Many health and life sciences organizations are planning to prototype and pilot blockchain in 2018. As they approach a point of readiness to test and pilot blockchain, where to deploy blockchain nodes becomes a key decision. One option is an on-premises deployment where blockchain nodes run in the DMZ’s of each of the various healthcare organizations participating in the blockchain pilot. Cloud based deployment of blockchain nodes is another option for deployment. In this article I discuss some of the key considerations in a cloud based deployment of healthcare blockchains.
Cloud Blockchain Deployment Types
Blockchain on IaaS (Infrastructure as a Service) involves spinning up a VM, installing the software for the blockchain node of your chosen blockchain platform technology, configuring it, and running it. Blockchain on PaaS (Platform as a Service) involves spinning up a VM already configured with software for a blockchain node of a particular type of blockchain platform, configuring it, and running it. Blockchain on SaaS (Software as a Service) involves spinning up a VM with a blockchain node of a particular blockchain platform technology that also has application logic and an API specific to a particular healthcare blockchain use case. Generally, to lower cost, accelerate time to pilot, and enable more focus on the healthcare use case and piloting thereof, the higher you get in the stack the better, i.e. SaaS blockchain is preferred, otherwise PaaS, otherwise IaaS.
Reduced Up-Front Cost with Cloud Deployments of Blockchain
Any cloud computing, when compared to on-prem deployments, reduces capex and provides an opex or “pay-as-you-go” alternative model. This also applies to blockchain running in the cloud, and is especially relevant in healthcare which is under constant cost reduction pressure, and has limited resources for IT.
Faster Deployment of Blockchains to Cloud
For an on-prem deployment of a blockchain node one has to procure hardware, install it for example in the DMZ, configure it, open external firewall ports, and so forth. In contrast, with blockchain in the cloud one can avoid having to procure hardware, ship it, install it in the DMZ, and so forth, reducing shipping and other delays and enabling faster deployment to the cloud and earlier focus on piloting of the healthcare blockchain use case.
Improved Accessibility of Blockchains in the Cloud
Cloud based services are inherently more accessible than services locked within the firewall of a healthcare organization. Cloud based blockchain deployments are accessible to enterprise systems inside healthcare organizations, other adjacent enterprise systems running in the cloud such as analytics or AI (Artificial Intelligence) / ML (Machine Learning), mobile devices, and so forth.
Privacy, Security, and Compliance With Blockchains in the Cloud
Cloud hosting platforms typically have security teams far more advanced than those in any one healthcare organization. Cloud platforms also typically provide a wealth of tools healthcare organizations can use to meet privacy, security, and compliance requirements. Caveat: these tools require intentional use by healthcare organizations. It is the responsibility of each healthcare organization to conduct their risk assessment and ensure they are using necessary cloud platform tools to ensure adequate privacy, security, and compliance with their healthcare blockchains running in the cloud. Below, I discuss further details of strategies and tools to manage confidentiality and privacy, availability, integrity, and compliance of healthcare blockchains in the cloud.
Confidentiality and Privacy of Healthcare Data on Blockchains in the Cloud
Privacy with your cloud based blockchain needs to include transparency in your privacy notice to patients about how you process PII (Personally Identifiable Information), from collection, to use, storage, disclosure, and disposal. Patients should consent to the processing of their information, and have the ability to review and amend their data, and in some regions and countries depending on applicable privacy principles, regulations, and data protection laws, patients may also have the right to be forgotten, requiring deletion of their information. See further in this article for more discussion of a patient's right to be forgotten and strategies to achieve compliance with healthcare blockchains in the cloud.
One of the most important decisions you will make regarding your healthcare blockchain in the cloud to manage confidentiality and privacy is what information goes onto the blockchain vs stays in enterprise systems where it exists today. In general you should only put minimal but sufficient PII and PHI to support your target use case(s) for blockchain, and this includes blockchains running in the cloud. See Healthcare Use Cases for Blockchain - 5 Key Factors for Success for further discussion on this.
Other key decisions and tools impacting privacy and confidentiality are whether to do a private or consortium blockchain vs a public blockchain, whether the blockchain will be permissioned, and how encryption will be used in the blockchain. To help manage privacy, security, and compliance many healthcare organizations will use private / consortium blockchains that are permissioned, and they will use encryption as required to further protect the confidentiality of data on blockchains running in the cloud.
It is important to adequately secure blockchains running in the cloud, each of the associated blockchain nodes, as well as the healthcare organizations connecting to the blockchain. A weak point in any healthcare organization could result in a breach impacting not only that organization, but the whole healthcare blockchain network. Proactive benchmarking and remediation is recommended as a strategy to detect and remediate weak points, adequately mitigate risk of breaches and other security incidents, and pave the way for building trust, growing blockchain networks, and realizing the maximum benefits. See Healthcare Blockchain: Does Your Chain Have any Weak Links? for further discussion on this.
Ensuring the Availability of Your Healthcare Blockchain in the Cloud
Healthcare organizations are intolerant to disruption, especially healthcare providers where disruption can compromise the quality of patient care, or in a worst case negatively impact patient safety. This is particularly important for production use of blockchains in healthcare, beyond piloting. Availability of your blockchain should not be taken for granted. Blockchains improve the availability of the overall blockchain network through the use of decentralized ledgers. However, you have to go further to ensure the availability of your particular healthcare organizations access to the blockchain. Cloud platforms provide several tools to help you with this including:
- Redundant blockchain nodes across availability zones
- Load balancers and automatic failover
- Redundant network connectivity from the healthcare organization to the cloud
- High availability persistent message queueing between the enterprise systems of the healthcare organization and the network(s) used to access blockchain in the cloud
- Backup and restore of blockchain nodes in the cloud
- Business continuity and disaster recovery including documented plans and procedures, hot standby for critical services, and regular testing
- Cloud mitigation provider and anti-DDoS protections
- Choosing your blockchain platform carefully to ensure timely access, i.e. it meets your performance, throughput, and scalability requirements. A key consideration is the consensus algorithm used in the blockchain platform which has a big effect on performance, throughput, and scalability, and can also impact the amount of hardware and power you need to run your blockchain. For example PoW (Proof of Work) used in Bitcoin requires a lot of hardware and electricity for mining. Fortunately most healthcare organizations and blockchains will not be using blockchain platforms with PoW consensus.
- Consider whether you may be able to batch transactions in blocks to improve throughput, trading off latency. It is also possible to enable prioritized message queues where the highest priority, most urgent transactions are expedited to the front of the queue to get into batches for new blocks sooner.
- Blocks can fail to commit, e.g. where they are determined to be invalid. Ensure your integration layers have the necessary logic to detect this, remediate, and retry.
- Protect the availability of data stored off-chain. Many blockchains will include pointers to data stored off-chain. To ensure availability of the blockchain, including both the data stored on it as well as the off-chain data referenced by it, you need to also ensure off-chain systems storing data referenced by the blockchain are protected from an availability standpoint. Similar strategies and tools can be used to protect the availability of off-chain systems storing data referenced by blockchains.
See Will Your Healthcare Blockchain be Available When you Need It? for further discussion on protecting availability.
Integrity of Healthcare Data in Blockchains in the Cloud
One of the key strong points of blockchain is hash-codes created for each block, and for each block the data hashed includes both the data for the transactions stored in that block as well as the hash-code of the previous block. In this way hash-codes and blocks are chained, leading to the term blockchain. These hash-codes protect the integrity of the data on the blockchain such that if a block is deleted or changed then this is readily detected as invalid and this change is rejected and does not propagate in the blockchain network and across the decentralized blockchain ledgers. This effectively provides strong protection of the integrity of the data stored on the blockchain, and is equally applicable for healthcare blockchains running in the cloud.
Regulatory, Data Protection Law, and Standards Compliance
The types of data you store on your blockchain and where your blockchain nodes physically run will help determine applicable regulations and data protection laws. In particular, any data containing PII is key in determining compliance requirements. Some types of PII are obvious, such as any data fields that can be used to contact, locate, or identify an individual. Sometimes PII can “creep” into some types of data such as free form text, or unstructured data such as images, video, sound recordings. For example if you are storing PHI of US citizens on your blockchain then HIPAA may apply, or if you are storing EU citizen PII then EU data protection laws may apply. This article is not a legal summary of compliance requirements. Please consult publicly availability information on regulations and data protection laws applicable in your region, and consult your legal counsel for further guidance. You may also opt to comply with one or more privacy or security standards, e.g. ISO2700x to improve privacy and security, and reassure healthcare organizations using your blockchain of its safety from a privacy and security standpoint.
In some countries and regions data sovereignty and trans-border data flow can be a concern. Keep in mind that if you have nodes of your blockchain located across regulatory or data protection law zones then you may have data sovereignty and trans-border data flow challenges. For example, if a blockchain with node(s) in Europe is used to store PII of EU citizens and later new blockchain nodes are added in the US, all of the data in the decentralized ledgers maintained by the nodes of this blockchain network will propagate to keep ledgers consistent and valid, resulting in trans-border data flow of EU citizen PII from Europe to the US. It is very important to consider privacy, compliance, and security up front in your blockchain requirements, and engage your respective teams early, as these types of concerns can impact what types of data you store on your blockchain and how your process it. Keep in mind that although your deployment of your healthcare blockchain in the cloud may initially be within a single country, you may end up eventually growing your blockchain network internationally and any information you store on your blockchain from the start will propagate internationally as blockchain nodes are deployed in other countries and your blockchain network grows, increasing over time your regulatory and data protection law compliance requirements.
Some countries and regions provide patients the right to be forgotten. This can be a challenge because blockchains are immutable so once data is stored on them it cannot be removed. See Healthcare Blockchain: What Goes On Chain Stays on Chain for further discussion on this. If this requirement is applicable in your healthcare blockchain then you may not want to store PII directly on your blockchain, but rather have an opaque, unique identifier for each patient used only on the blockchain which is only mapped to actual PII in a secure access controlled database separate from the blockchain. In a case where you need to support a patient's request to be forgotten you can remove PII stored off chain effectively de-identifying any associated patient information on the blockchain.
For piloting your healthcare blockchain in the cloud you may be able to use de-identified or anonymized data. If this is possible it is a good security safeguard to include as part of your holistic, multi-layered, defense-in-depth approach.
Co-Locate Your Healthcare Blockchain in the Cloud with Analytics and AI/ML
Analytics, AI (Artificial Intelligence) and ML (Machine Learning) are powered by data. Higher data volumes, and higher quality of data improve analytics, AI and ML. A key challenge to analytics and AI/ML today is that most healthcare data is locked up in silos within healthcare organizations. As discussed in Blockchain, Cryptocurrencies, Smart Contracts, Artificial Intelligence, and Machine Learning in Healthcare, blockchain is a foundational technology that can play a key role in enabling the discovery and record location of data across healthcare organizations and silos, making such data available to power analytics and AI/ML. Co-locating your healthcare blockchain in the cloud together with your analytics and AI/ML jobs run enables your analytics and AI/ML to reference data on the blockchain to discover and locate applicable data records, from across the blockchain network and all healthcare organizations participating in it, and initiate requests for these records to support analytics and AI/ML jobs. Immutable data stored on blockchain ledgers can also be efficiently indexed in high performance databases (updated regularly from the blockchain), and which are also co-located in the cloud, to support high speed query, discovery and location of healthcare data required to power your healthcare analytics and AI/ML jobs in the cloud.
What other kinds of challenges, strategies, and solutions are you seeing with the running healthcare blockchains in the cloud? Welcome any feedback and comments below. Intel Health and Life Sciences is actively working in these areas of innovation. Message me on LinkedIn if you would like to connect, discuss, and explore synergies and opportunities for collaboration.
- Blockchain in Healthcare: The Potential and Limitations
- Blockchain in Healthcare Webinar: Patient Privacy & Cybersecurity in DLT Architecture, Planning, & Adoption
- BlockRx Asks the Experts: David Houlding, Intel Health & Life Sciences
- Will Blockchains Deliver Healthcare Interoperability?
- Blockchain, Cryptocurrencies, Smart Contracts, Artificial Intelligence, and Machine Learning in Healthcare
- Healthcare Use Cases for Blockchain - 5 Key Factors for Success
- Healthcare Blockchain: What Goes On Chain Stays on Chain
- Healthcare Blockchain: Does Your Chain Have any Weak Links?
- Will Your Healthcare Blockchain be Available When you Need It?