Blockchain continues its buzz in healthcare for its potential to revolutionize patient records, medical data, medical billing, and wearable device use. Healthcare stakeholders may consider using this technology to advance existing business models alongside emerging regulatory agendas.

While blockchain first evolved in its applications for financial services, diverse sectors are leaning in to better understand and apply blockchain’s capabilities. In healthcare, stakeholders across the industry, including providers, insurers, and payers, are exploring applications of blockchain to their current systems. The use of blockchain in healthcare presents both opportunities and challenges. For example, the recent CMS Interoperability Agenda may provide potential incentives for the use of this novel technology for healthcare data sharing. On the other hand, the use of blockchain in this manner would be subject to certain legal and regulatory hurdles, including the Health Insurance Portability Accountability Act (HIPAA) and state medical privacy laws. We further discuss each of these issues below.

Technology Overview

Blockchain is a decentralized, distributed ledger that leverages a shared record of transactions among network participants that is updated in real time and operates without a central management authority. The conceptual framework relies on cryptographic technology that allows participants in a network to store, exchange, and view shared information once the information has been verified by the network. With respect to healthcare, there are several potential opportunities for the use of blockchain technology, including healthcare data sharing, provider credential management, and patient-generated health data. For more on the underlying technology, see our recent blog post, Blockchain Basics for…Lawyers.

CMS Interoperability Agenda

The Centers for Medicare and Medicaid Services (CMS) has announced several initiatives focused on interoperability and democratization of healthcare data, which may be beneficial for blockchain technology, as blockchain has the potential to be leveraged as a solution for healthcare data sharing. CMS Administrator Seema Verma has championed these initiatives at various events, including the 2018 Academy Health Datapalooza. For example, CMS plans to improve patient access to healthcare data through its MyHealthEData initiative, part of a larger effort to create a more patient-centric healthcare system. One of the key aspirations of the MyHealthEData initiative is to give patients more control of their healthcare data by breaking down existing barriers to data access and use.

In addition, CMS announced another initiative overhauling the EHR Incentive program, also known as the Meaningful Use program, through a proposed rule focused on increasing health information exchange interoperability and empowering patients and their providers.[1] The Meaningful Use program established incentive payments to eligible groups to promote the adoption and meaningful use of electronic health records (EHRs) and interoperable health information technology. This initiative further advances and accelerates utilization of EHRs, and potentially blockchain, by promoting increased interoperability of healthcare records. As part of this initiative, CMS proposed to rename the program “Promoting Interoperability.” Administrator Verma states that the change is intended to “reflect the program’s new emphasis on providing healthcare information to patients in an electronic format and sharing information electronically among providers.”[2] The proposed rule encourages providers to use technology that allows patients to aggregate their health information from various sources into a location they can access, decentralized from one specific healthcare provider. By controlling access, patients would have the ability to share and control their medical records. In addition to the interoperability requirements, the proposed rule increases privacy protections by requiring that all hospitals first protect the security of patient records.

These two initiatives are part of a broader goal to promote interoperability and redefine the use of EHRs by CMS. Blockchain technology can be used as a tool for developing healthcare data interfaces to encourage the exchange of health information between providers and patients. Instead of the current system of fragmented healthcare data, blockchain’s decentralized distributed ledger for storing health information would provide patients with greater control of their electronic health records and flow of medical information through the device or application of their choice. Both MyHealthEData and Promoting Interoperability will need technology that can securely, privately, and accurately track patient health records.

Regulatory Challenges

The use of blockchain technology for healthcare data sharing also will be subject to the existing requirements for the protection of healthcare data, including HIPAA and state medical privacy laws. HIPAA aims to safeguard protected health information (PHI) from unauthorized use and disclosure. Blockchain presents distinct challenges for the healthcare industry because its structure is relatively inflexible and is not easily reconciled with the HIPAA rules governing the use and disclosure of PHI. For example, many disclosures of PHI by covered entities require that the recipient enter into a business associate agreement, a process that seems to be at odds with a blockchain model. Generally, all HIPAA covered entities and their business associates are required to implement technical safeguards to protect information. With blockchain, instead of multiple healthcare providers storing information, the patient would hold the key for information access. At the same time, blockchain has advantages that can assist institutions to better comply with HIPAA and data security requirements, such as allowing for the possibility of a single, secure version of a patient’s medical record that might be accessed by multiple providers. Early-use cases of blockchain in healthcare may involve records that do not contain PHI, such as physician credentialing records.

As we have seen in financial services, regulators and industry are just beginning to engage with the disruptive effects of blockchain. The application of blockchain technology in healthcare is still in its infancy, and observations of other industry applications may provide insight as governance models start to evolve. Blockchain may just be one tool in a larger ecosystem evolution for the management of healthcare data. As additional use cases and applications are developed, healthcare stakeholders will need to think critically about governance models, data security, information rights, and privacy frameworks.