Many healthcare organizations are currently experimenting with blockchain. As use cases are defined, and prototypes created a key step is to decide what sensitive data goes on the chain (types of information and volume) and what doesn't. Healthcare security teams need to be an integral part of this process. Here is why ...
One of the merits of blockchain is immutability of blocks on the chain, or in other words built in protection of the integrity of information stored in blocks in the blockchain. Any removal of a block, or tampering with the information stored within a block is easily detectable. This ensures that the information on the blockchain is accurate, or at least as accurate as what was submitted for storage on the blockchain. Combined with a timely and complete submission of accurate information into new blocks added to the blockchain this ensures that the information on the blockchain is accurate, complete, and up-to-date. It also ensures that once information is added to the blockchain it cannot be removed, changed, or redacted.
Blockchain also brings availability benefits in the form of decentralized ledgers with no single point of failure, ensuring timely and reliable access to information on the blockchain, and no disruption from single points of failure.
However, in general, blockchain does not automatically provide protections to confidentiality, or unauthorized access to information stored on the blockchain. In the extreme case of public blockchain, all information stored on the blockchain is visible to anyone that cares to look. While this may be suitable for certain public health use cases, most healthcare use cases involve highly sensitive and lucrative information that is vulnerable to abuse, and therefore access to this information must be strictly controlled and limited to authorized organizations and individuals only. Supplemental strategies such as private and permissioned blockchains, encryption, and other safeguards can help control access to the blockchain and information stored on it, and mitigate the risk of unauthorized access. However, like any security safeguard, none of these are bulletproof or a panacea, and all have residual risks. Consequently, any sensitive information stored on blockchain is at some increased level of risk. We must minimize this risk through the application of effective, holistic, and multi-layered security safeguards.
Security Risk Versus Reward Trade-offs
In security, risk/reward is often used to help make trade-offs. The idea is that the higher the reward or benefit sought, the higher the residual risk that can be tolerated. An accompanying principle is that the more Personally Identifiable Information (PII) and Protected Healthcare Information (PHI) involved, the higher the risk. Blockchain is essentially a new type of B2B middleware. Even in a case of a private and permissioned blockchain the sensitive data put on the blockchain is still effectively going outside the firewall and perimeter of any healthcare organization that participates and is at increased risk of unauthorized access. One of the most important decisions you can make to enable benefits while minimizing risk is the decision of what sensitive data goes on the blockchain and what doesn't. A proven strategy in healthcare security is to minimize risk while still enabling the complete benefits and rewards sought from a healthcare business or patient care standpoint.
As many healthcare organizations get to the point of prototyping a use case on blockchain and deciding what types and volume of sensitive information will be stored on the blockchain, several strategies are possible. One simple strategy is "let's put everything on the blockchain and figure out later what we can do with it". This strategy of putting all sensitive information on the blockchain will generally significantly exceed the minimal but sufficient information required to realize the benefits and rewards sought based on blockchain use cases, and therefore simply represents an unnecessary additional risk. An additional non-security side note: there can also be major performance impacts of this approach, keeping in mind that any data put on the blockchain must get replicated across all instances of the decentralized ledger, present on all endpoints of the blockchain. Considering medical images, genomic data, and many other types of massive data sets this approach risks grinding the blockchain to a halt.
A Better Blockchain Strategy
A better strategy for deciding what goes on the blockchain in terms of minimizing risk, while enabling full benefits of the defined use cases, is to take the use cases and the specific associated data required and store only that information (type and volume) and no more. In cases where there is additional related sensitive information that may also be large in volume and impractical or too risky to store directly on the blockchain, pointers and hashes can be put on the blockchain that point to the source of the data, and the associated hash code can be used to verify the integrity of the data retrieved from the source. Further, the source of the data can have access control to ensure that only authorized individuals have access to it. Such off-blockchain sources of data must be fault tolerant and not introduce a single point of failure, so as not to degrade the availability benefits of blockchain discussed previously.
With this strategy, healthcare security teams working proactively with healthcare business teams can enable the full benefits, rewards, and ROI of blockchain to improve patient care while mitigating the risk of breaches and other security incidents that could quickly tarnish the major potential benefits of blockchain.
What additional strategies and security safeguards are you considering for implementing your healthcare blockchain, and mitigating risk?