1
Team: alexanderjsingleton
Open-Source Healthcare via Blockchain By: Alexander J. Singleton with contributing scholars The George Washington University - School of Business Department of Information Systems Technology Management ISTM 6222 | Dr. Elias Carayannis June 28, 2016
Introduction
2 What is Blockchain? First application based on Blockchain: Application of Blockchain in Healthcare: Organizational use of Blockchain: Electronic Health Records HIPAA Guidelines Interoperability Go-to-Market Strategy Sources
3
Introduction During the 2012 Elections, President Barack Obama courted opponents of the Affordable Care Act with the promise of delivering a “healthcare exchange” to clear the froth peddled by insurance brokers and companies selling group-policies to Corporate America; ironically however, “ObamaCare” merely interrupted free-market efficiency and increased the cost of insurance specifically for those who found it unaffordable in the first place- the unintended consequence of government policy: injury instead of assistance, which is why an American dog probably receives better healthcare today, cash-only, without ObamaCare insurance. American healthcare insurance is nothing more than a glorified payment-processing system. A true free-market exchange indexed with real-time data and pricing would ultimately benefit the patient. More data, means more transparency, means better pricing and better health. Technology is exponentially displacing yesterday’s middlemen - so why should healthcare data remain exclusively in the hands of corporations and governments but out of the patient’s reach in the age of the iPhone and electronic-medical record (EMR) software? At the end of the day, a transaction occurs between the patient and physician: an exchange of data, “vital stats,” which is ever-accessible by the entire
4
healthcare complex except for the greatest beneficiary of all: the patient. If transparency promotes democratization, then hopefully data promotes health- so EMR companies should pivot strategy and approach in which healthcare information may be shared via open-source exchanges modeled after a “blockchain” framework facilitating anonymous but secure cryptocurrency transactions, like Bitcoin. Although medical records are personal, life-saving data could be aggregated from a “healthcare blockchain ledger,” advancing wellness for the greater good with an “open-source healthcare exchange” conceivably akin to ARPAnet, a precursory Internet championed by DARPA. Like the human-genome, medical data belongs to humanity, to the individual- not a corporation or government; arguably, healthcare data is a basic human-right (Cook-deegan, Robert, and Christopher Heaney). An examination of an industry leader in EMR, Cerner, reveals an outline of the current healthcare exchange environment “threatmap” and how a blockchain framework indicates the direction to better health, so America can live long and prosper. Cerner was founded in 1979 by Neal Patterson, Paul Gorup and Cliff Illig to create a software-solution platform for hospital administrators sharing mission-critical information historically isolated by siloed hospital administration ("Cerner Company Fact Sheet." ). In the 1980s, the Cerner
5
solution continued to grow and eventually evolved into patient-centric healthcare solutions architecting and engineering data-integrity solutions for the physician. Cerner, and the entire EMR industry, invisibly stand in the examination room between the doctor and the patient; they know more about many than those who care to know, but for those who would like to access the data, in the age of the iPhone, the patient still waits in the waiting room for answers. The following SWOT analysis of Cerner, an industry-leader in EMR, outlines the current market landscape. 1. Strengths: Cerner has a strong focus on research and & development (R&D), deploying significant resources into new health and information systems solutions and services; as of FY 2014 approximately 4,300 associates were engaged in R&D activities, reporting total expenditures on R&D and enhancement of software solutions i/a/o $467.22 MM, $418.7 MM and $319.8 MM during FY2012, FY2013, FY2014, respectively ("Cerner Corporation SWOT Analysis."). Cerner’s solutions were licensed by approximately 18,000 facilities globally, including hospitals, physician practices, laboratories, ambulatory care centers, behavioral health centers, cardiac facilities, radiology clinics, surgery centers but the company expects to drive growth in
6
ancillary markets outside the core healthcare information technology (HCIT) market ("Cerner Corporation SWOT Analysis."). 2. Weaknesses: Although free cash flow increased from $524.9 MM in FY2012 to $570.4 MM in FY2014, Cerner remains heavily dependent on third-parties for certain technology, hardware, and software which are integrated into its offerings and processes supporting operations, including its flagship production Millennium Solutions ("Cerner Corporation SWOT Analysis."). According to software engineering consensus advanced via Reddit, Millennium is in dire need of overhaul if not categorical replacement, due to antiquated architecture presumably incompatible with robust application program interfaces (API)’s or internet of things (IoT) connectivity. Moreover, the company cloud services businesses rely on a limited number of suppliers- namely Oracle, Citrix and Cisco; if the cost of licensing, purchasing or maintaining third-party solutions continues to increase in order to fulfill delivery, Cerner’s operating earnings will significantly decreaseinefficiently brokering parsed solutions instead innovating inhouse ( ("Cerner Corporation SWOT Analysis.")).
7
3. Opportunities: Cerner is headquartered in Kansas City, MO. Growing firms in the area have expressed difficulty recruiting local talent but according to a recent study conducted by the Kauffman Foundation, citing Heike Mayer’s research, concludes that firms in the area are disconnected-and indeed Cerner qualifies; however, Kansas City is home to a substantial pool of talent in the region tapped by growing firms with a strategy to hire Millennials for hands-on training (Motoyama, Yasuyuki, Brian Danley, Kate Maxwell, and Arnobio Morelix). Furthermore, Kansas City remains as a very competitive, low-cost center next to more progressive markets located in Boston, New York and San Francisco (Motoyama, Yasuyuki, Brian Danley, Kate Maxwell, and Arnobio Morelix). Since Cerner is essentially a parser, not a manufacturer, of technologies, strategic alignment with innovative start-ups is advisable; obviously Cerner is not lacking invention but innovation. 4. Threats: Intense competition- HCIT solutions, devices, services and wearables is increasingly encroaching upon Cerner’s dominance of EMR; principal competitors include the following: Allscripts Healthcare Solutions, Epic Systems, GE
8
Healthcare Technologies, Dell, Deloitte, IBM, Xerox-and more recently, Apple and Google ("Cerner Corporation SWOT Analysis."). Population health start-ups also threaten Cerner’s position in the market-place, aiming to simplify Cerner software applications and systems that are highly complex and sophisticated, as reported by internal engineers and verified by market-research ("Cerner Corporation SWOT Analysis.") (Signalthree). Population health start-ups also threaten Cerner’s position in the market-place; Cerner pioneered EMR in 1996, and over a decade later, the company is still unable to roll-out any solution that can connect the patient to their own health-care data. The Blue Button initiative has been championed by the Departments of Defense, Health and Human Services, Healthcare Information and Management Systems Solutions and Veterans Affairs (HealthIT.gov. (n.d.)). Northrop Grumman was one of the first private contracts awarded to enable EMR access to veterans, suggesting API functionality for public access ("Mobile Health Technology & Solutions.")- evidently, a viable tactic to couple with an open-source strategy.
9
Proponents of “radical transparency,” notably Facebook’s Mark Zuckerberg among other Silicon Valley elites, believe the future will become increasingly transparent; omni-directional camera feeds could be recorded and linked with the Global Positioning System (GPS), so that each frame of video could time-stamped with a location, all accessible over the Internet- a radical notion, yes, but entirely possible, which means healthcare data collection is also achievable on the same scale. ("Digitally Empowered Development"). Inevitably, electronic medical records will be transacted over a universal healthcare exchange platform; thus, it may be reasonable to consider blockchain as a framework to facilitate the exchange of personal healthcare data anonymously, but securely, for the ultimate advancement of population health.
What is Blockchain? Blockchain is essentially a distributed database, or a ledger, similar to Excel spreadsheets that warehouse a growing list of continuous transactions from numerous parties within a distributed network. It uses advanced security mechanisms such as cryptography and digital signatures to allow each participant on the network to manipulate the ledger in a secure way requiring a consensus among the group which, at the same time, eliminates the need for a central authority to approve transactions. Basically, once a
10
“block” of data is recorded on the blockchain ledger, it is not so easy to modify or remove. Prior to the addition of a new data block, participants in the network that have access to the existing blockchain assess and verify the proposed transaction through executing complex algorithms. Once all the participating entities (aka nodes/computer servers) ensure the validity of the transaction and reach consensus for the approval of the new transaction, the new block gets added to the chain. According to Guardtime, a cyber-security provider of blockchain-based products and services, the process works as follows: “Assume an organization has 10 transactions per second. Each of those transactions receives its own digital signature. Using a tree structure, those signatures are combined and given a single digital fingerprint — a unique representation of those transactions at a specific time. That fingerprint is sent up the tree to the next layer of infrastructure, such as a service provider or telecom company. This process happens for every organization in the network until there is a single digital fingerprint that encompasses all the transactions as they existed during that particular second. Once validated, that fingerprint is stored in a blockchain that all the participants can see. A copy of that ledger is also sent back to each organization to store locally. Those signatures can be continuously verified against what is in the blockchain, giving companies a way to monitor the state and integrity of a particular asset or transaction. Anytime a change to data or an asset is proposed, a new, unique digital fingerprint is created, Guardtime said. That fingerprint is sent to each client node for validation. If the fingerprints don’t match, or if the change to the data doesn’t fit with the network’s agreed-upon rules, the transaction may not be validated. This setup means the entire network, rather than a central authority, is responsible for ensuring the validity of each transaction” (Norton, Steven). Blockchain’s distributed ledger structure and consensus process varies depending on the type and size of the network and the use case of a particular company. While some firms continue to develop on the
11
“permission-less” public Bitcoin blockchain that allows anyone to participate and contribute to the ledger, many are also exploring ways to deploy “private blockchains” on smaller “permissioned” networks consisting of only known participants.
First application based on Blockchain: Bitcoin has gained popularity as the first decentralized cryptocurrency in the financial services sector primarily due to its underlying blockchain technology. It is basically a peer-to-peer electronic payment system, which allows online payments to be sent directly from one party to another without having to go through a middleman/third-party financial institution such as a bank or a clearinghouse, thus reducing or completely eliminating transaction fees and accelerating transaction-times. The Bitcoin network is completely transparent as it stores details of every single transaction ever recorded in the network on the blockchain ledger and records all of the transactions collected during a period into something called a “block.” This block can be used to explore any transaction made between any Bitcoin addresses at any point on the network. Whenever a new block of transactions is created, it is added to the blockchain creating an increasingly voluminous list of all the transactions that ever transacted on the Bitcoin network. A constantly updated copy of the blockchain is given to all the participants. When a block of transactions is created, miners take the information in the block and apply a mathematical algorithm yielding a random sequence of letters and
12
numbers known as a message “hash,” which is used in creating a digital signature. This hash is stored along with the block at the end of the blockchain at that date-time-stamp. This approach is highly secure as it is quite simple to generate a hash from a collection of data, however the reverse process of decrypting the hash to examine the underlying data is virtually impossible. In order to produce each block’s hash, miners not just use transactions in a block but the hash of the preceding block as well, which as a result authenticates the legitimacy of this block and every subsequent block. Any attempts to alter a block that had already been stored in the blockchain for the purpose of counterfeiting a transaction would corrupt the block’s hash thereby conflicting with the hashing function to verify that block’s authenticity, so a different hash would be revealed from the one already stored, instantly exposing the counterfeit block. This highly effective proof of work scheme protects against tampering and other hacking attacks on the Bitcoin network. The underlying technology driving Bitcoin is clearly compelling as Gem’s CEO Micah Winkelspecht states, “It took about a year and a half for the financial industry to go from looking at Bitcoin and saying, 'This will never work,' to where it is now, where essentially every major financial institution in the world is either exploring blockchain or has active teams devoted to building projects using it” (Green, Max).
13
Application of Blockchain in Healthcare: Aside from the financial sector, healthcare is poised to transform with a paradigm-shifting blockchain model. It has the potential to revolutionize healthcare by addressing the biggest concerns of access, privacy, security and scalability as it pertains to population health, medical records, and patient-generated data around the globe. In the context of healthcare, patient data can be stored on the Bitcoin-like blockchain by creating a multi-signature (multi-sig) address associated with each patient record. The patient would be provided with a code (private key or hash) and a multi-sig address in order to unlock their data. Additionally, a separate universal signature (hashes or multi-sigs) would be assigned to healthcare providers as a way to authenticate their identity by decrypting the patient’s hash, which would result in unlocking the patient’s data. Concordantly, the patient profile would consist of access rules defined by the patient to further unlock their medical records. The M-of-N multi-sig basically means that “N” computers would be required to decrypt the code. For instance, defining a 2-of-3 multi-sig indicates that not only would two separate codes be required to compromise three separate machines but the fact that data could still be unlocked with the availability of just two of the three keys. Using the multi-sig principle, patients will have full control of their medical information and can select the information shared and viewed by providers or doctors by using their signature along with that of the hospital. This new method of decentralizing healthcare data would be extremely beneficial and cost-effective for hospitals by preventing huge costs associated with outsourcing the task of setting up and maintaining patients’ electronic records. As stated by the founder and CEO of blockchain startup, GEM, the ultimate goal is to combine the various services of the healthcare industry to create a “patient-centric healthcare system where we’re essentially tracking the entire lifecycle of a patient for their entire journey through the healthcare system and are able to give more control to patients over how their data is used and how it’s shared, to actually give them access to their own data” (Bryant, Meg).
14
In a blockchain world, health information exchanges (HIE), all-payer claims databases (APCD), and electronic health records (EHR) will be rendered obsolete. There no longer stands a need to trust and deal with a middleman/third party system when blockchain provides direct continuous access to patient records, which results in increasing data security while eliminating cost, time, and resources required for compliance. EMR repositories do not always represent accurate up-to-date data of a patient’s history, which is routinely subject to unauthorized modification by hackers, or the less nefarious data-entry error, creating discrepancies or redundancies, which could be life-threatening for the wrong-patient. This could pose a huge risk to patient health data “source-control” shared between hospitals, specialists, or care-facilities. A blockchain healthcare exchange may provide the validation and assurance that the healthcare industry needs by synchronized delivery of trusted service and support. An interoperable, healthcare blockchain exchange would inherently afford data-integrity and information-security without risk of compromises between health-care service-providers. If one party is unable to manipulate the blockchain ledger without signaling other counterparties transacting within the blockchain ledger, or in this case exchange, data-integrity and information-security safeguards are essentially crowd-sourced. According to the CEO of Guardtime, “whenever someone’s health records are accessed, that “event” is recorded on the blockchain, alongside what information was changed or added. That way, the information remains both secure and tamper-proof;
15
nobody can change it without leaving traces” (Kar, Ian). Quality of care may finally benefit from a notion of transparency, or “truth”, that is readily available and accessible not only health-care exchange providers but most importantly, the patients.
Organizational use of Blockchain: Blockchain technology is a booming in healthcare: corporations, governments, and NGO’s the world-over are experimenting with the possibilities of such a groundbreaking framework. Tierion, a company specializing in collecting and ingesting data into the blockchain, recently launched their first project with the Philips Healthcare group in effort to transform patient healthcare by making it more “accessible and affordable” but most of all achievable via blockchain
Tierion achieved
first-mover
advantage offering a blockchain-based healthcare solution. Other leaders pioneering in healthcare blockchain infrastructure include Gem, Guardtime, and Factom. Guardtime is another preeminent solution already implementing its blockchain approach in Estonia that secures the country’s one million records. According to the CEO of Guardtime, Mike Gault, “adopting Guardtime’s technology for healthcare records would allow Estonia to effectively eliminate lies. Every update to healthcare records and every access to healthcare records is registered in the blockchain. That makes it impossible for the government or doctors or anyone to cover up any changes to
healthcare
records
and
that’s
really
powerful”
(Williams,
Oscar).
16
Furthermore, Gem, another leader in blockchain technology providers, initiated a collaborative project with Philips Healthcare to create the new Philips Blockchain lab as a way to offer blockchain technology solutions to companies who can identify use-cases in their businesses. As per Gem CEO Micah Winkelspecht, “one of the most interesting groups that reached out to us when we started talking about the blockchain and healthcare were physicians themselves. Many of them see the problems with today’s technology and are fed up with the current system. Physicians want to help. And so we want to create platform for all the different stakeholders to collaborate” (Prisco, Giulio).
Electronic Health Records Cerner ‘s offerings strive for compliance with HIPAA and Health Information Technology Certification Criteria. Cerner offers 965 products that currently meet the Health Information Technology Certification Criteria. The guidelines within HIPAA and the Health IT are exactly that, just guidelines. HIPAA list the following technical guidelines:
HIPAA Guidelines “§ 164.312 Technical safeguards. A covered entity or business associate must, in accordance with § 164.306...[68 FR 8376, Feb. 20, 2003, as amended at 78 FR 5694, Jan. 25, 2013]: 1. Standard: Access control. Implement technical policies and procedures for electronic information systems that maintain electronic protected health
17
a. i. ii. iii. iv. b. c. 2.
a. b. c. i. ii.
information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4). Implementation Specifications: Unique user identification (Required). Assign a unique name and/or number for identifying and tracking user identity. Emergency access procedure (Required). Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency. Automatic logoff (Addressable). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Encryption and decryption (Addressable). Implement a mechanism to encrypt and decrypt electronic protected health information. Standard: Audit controls. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. Implementation specification: Mechanism to authenticate electronic protected health information (Addressable). Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner. Standard: Person or entity authentication. Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed. Standard: Transmission security. Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. Implementation specifications: Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. Encryption (Addressable). Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate. These guidelines are very specific on how to manage data, how to access data, how to store data, how to track data, and so forth; however, HIPAA guidelines are just that-guidelines but do not exactly dictate the best way to execute requirements. Architecting systems in accordance with EHR guidelines can be costly. Health care systems require redundancies, which in turn have massive
18
memory and load requirements. Specialized, application program interfaces (APIs) and services can accomplish interoperability, albeit at significant costs. Data-integrity and information security standards vary from renowned hospitals, like the Mayo Clinic, to the rural doctor’s clinic located in Dodge City, KS; which begs the question: if all standards are universal, but are they universally executed? Information-security is generally robust on the backend but bottlenecks are exposed downstream in front of the user. There are two types of organizations: those that have been hacked and those that will be- although HIPAA compliance is standard, there is no standardized network of exchange; health-care data is transmitted along the same data carrying financial transactions and Netflix- obviously, sensitive health-care data deserves more security and encryption than the last Netflix episode. A universal blockchain standard would ensure a universal information-security standard. EHRs are ready for blockchain technology. Blockchain is a new technology altering the upside of information-security at its fundamental core. This would be orders of magnitude groundbreaking than the existing paradigm haphazardly cobbled by the healthcare status-quo. The regulatory climate may be nebulous but navigable for blockchain-believers in healthcare.
19
Interoperability Cerner currently participates in an interoperability network called CommonWell Health Alliance. This alliance provides Cerner clients with an opportunity to exchange healthcare data as a patient or medical professional. The benefit is that a patient can receive better health services because their record is accessible to any member within the alliance. An alliance like this is powerful for providing health services because it reduces physical records and limits required for record delivery via e-mail, fax, or mail. The member-alliance is relatively secure for patients and healthcare professionals because there are established security guidelines governed by encryption protocols for transmission within the member-alliance network. There are also downsides to this alliance. CommonWell Health Alliance is simply a portal for healthcare records. CommonWell Health Alliance does not store any the information and does not manage any of the integrity of the records that can be accessed via their portal. Devoid of data-integrity quality assurance and procedure, a healthcare professional is not guaranteed updated records for their patient, let alone information security. This means that each member within the alliance accepts blind-faith and confidence in fastidious participation among CommonWell members. Although Cerner technology ensures that data-records are accurately documentated and exchanged, that is far from data-integrity and information security between end-points among CommonWell alliance-members (even though this is a HIPAA requirement). Accessing data through an alliance yields network
20
vulnerabilities. If a file is accessed on one date, it does not mean that it is the most up-to-date file after the hypothetical time accessed. Audit trails for how data is managed is only maintained to within the alliance system, so Cerner users may not be able to understand how data is handled in another's system. How can Cerner ultimately improve interoperability? Enter the blockchain: if Cerner implements blockchain technology as a core-offering, it’s already scalable. The first, lowest level that blockchain technology can help improve its product is within a single institution. If an institution adopts the blockchain ledger it can ensure that a patient's record within that institution is accurate and continuously updated on a separate but interoperable platform. Another obvious benefit is transaction-history within the ledger, allowing complete examination of patient history upon recorded entry into the platform-ledger. The most viable option is a Cerner-led concerted effort among not just the CommonWell Health Alliance and its members but to implement blockchain technology across all healthcare providers throughout the country.
Sources Carayannis, Dr. Elias. "Introduction to Technology Project Management." Washington, D.C. 14 June 2016. Lecture. Slides: 96-99.
21
"Cerner Company Fact Sheet." Cerner Corporate Webste. Cerner Corporation Website, 2 Feb. 2016. Web. 26 June 2016. "Cerner Corporation SWOT Analysis." MarketLine, a Progressive Digital Media Business (2014): n. pag. The George Washington University Libraries. Web. 26 June 2016. Cook-deegan, Robert, and Christopher Heaney. "PATENTS IN GENOMICS AND HUMAN GENETICS." Annual Review Genomics Human Genetics 11 (2010): 383-425. Web. 10 Nov. 2015. CommonWell Health Alliance Services Specification. N.p.: CommonWell Health Alliance Inc., 2016. Pdf. "Digitally Empowered Development." Foreign Affairs. N.p., 2009. Web. 27 June 2016. Bresnick, Jennifer. “Is Blockchain the Answer to Healthcare’s Big Data Problems?” Health IT Analytics (2016): n. pag. Web. 24 June 2016. Bryant, Meg. “Blockchain may be healthcare’s answer to interoperability, data security.” Healthcare Dive (2016): n. pag. Web. 25 June 2016. Green, Max. “How Bitcoin’s sister technology could change the future of healthcare.” Becker’s Health IT & CIO Review (2016): n. pag. Web. 27 June 2016. HealthIT.gov. (n.d.). Retrieved June 27, 2016, from https://www.healthit.gov/patientsfamilies/blue-button/about-blue-button HIPAA Administrative Simplification. N.p.: U.S. Department of Health and Human Services Office for Civil Rights, 26 Mar. 2013. Pdf. Kar, Ian. “Estonian citizens will soon have the world’s most hack-proof healthcare records.” Quartz (2016): n. pag. Web. 25 June 2016. "Mobile Health Technology & Solutions." Northrop Grumman. N.p., n.d. Web. 28 June 2016. Motoyama, Yasuyuki, Brian Danley, Kate Maxwell, and Arnobio Morelix. Leveraging Regional Assets Insights from High-Growth Companies in Kansas City. Ewing Marion Kauffman Foundation, July 2013. Web. June 26. Nichol, Peter. “Blockchain Technology: The Solution for Healthcare Interoperability.” LinkedIn (2015): n. pag. Web. 24 June 2016.
22
Norton, Steven. “CIO Explainer: What is Blockchain?” The Wall Street Journal (2016): n. pag. Web. 24 June 2016. Prisco, Giulio. “The Blockchain for Healthcare: Gem Launches Gem Health Network with Philips Blockchain Lab.” Bitcoin Magazine. 26 April 2016. Web. 26 June 2016. Secure Exchange of Medical Information. Kansas City: Cerner Network, n.d. Pdf.-2 Signalthree. "I Really Want to like Cerner." Reddit. N.p., Jan. 2016. Web. 26 June 2016. “Tierion and Philips Bring Blockchain Technology to Healthcare Sector.” Inside Bitcoins (2015): n. pag. Web. 26 June 2016. Williams, Oscar. “Estonia using the technology behind Bitcoin to secure 1 million health records.” Business Insider (2016): n. pag. Web. 25 June 2016.