By iCare

Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. The Vanderbilt case study shows how blockchain tech could securely streamline the process.

Infograph displaying the path of medical records going to and from the blockchain to physicians

Vanderbilt engineers develop capabilities for more secure blockchain applications. Source: Vanderbilt University

These developments are part of a larger effort at Vanderbilt’s Institute for Software Integrated Systems to approach the problems and promise of blockchain in a holistic way. Researchers have created a range of significant capabilities, including an architecture that supports secure information access to design standards for best practices, mathematical verification that the underlying code is correct, and a test bed for researchers to try out their ideas.

In addition to healthcare, they are working on blockchain test cases with smart, connected cities, power grid applications, and supplier risk management. “A few years ago people thought blockchain technologies would solve every imaginable problem,” said Douglas C. Schmidt, the Cornelius Vanderbilt Professor of Engineering. “People are realizing that this goal is simply not realistic and are now looking more carefully at when and where these technologies might be useful.”

Beyond the hype and high Bitcoin prices, conventional blockchain technology has been problematic for widespread applications. Its technical foundation has been around for decades, based on the concept of a public, distributed ledger. The underlying code itself is buggy and the conventional model doesn’t support large volumes of transactions with stringent time constraints. But the potential power of blockchain technology in healthcare — particularly sharing of patient data to support more timely diagnosis and treatment — is getting closer.

Sharing medical data without an intermediary

The case study, which involved a rural hospital tumor board, as well as the blockchain architecture supporting that secure information exchange are discussed in the team’s paper, “FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data.” Researchers from Vanderbilt and Varian Medical Systems evaluated FHIRChain, as they dubbed the technology. Pronounced as “fire,” FHIR stands for Fast Healthcare Interoperability Resources. Their goal was to design a blockchain-based system that complied with standards established by the Office of the National Coordinator for Health Information Technology—called the Shared Nationwide Interoperability Roadmap.

Healthcare companies typically contract with third parties to exchange patient medical information securely, said study co-author Dana Zhang, a Vanderbilt computer science PhD candidate. This third-party intermediary serves as the trusted agent, which verifies secure transactions. For example, Hospital A, sends health information to a trusted agent, which sends it to a cancer specialist at Clinic B.

In contrast, FHIRChain is a trustless exchange with no centralized third party. The Vanderbilt/Varian team envisions a system of public and private keys that allow an identified physician or clinic access to health information at Hospital A for a specific period of time. Think of password reset emails that require action within 24 hours. Under this scenario the data itself never leaves Hospital A.

Zhang said the team wanted to use blockchain as a decentralized access mechanism to facilitate permissioned medical record exchange. The case study is not unlike a patient wanting a second opinion on a medical issue from an outside specialist because board members are spread out geographically. “The problem always is getting data to another doctor,” she said. “In this approach, the data is opened up for a temporary period of time (with a decryption key), but the original facility or doctor is still the data owner.” The keys, or long, complex passwords generated by the system, make accessing data easier but also give all parties, including the patient, confidence in the security of the system.