You searched it, you got it.
Take it as a rule of thumb that any healthcare technology solution that has anything to do with Protected Health Information (PHI) in the United States of America, must comply with HIPAA (Health Insurance Portability Accountability Act (HIPAA).
This act enforces and protects the patient’s right to privacy. HIPAA aims at safeguarding the patients’ sensitive health-related information, keeping it from unauthorized disclosure. It necessitates a broad set of technical safety checks to be embedded within the solution itself as well as certain administrative steps which must be included by the provider in the process.
Blockchain is a public (often) ledger of shared, trusted transactions. There is no single control, entries cannot be changed by anyone without consensus.
Blockchain possesses the potential to become the changemaker, the disruptive technology that will usher in the next generation Internet. This nex-gen Internet is also called to the Decentralized Web, or Web3, Blockchain, evidently, serves as a is a novel and innovative solution to the perpetual problem of trust among humans. Blockchain offers us an architecture that’s trustless, not because there is no trust involved, but because you can trust i.e, to trust the output of the system without having to trust any actor/doer/block within it.
We must understand blockchain as a distributed database that stores and keeps adding to a list of transaction records, in an encrypted form that is resistant to tampering and/or editing.
Blockchain for HIPAA
The digital ledger technology that blockchain offers has promise, but from a privacy perspective, it matters whether the data that is stored can be considered protected health information and therefore regulated.
Blockchain in itself is a file— a shared and often public ledger of transactions that records all transactions from the genesis block (first block) until today.
IPFS (Interplanetary File System) and the Blockchain are a perfect match! IPFS allows you to address large volumes of data, and it then places these immutable (not open to mutilation), IPFS links into a given blockchain transaction. It does two wonderful things—timestamp the transactions and secure the data, while eviting the need to place the data itself onto the chain.
However, If the information is stored unencrypted to IPFS and the generated hash value is updated to blockchain then someone with the same hash can retrieve all the information. Therefore, the solution developer needs to ensure the privacy of the message by making it unreadable by malicious users.
There are numerous ways available to encrypt and decrypt information. For example, a simple PGP encryption can help you as follows:
Once the information is encrypted and stored in IPFS a hash is generated. This hash can be used to retrieve the encrypted content. And recipient can use the private key to decrypt the encrypted message. Hence, only those can see the message content who are actually assigned to view the message.
Blockchain can also be helpful for Section 164.308(a)(1)(ii)(D), “Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.” Blockchain offers immortal, immutable recording of information, for comprehensive and tamper proof audit-trail of who wrote and accessed every record.
HIPAA requires the PHI to be protected and audit trail to be visible, whereas Blockchain has a reputation for being open. While these two point-of-view contradict, the limitations to blockchain in terms of data are few and if carefully developed, HIPAA is not an achievement that is impossible.
Need help with your next big idea?