Who Controls Your Health Data and Why Isn't It You?
Are you wondering who controls your health data? Click here to learn more about this record storage platform and IoT-embedded medical devices.
Join the DZone community and get the full member experience.Join For Free
Patient health records are considered one of the most sensitive kinds of personal information. Should personal health data leak, it could be used to defame an individual’s reputation, jeopardize employment options, influence insurance premiums, or be used as a marketing tool — all potentially exploiting an individual’s health status. However, there is little doubt that having medical data readily available to appropriate institutions globally can have major medical benefits. However, data and records are typically siloed in systems without interoperability. As we saw in Part One of this series, attempts at centralized data, if done incorrectly, offer little consideration of the sensitivity of the data. I recently spoke to Vasja Bočko, CEO of Slovenian company IRYO, which offers the world’s first participatory, blockchain-driven healthcare economy built on decentralizing access to medical records. They are creating the IRYO Network, a zero-knowledge health record storage platform, with an anonymous query interface. It uses blockchain permission controls for patient record access and tokens to incentivize end users consent, further enabling AI research.
Vasja explained the underpinning of the creation of an open platform: "The solution that we are working on now is a backend data management and data storage solution for healthcare. We built a system that is using open standards so that we're not going to be inventing another standard for the data. Henceforth, we then have a problem of interoperability, because of every vendor who is doing their own format to their own standards. In response, we looked at what's out there and we chose to open EHR, which we think is, right now, the most advanced future compatible.
Many people would assume that these software systems are in some way compatible, but there isn’t even one software platform for each of these part of the health care system with multiple platforms available to GPs, pathology labs, hospitals, and other practices.
How They Propose Security: Blockchain Permission Controls
The company is focused on the specific use case of zero-knowledge data storage "which means that we have all the data fully encrypted with the end users or the patients having private keys. The tech is not new — it's been around for a while, and it's called public key infrastructure technology, and so, basically, it's just encryption where you have a pair of keys. You have a public key, and you have a private key. The public key is shared with others, such as doctors, and the private key is held by the patient. And, so, what that enables you to do is that you can share the public key with any third party that you want to use that public key that can encrypt the data and sent it to you. And, because it's encrypted with a public key, you can only decrypt it with the private key bill that only you have."
This creates a number of opportunities for sharing data securely with health professionals of choice. In the case of a data breach at a health clinic, every chunk of data or health record is encrypted with a different key. Even if all of that data gets stolen, then, the attacker needs to go around and start stealing every person's private key. Basically, you need to have either an app hardware of some sort that holds a private and usually has a password on top of that so that even if it's stolen that you still need a password to unlock it.
In the case of those who may be unable to consent due to a health condition or ageing, for example, the company has proposed a series of different options such as "a method where you can take the private key and you can split it into three parts and then each individual part cannot decrypt your information but two out of three are pieced together."
Pilots in Refugee Camps
Vasja explained a recent pilot project the company has undertaken in the Middle East with people in refugee camps and their medical records. Refugees stay in the camps for up to 10 years, and in a few short years, they can generate a substantial chunk of medical history:
"They were looking at collecting data in Excel spreadsheets and improvising, and then, they were looking at some off the shelf solutions for like very lightweight health records. However, they sometimes have to work without Internet access. Further, it makes a lot of sense to use that patients access their own data as they have a high churn rate of health providers. So, we started working on something where they can hold their data on their mobile phone. Then, it doesn't really matter whether the health care providers change; they will have some of that data stored and can take that with them. It will be stored in open standard, so, relatively, it can be translatable into other systems or other languages and so on."
In a world where populations are increasingly transient not only between towns and states, such a system makes a lot of sense.
IoT-Embedded Medical Devices as an Entry Point
Vasja is pragmatic about the challenges ahead of tackling big systemic problems in a system where the key actors have little incentive to change their behavior or technology. Thus, they are focused on medical device manufacturers for market entry:
"A lot of the medical device manufacturers are already in the connected space. But, a lot of them aren't yet and yet all they do want to move there. They don't usually have the resources to then do really good data platforms or data security, or making sure that that data is compliant with standards. Those that collect data typically fail to store it in a shareable format for research purposes. So, we think that's a that's a really good opportunity to get device manufacturers on our platform. Then, it becomes more interesting to hospitals, once they see the product already in use."
What to read further: Take a look at An Australian Tale of Data Privacy and Health Data Gone Wrong
Opinions expressed by DZone contributors are their own.