Blockchain technology is future technology. But how will this affect the Healtchcare area? And what consequences does the new EU General Data Protection Regulation have on the health sphere?


Plattform Life Sciences: What is the market size of the healthcare blockchain opportunity?

Kirill Timofeev: It’s difficult to gauge because blockchain is not a solution to a particular problem, but a foundational technology that can be used to create new disruptive solutions across the healthcare industry. The primary areas that seem perfect for a blockchain-based solution are claims processing, patient incentive programs, decentralized patient record, medication supply chain, and fraud prevention. Each of these markets has the ability to grow to tens of billions of dollars. For example, IBM recently announced that it is using distributed ledger technologies to simplify supply chain solutions. Currently, local and national agencies maintain a ledger that is costing them more than twice of actual physical transportation to manage and use. [1]

What are the challenges to blockchain’s adoption in healthcare?

While there are some technical challenges like the speed of processing and the massive duplication of data that can happen with blockchain, all of these technical issues will fall by the wayside as we advance the technology. The main issue is that an ideal healthcare blockchain would be a public blockchain not owned by any given company. The ideal approach would be a government- backed blockchain solution like what Estonia has put in place.

Done right, this would allow companies to create their own solutions on the blockchain and create a whole new ecosystem for healthcare innovation. However, public blockchain does not mean that information is going to be open to anyone. Another big technical challenge for distributed ledger solutions is to make them compliant with HIPAA while keeping the data distributed across the network. The system must be designed in a way that it is impossible to cryptographically compromise. In January 2018 alone, 433,192 individuals were affected by data breaches of traditional systems[2] which could have been prevented by using blockchain-based solutions.

Kirill Timoveev, DataArt: „Clinical trials, supply chain, healthcare revenue cycle management are very few areas that need improvement.“ Bild: DataArt

Who will pay for blockchain’s implementation cost?

If the government were to back blockchain innovation, companies that used the service to build out new solutions could pay for connection to the chain. While individual companies will likely build their own blockchain solutions, a blockchain-based solution covering the entire US healthcare system would require government backing to take hold anytime soon. It would also be possible for companies to band together in a consortium to move blockchain innovation forward on a large scale.

What parts of healthcare ecosystem are at risk from blockchain adoption?

If patient data were to be stored using a blockchain solution in which control, ownership and access to that data were assigned to the patient, it would greatly impact the way companies access and use identifiable and de-identified patient data. Identifying patients who may be a good fit for clinical trials would finally be made simple.

Lilly COI found that only 16% of cancer patients were aware of any relevant trials being held at the time they were considering treatment. [3] When information is de-identified and deployed to a distributed ledger, requests can be conveniently and cost-effectively broadcast to patients and healthcare records may be revealed only if there is a positive match and patients agree to participate in the research. The ability to run analytics across all patient data would be a huge benefit for research but patients would have to consent to donating their de-identified data for science. For areas like pharma marketing patients may be less inclined to share their data free of charge.

What effects does the new EU General Data Protection Regulation (GDPR) have on blockchain in the healthcare sector?

First of all, GDPR is neither an enemy nor threat for the IT industry; a new data security regulations are going to help you to make your organisation and solutions more secure for patients and other participants. Healthcare is well-regulated industry, for example, in the US every healthcare technology solution already have to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which regulates and strengthens the privacy of electronic health records (EHR).

The GDPR has a broader scope than HIPAA, and main takeaways are:

  1. The “right to be forgotten” that limits time for which data can be stored.
  2. Data should be located in the EU, personal data that is associated with EU citizens should be processed and stored within EU.
  3. Require patient’s consent before acquiring her details.
  4. Encryption is a must; it is required to protect personal data from unauthorised, illegal access and loss.

While two last items are essential to most of healthcare blockchain solutions, i.e. patients own their medical records and no one can access their EHR without granted permissions, as well as data is being replicated across multiple nodes, and loss of data is impossible, the first items need clarifications.

Blockchain solutions forms an immutable ledger that cannot be changed over time, data stored on a blockchain is tamper proof. Blockchains are also decentralised and distributed it is not possible to identify a single node responsible for processing or storing personal information. It might seem irreconcilable and has the opposite effect in some ways when GDPR will apply and become enforceable (May 25).

However, there are sustainable and scalable approaches how to create blockchain applications for the healthcare industry:

  • Do not record personal data on a blockchain. You can keep EHR off-chain, and store on-chain only references that are just randomised identifiers that are not tied to patient’s identity. While it is the most obvious method to sidestep GDPR, it also drastically reduces benefits of blockchain solutions like interoperability across multiple institutions.
  • Smart contracts in Ethereum-like blockchains can override and mutate its state. If a smart contract allows an owner to delete and burn certain transactions or even implement logic to consent automated decision making, it could make it compliant to GDPR.
  • Any public blockchain operating within Europe is also very likely to have nodes outside of Europe that would make illegal to keep healthcare records in it. The solution is to create a permissioned blockchain, federation with a strong onboarding process. It is going to help to balance and decide on what nodes are going to store and process patient’s data.

Ultimately, if blockchain innovations in Europe are going to continue, a new generation of laws and technologies will sooner or later evolve. There is still lots of potentials to use blockchain solutions to create interoperable networks. Clinical trials, supply chain, healthcare revenue cycle management are very few areas that need improvement.


To the interview partner

Kirill Timofeev is a recognized expert and thought leader in innovation and new technologies in the financial services sector. As a Software Project Manager at DataArt, he has delivered enterprise-grade projects for some of the world’s largest institutions in financial services and capital markets, such as securities settlement platform and a digital money solution for payments and FX.


[1] Blockchain for supply chain. Link: https://www.ibm.com/blockchain/supply-chain/

[2] U.S. Department of Health and Human Services Office for Civil Rights. Breach Portal https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

[3] Clinical trial awareness, attitudes, and participation among patients with cancer and oncologists. Link: http://patientperceptions.lillycoi.com/Clinical_Trial_Awareness_Article.pdf