Blockchain: A Tool With a Future in Healthcare

18 July 2019 Health Care Law Today Blog
Authors: Benjamin M. Daniels Kyle Y. Faget J. Mark Waxman

This article originally appeared in Medical Economics, and is republished here with permission.

Blockchain technology originated in 1991, and was conceived as a secure way to timestamp digital documents akin to how a notary timestamps physical documents. The true value lies in the fact that once stamped, the document cannot be backdated. Since then, the application of Blockchain technology has evolved and has the potential to transform and improve healthcare.

This article examines three possible areas for blockchain application in healthcare—the drug and device supply chain, medical staff credentialing, and electronic health records (EHRs).

What is a Blockchain?

Blockchain is an open distributed ledger, meaning that anyone provided with the requisite credentials can access and add to the ledger. When data is added to the blockchain, it is done chronologically. Each block contains the relevant encrypted data, which is referred to as a hash, and the hash of a previous block. The kind of data contained within a block depends on the type of blockchain being utilized.

For example, a bitcoin block might contain information about a specific transaction occurring between two entities, e.g., the sender’s identity, the recipient’s identity, and the amount of points being transmitted between the entities. Each block also has a unique hash that identifies the block and its contents. Any changes made inside a block will cause the hash to change. Each block also has a hash of the previous block such that each successive block points to the immediately preceding block.

The first block, known as the “genesis block,” cannot have a hash from a previous block, by definition. The hash system offers security because altering the data in a block alters the hash of a block. Once altered, the hash of an altered block no longer corresponds to the previous hash found on the successive block. When the hash of one block does not correspond to the previous hash of the successive block, the chain is invalid, and the chain rejects the invalid new block. Theoretically, algorithms could be deployed to recalculate the hashes on the blocks following the altered block, which would validate the chain anew and undermine the major utility of blockchain. However, blockchains have proof-of-work, which is a built-in mechanism that makes recalculating the hashes a formidable process.

Blockchains are also distributed, which means that a single entity does not manage the chain. The chain is managed by a peer-to-peer network whereby every member of the network is allowed access to the blockchain. Each new member of the network gets a full copy of blockchain, which can later be used to validate the entire blockchain. When a new block is added to the blockchain, each member of the blockchain network gets the new block and will individually validate the new block (proof-of-work). Once each member of the network has validated the new block, consensus is achieved. It is the use of consensus that allows tampered-with blocks to be identified and rejected.

Importantly, blockchain can be programmed to record and track almost anything, and the technology offers a potential solution to a number of the challenges facing the healthcare industry.

Solution for the Drug Supply Chain Security Act (DSCSA)

In 2012, a nationwide meningitis outbreak was traced back to a compounding pharmacy, New England Compounding Center (NECC) that engaged in drug manufacturing in violation of its state license. (See 21 U.S.C. § 353a.) Specifically, NECC shipped contaminated steroid injections across the country resulting in 753 patients becoming ill and 64 patients dying.

In response, Congress established a national standard for drug security by expanding the Food & Drug Administration’s (FDA) oversight of compounded drugs through the Drug Quality and Security Act (DQSA), which includes the Drug Supply Chain Security Act (DSCSA) in Title II.

The purpose of DSCSA is to improve tracking, detection, and removal of counterfeit, misbranded, or potentially harmful drugs from the drug supply chain. The DSCSA establishes a national standard for drug security, as opposed to the varying state requirements that had been regulating the space, by mandating the development of a prescription drug traceability system encompassing the full supply chain from manufacturer to dispenser for pharmaceuticals distributed in the United States. The system essentially mandates a blockchain-like verification system whereby drug supply chain stakeholders are required to verify upstream information about a product (e.g. who manufactured the product, when it was sold, who it was sold to, etc.) and provide downstream information (e.g. passing along the same information to the next entity in the chain).

Specifically, the legislation outlines a 10-year plan for developing an electronic, interoperable system to identify and trace prescription drugs as they move through the U.S. supply chain. The law includes several provisions requiring implementation, including: product identification, tracing and verification, suspect drug detection and response, notification of illegitimate drugs, wholesaler licensing, and third-party logistics provider licensing. The law also requires the FDA to develop standards, issue guidance documents (many of which have already been issued), implement pilot programs, and conduct public meetings as part of implementation efforts.

Blockchain as a Possible Solution for DSCSA

One of the core requirements of the DSCSA is that each package and homogenous case of product must contain a product identifier, which will be used to identify a product at any point in the drug supply chain. Pinpointing a product’s position in the drug supply chain requires an accurate accounting of a product’s chain of custody. Currently, no one source has all of the information about product transfers as a product moves from manufacturer to dispenser (e.g. hospital, pharmacy, physician’s office, etc.).

The ability of blockchain to track and store data chronologically across a peer-to-peer network makes the technology particularly well suited to solve for the traceability requirements imposed by the DSCSA. In addition, blockchain is uniquely secure, which could reduce common issues in drug supply, such as drug counterfeiting. For example, if a product is presented at any point in the supply chain without the correct hash, the distributed network can identify and reject the product as counterfeit.

Because blockchain offers such an elegant solution to DSCSA compliance, vendors are already piloting blockchain solutions to DSCSA requirements. For example, the MediLedger Project initiated by a San Francisco-based company, Chronicled, is developing a blockchain system that can demonstrate DSCSA compliance.

Similarly, a supply chain consulting group, The LinkLab, is working with industry partners to design and develop pilot blockchains that can meet DSCSA compliance requirements.

Solution for Medical Staff Credentialing

Medical staff credentialing can be a costly and time-consuming effort that conducted via phone calls, faxes, and snail mail. Because blockchains can be verified and updated incrementally, the technology may be well suited for the credentialing process. Blockchain encryption applications and access limitations create a secure database that can be accessed across all those participating in the chain. Each data contributor may be granted access to the entire ledger, or access can be restricted.

Another possible blockchain application is a credentialing “smart contract," an agreement to participate in a “living” credentialing database specifically designed to use blockchain technology as its infrastructure. The concept is that a practitioner’s credentialing information would be continually updated within a single database, with both inputs and access provided by those who have entered into a Blockchain Credentialing Process Agreement. In this fashion, it would not be necessary every time there was a need for credentialing information spanning the time period from completion of college through the most recent credentialing relevant events, to seek the information from the multitude of repositories where it resides. Instead, it would be instantly available, with access granted to view the information by the practitioner, directly, or through a direction given to the entity that maintains the database. The savings in time and cost from this type of approach would be significant as credentialing is a repetitive process where delay inevitably is costly.

In 2017, a pilot program involving the Hashed Health Consortium was initiated. The Hash Health Consortium consists of a group of healthcare industry stakeholders who work together to identify industry challenges that are potentially solved by blockchain technology applications. The goal of this early effort was to create a blockchain-based registry containing a reliable record of certifications and credentials. In 2018, Hashed Health launched a provider credentialing product that leverages blockchain to securely exchange information related to a clinician’s permissions to practice at a certain level or location.

Possible Solution for EHRs

Simple coordination of care has created the need for an EHR platform that allows multiple healthcare providers can view, edit, and share reliable patient data. The sensitive nature of health data, the ongoing challenges posed by interoperability, patient record matching, and health information exchange, make a potential solution to the management of patient health records in electronic format invaluable.

Blockchain is a platform that can securely store medical records, is amenable to real-time updating, and can be securely accessed by anyone given access to the chain. In this case, a single chain would represent a single patient’s medical record. Each new piece of health data would be visible to each member of a patient’s care team as the data is entered into the chain. Moreover, a single, national blockchain-based approach would allow patients to become the owners of their data and allow the information to travel with them.

Use of blockchain as a solution for EHRs is already being piloted at some of the nation’s premier medical institutions. For example, Medicalchain, a London-based startup that develops blockchain technology for storing EHRs, has a working agreement with the Mayo Clinic to explore different distributed ledger initiatives. Massachusetts General Hospital has engaged MediBloc, a Korean blockchain startup, to pilot new storage and exchange mechanisms that complement its existing EHR system.

Industry Resistance to Adopting Blockchain

Perhaps the embryonic nature of the technology or its ties to bitcoin have made blockchain suspect to industry players. Fears about complete reliance on a decentralized computerized system may also be at play in keeping blockchain from being deployed to solve complex issues such as DSCSA compliance. Adoption of blockchain requires having confidence in a store of information without reliance upon a trusted intermediary to authenticate a transaction, which causes healthcare organizations to hesitate when it comes to storage and processing of highly sensitive healthcare data.

If blockchain consensus is reached, then a transaction is authenticated. In some arenas, such as EHR, where quality of care and care coordinating are the central drivers, industry can pilot programs and adopt blockchain technology at their leisure. However, because FDA is already actively enforcing DSCSA, stakeholders are under pressure to bring their operations into compliance. Pilot programs will likely have a high bar to demonstrate DSCSA compliance before industry will adopt the technology. The upside to being under such pressure is that DSCA compliance may pave the way for further blockchain adoption in the drug supply chain industry.

Conclusion

Like any new technology there will be development and adoption fits and starts over time. But in the case of blockchain, there appears to be a concerted effort to move the technology forward. Other potential applications include: informed consent management, clinical trial data management, FDA regulatory new drug and device application processes, and insurance coverage, preauthorization and claims adjudication. Over the next two to five years we will likely see success stories that will prove that these early stage investments were worth the effort.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services