level
restrictions. This number is related to consensus algorithms.

Cryptography

Without a central authority within a network, trust is established

through consensus and cryptography. Cryptography is used to shift the burden of trust
from intermediaries to cryptographic algorithms.

Components of cryptography include:

Message or Payload (also called plaintext): The actual data or payload within the
message that the sender and/or receiver wish to keep secret.

Secret Key: Data used for encrypting and decrypting the message. In DLT, reference
is often made to public and private keys.

Cipher (also called ciphertext): The output of the encryption function, which is the
encrypted version of the message that is sent between the sender and receiver.

Encryption/Decryption Algorithm: Algorithm pair used to convert between the plaintext

message and ciphertext message.

In general, cryptography is often used to encode or encrypt data so that

intermediaries or outside actors cannot decipher a message. It enables a confidential
two-way exchange, where each party can encrypt or decrypt the cipher to access the
message payload. With blockchain, cryptography is also used to validate data
integrity.

The cryptographic algorithm uses the message and the key to create an encrypted
version of the message called the cipher. The cipher can be exchanged by the
sender and receiver. A key is then used to decrypt the cipher back into the original
message.

Public Key Cryptography

Public key cryptography is often used in DLT for data validation and user
authentication through digital signatures. User authentication is achieved through a
combination of a user’s public and private key through a Public Key Infrastructure
(PKI) framework. A public key represents the public identity of a user that can be
shared with others. The user also holds a private key stored in a wallet that stores
the user’s private credentials.

Mathematical algorithms generate the pairing of the private and public keys, and
these make it possible to encrypt and decrypt a message. In PKI, it is mathematically
improbable to calculate or derive a private key from a public key. The pairing of the
public and private key enables the authentication of a particular user or node. Public
and private keys can also be used in a way that preserves the anonymity of users.

Hash Functions

DLT uses a specific type of cryptography called cryptographic hashing. A hash code
is created by a mathematical function that takes a digital object and generates a
fixed 32-character size string of letters and numbers to represent it (e.g. a
transaction represented as
d7w0993waty9n33234qw949g02b9o34238878501032ff2si04d3d99sq93jzwa9).

Cryptographic hashing uses cryptography for a one-way conversion, where the

encoded data, or hash, is created. The hash result is intended to be shared with
other parties, but not decoded. The encoded hash is mathematically impossible to
decrypt or reverse engineer. This makes it impractical to derive the input message
used to create a hash code, from the hash code itself.

Cryptographic hashing is used by DLT so that the data can be proved without
actually sharing the contents of the data. Each party can prove the data by matching
and validating that the calculated hash matches each other.

Hashes are used to maintain the immutable characteristic of blockchains. Since any
change to the original object will generate a new hash, changes are easily
detectable. For each block, a hash code is computed as a combination of the data in
the block plus the hash code of the previous block. In this way, hash codes are
chained. Hash codes are easy to compute and can be verified by all participants that
the data have not been altered. Any attempt to delete or alter the data on a block
renders the chain of hash codes invalid and easily detected by the participants.
Merkle Tree

Merkle trees are used to reduce the volume of data and enable efficient validation of
data on the blockchain. A Merkle root hash is stored in each block and created by
hashing transactional data that are included as part of the block.

In the diagram below, there are four transactions (Tx). Each of these transactions
are represented by a hash 1-4. Each pair of hashes are further hashed (Hash 12 and
Hash 34), which are finally represented in the parent block as the Merkle root hash.

The Merkle root hash is used so the validation of transactions is more efficient.
Rather than having to validate all of the data in a block, data for a single transaction
can be sent along with the relevant hash values. The validating node can calculate
the hash values for the given data and confirm that the transaction is valid without
needing all of the data in the block.

Zero-Knowledge Proof

Zero-knowledge proof enables a system to prove a condition of the message without

revealing the actual contents of the message. For example, if currency is being sent
from one user to another, the blockchain can verify that the sender has enough
money without needing to know who the user is or the total amount that the user
has.

Blockchain Networks

A blockchain network is made up of network participants, which are computers or

nodes where the ledger is stored, updated and maintained. Every node in the
network stores a copy of the shared ledger and continuously synchronizes with other
nodes across the network. The network’s goal as a whole is to provide consensus
and ensure the consistency and validity of each copy of the shared ledger across
nodes, and validate each new block appended to the ledger.
Networks include consensus algorithms or protocols that define how nodes
communicate and interact with each other. Each node synchronizes its copy of the
shared ledger as consensus is achieved, according to the specific consensus
protocol of that network, which is determined by the particular platform used to
implement the network. This consensus ensures the validity and consistency of each
copy of the distributed ledger running on each node of the network.

Networks can be permissionless or permissioned. A permissionless network is open

to the public and anyone can join. Permissioned networks are private and require
pre-verification and authorization of participating parties. Groups of organizations
that participate in permissioned networks are often referred to as consortiums.

Peer-to-Peer Network

The “distributed” in DLT refers to the idea that it uses a peer-to-peer (P2P) network
structure. Compared to a central server network, nodes on a P2P network are
connected directly to each other rather than to a central server. There are no
intermediaries, such as a bank or clearinghouse, to process the transaction.

This data distribution model is a defining characteristic of the technology: centralized

authorities do not communicate updates to records. Instead, each node executes
P2P communication to achieve consensus among the nodes and trigger updates in
the form of blocks appended to the shared ledger.

Permissionless or Public Networks

Permissionless or public networks allow anyone to participate, and members are

pseudonymous to each other. The Ethereum network is a well-known, open-source
example of a permissionless network. Due to its public nature, trust is established in the
data, which nodes agree upon through consensus algorithms.
Trustless systems simply trust the authenticity of the data, but do not need to share
data beyond the transactions on the blockchain.

Permissioned or Private Networks

With P2P networks, since there is no central control, trust between nodes becomes
an issue. One solution that is widely used in applications to increase trust is the use
of a permissioned, private or consortium network, where only well-known and trusted
organizations are allowed to participate, and only their nodes are allowed to join the
network. In permissioned networks, participation is controlled by an authority who
provides a membership service for user authentication and identity management.

A consortium may be established to govern these networks of disparate participants.

Participants in the consortium have a business need to know regarding data on-
chain, and use cases and associated business values are known and make sense to
all participants. These networks allow for easier paths to demonstrate trust by
validating all participants on the network. Private networks typically concentrate
control to consortium members and sometimes to only a few stakeholders depending
on the deployment of validating nodes.

Beyond clear-cut private and public networks, some semi-private networks are
emerging with use cases leveraging elements of both public and private aspects.

Distributed Storage

A blockchain is essentially a type of data storage, but very different from a traditional
database that many of us are used to. The characteristics are quite different from the
well-known traditional, relational and noSQL databases. It is important to understand
these differences when considering blockchain in healthcare and if this technology is
appropriate for your use case.

The technology is designed to store transactions grouped into blocks that may then
be queried concerning the characteristics of those blocks and can be public or
private. For public, the database is read/append by anyone on the network, and
therefore uncontrolled. In contrast, if private, read and append capabilities are
controlled.

Maintenance and Storage

A blockchain is also a distributed and decentralized type of data storage in that it

propagates multiple copies of the shared ledger across nodes. Each node on the
network stores and maintains its own copy of the shared ledger. Through a network
consensus protocol unique to the particular platform, network nodes agree to which
transaction blocks are valid and will be appended to the shared ledger and then
synchronize each of their copies of the shared ledger accordingly. This architecture
is what contributes to the technology’s resilience. Multiple nodes can fail and, as long
as a critical mass of nodes remain, this will not impact the data integrity of the shared
ledger.

Data Sizes
The amount and types of data that can be practically stored on the blockchain are
determined by the particular solution. Data storage restrictions imposed by public
networks typically are enforced by technological or practical limitations or for
economic or ethical reasons. In private networks, these restrictions may not
necessarily exist. For example, it may not be economically feasible to store a large
data set on a public network. However, it is potentially feasible or desired using one
of the private, permissioned technologies. Performance, as well as privacy, security,
and compliance should be taken in to consideration in determining what data should
be stored. General guidance is to store only minimal but sufficient (for the use case)
data.

Off-Chain Data Storage

Off-chain storage refers to the storing of data off the blockchain, for example, in a
relational database. The on-chain data can store metadata about this off-chain data,
together with pointers to where the actual data resides, and hash codes that may be
used to verify the integrity of the off-chain data. The technology can also be used for
identify and access control, in other words as a mechanism to control access
privileges to this data stored off-chain.

Smart Contracts

A smart contract is a term commonly used to describe computer code protocol

intended to digitally facilitate, verify, or enforce the negotiation or performance of an
agreed transaction. A smart contract in its simplest form is really an if-then statement
that runs on a blockchain. While it’s possible to automate some actions under an
actual legal contract, like payment obligations occurring on a certain date, a typical
legal contract is a much more multifaceted instrument. For instance, it may include a
standard of behavior, like reasonable or in good faith, that cannot be encoded in
software.

While the technology was originally used to exclusively record transactions, it has
evolved to where it can now also enable the running of programs or functions, similar
to how users may run software on a computer. Smart contracts constitute self-
executable code on the network, triggered upon predefined conditions or actions.
Within the network, each node must execute the code in order to remain in sync with
the rest of the network. The role of a blockchain node is to maintain the consistency
and validity of the shared ledger.

All of this is done in a transparent, streamlined manner allowing the parties to

transact directly with each other without conflict or the need for intermediaries. Since
a smart contract is stored on a blockchain, they are automatically trackable,
immutable and distributed by nature, and hold each party responsible for their role.

The primary benefits of utilizing smart contracts are:

Speed and Savings: Smart contracts can be executed faster and at lower cost without
the need to rely on brokers or intermediaries. They are automated, accurate and
save time and money.
Security and Trust: Smart contracts inherit the properties of residing on a blockchain.
Hence, they can be trusted given their immutable nature, which eliminates the
possibility of any alteration to the contract. The smart contract is transparent and
accessible within the blockchain, while also offering a reliable backup due to its
distributed storage.

Some U.S. states have legally recognized the use of smart contracts under specified
conditions; however, there is much work to be done to ensure both clarity of
enforcement and uniformity of definition. Since a smart contract is stored on chain, it
is automatically trackable, nearly immutable and distributed by nature, and holds
each party responsible for their role.

How mature is blockchain in healthcare and what are the barriers for adoption?

Currently, private networks are more mature than public networks for healthcare.
Certain use cases are seeing traction with adoption. Most barriers are not related to
the technology, but rather relate to:

Business

Governance

Healthcare organization buy-in and trust

Laws and regulations

Social and cultural change

For example, the technology may provide traditionally adversarial organizations the
opportunity to work together to create new business opportunities within a
consortium. This may create challenges in aligning culture and establishing
governance across these organizations. From a regulatory standpoint, antitrust
considerations and cross-border collaborations face compliance challenges because
of differing regulatory environments.

There are some technology considerations around blockchain in healthcare. With a

wide variety of legacy systems in the healthcare environment, integrating all of these
diverse systems can be challenging.

Overall, lack of education is a considerable barrier to adoption. There are

opportunities to educate on the appropriateness of blockchain in healthcare, the use
cases and associated business values it can provide, its relationship to existing
legacy systems, and its privacy and security implications. Workforce training will also
be required.

How will it affect costs in healthcare?

The cost-effectiveness depends on a number of factors, including the use case

applied, the size and demographics of the implementing organizations, and the
requirements of the consortium or governance model. Adoption may potentially bring
both potential costs and savings.

Some current solutions simplify the supply chain and administrative processes in
healthcare, such as streamlining prior authorization, which may decrease costs.
Ultimately, organizations can expect some added technology costs that are prevalent
in the adoption of any new technology or solution, including implementing workforce
training and change management requirements.

What healthcare data should be put on the blockchain?

The type of data stored on-chain is dependent on the needs of the specific use case.
However, for blockchain in healthcare, we generally suggest implementers adopt a
minimal but sufficient approach to determine what is included on-chain.
Organizations should strongly consider the ramifications of storing any PII or PHI
when considering the data for each use case. Examples of identifiable information to
keep off-chain also include data outlined in the Payment Card Industry and school
health data regulated by the Family Education Rights and Privacy Act.

Keep in mind its immutable nature when considering data stored on-chain. Storage
may also be a consideration when determining data included on-chain, especially if
the data files are large or change often. Some states also include regulatory
requirements for medical record storage that can influence decisions regarding on-
chain data.

In many scenarios, the blockchain includes data that serve as identification for
access permissions and pointers to data off-chain. This means that the majority of
data that is stored on-chain consist of metadata, information about the data records
together with pointers and a hash to verify integrity. To be useful, solutions must use
identifiers for people, but these may be generated IDs used only on-chain and
useless off-chain, instead of sensitive PII elements such as name, Social Security
number, date of birth, and so forth.

While your use case will determine what information is needed to be stored on and
off-chain, these guidelines can help inform a minimal but sufficient approach for your
needs.

On-Chain:

High Level Data: The ideal transaction typically takes the form of higher level data,
metadata, transactional information, audit records, pointers and hash codes.

Off-Chain:

Large Data Files: The architecture of the distributed ledger should keep large volumes
of clinical information off-chain and in secure access-controlled enterprise systems
where they exist today, and reference these data records as required from the
blockchain with pointers and hash codes that can be used to verify their integrity.
PHI and PII: This information should be stored in secure access-controlled enterprise
systems. Referencing these data records as required from the blockchain would be
an acceptable way to get the benefit of the technology while maintaining HIPAA and
other privacy standards.

Utilization of existing data stores allows organizations to leverage their existing data
storage investment while capitalizing on the advantages of blockchain for
decentralized data exchange.

Can it handle the current needs of data exchange?

This depends on the specific needs of data exchange. Blockchain is a technology

for record locating and other lightweight transactions that can facilitate access to
shared data through metadata, pointers and hashes. The technology co-exists with
other health IT infrastructure.

For example, metadata and pointers are used to search and discover data records of
interest, locate off-chain records, and verify the integrity of these records using
hashes stored on-chain. Systems using the technology can leverage existing
standards to facilitate interoperable exchange between systems. Smart contracts also
provide solutions to facilitate data exchange since they provide the executable logic
for validation and processing of data records as required to support data
exchange. Zero-knowledge proofs can also be leveraged together with blockchains to
exchange information in a manner that preserves privacy.

What are some common considerations when integrating this technology into
existing systems?

Initially, interface engines and connectors are likely needed to provide input, output,
verification and validation of data between blockchain systems and the existing
systems of record; this is until future versions of applications are able to use
application programming interfaces (APIs) to interface directly. A robust patient
matching system and/or decentralized identification system for integration is
important to ensure validity of data. Furthermore, a relationship should be defined
between the data on the blockchain and the data that live within legacy systems that
may be linked.

How is patients’ access to and interaction with their data affected?

As a middleware technology, patients do not interact with the technology directly.

Instead, they could interact with applications or websites as they do today, and the
server infrastructure behind these applications in turn may interact with blockchains.
However, they may have the potential to empower patients with greater control of
their data and privacy.

For example, when used as a decentralized record location service, the technology
could enable patients’ access to their longitudinal record across providers and grant
access to appropriate parties. If patients want to have others verify and validate their
data to ensure provenance and accuracy, hashes should be able to provide this
capability.
Adopting Blockchain in Healthcare

Now that you have a basic understanding of the technology, it is essential to identify
real-world scenarios in healthcare where this technology may be relevant and
valuable. Organizations must consider existing problems or needs that the
technology may help address instead of looking to implement a solution without a
problem to solve.

When implementing this technology, organizations must be aware of and open to the
new organizational paradigms that accompany these solutions. Fundamental to
assessing this technology is understanding the paradigm shift to decentralized,
distributed solutions. Referred to as the new economy, this may not align with
existing business models, regulation at multiple levels of authority and multiple
locales, and technology infrastructure. Since the transition to any new paradigm will
be gradual as many stakeholders engage at different times and velocities,
blockchain will find application to existing business use cases and new opportunities
in parallel over time.