You searched it, you got it.
Every healthcare technology solution dealing with Protected Health Information (PHI) in the US has to comply with the Health Insurance Portability Accountability Act (HIPAA).
HIPAA enforces the patient’s right for privacy and aims at protecting sensitive health information from unauthorized disclosure and obviously a broad set of technical safeguards to be embedded in the software solution itself and administrative measures to be included in the company’s processes.
Blockchain is a shared, trusted, public ledger of transactions, that everyone can inspect but which no single user controls.
With potential to be the driving technology behind the next generation Internet, also referred to the Decentralized Web, or the Web3, blockchain is a novel solution to the age-old human problem of trust. It gives an architecture for so-called trustless trust i.e, to trust the outputs of the system without trusting any actor within it.
It is a distributed database that maintains a continuously growing list of transaction data records, cryptographically secured from tampering and revision.
Blockchain for HIPAA
The digital ledger technology that blockchain offers has promise, but from a privacy perspective, it matters whether the data that is stored can be considered protected health information and therefore regulated.
Blockchain itself a file - a shared and public ledger of transactions that records all transactions from the genesis block (first block) until today.
IPFS (Interplanetary File System) and the Blockchain are a perfect match! You can address large amounts of data with IPFS, and place the immutable, permanent IPFS links into a blockchain transaction. This timestamps and secures your content, without having to put the data itself on the chain.
However, If information is stored unencrypted to IPFS and the generated hash value is updated to blockchain then someone with the same hash canretrieve all the information. Therefore, the solution developer needs to ensure the privacy of the message by making it unreadable by the malicious users.
There are numerous ways available to encrypt and decrypt information. For example, a simple PGP encryption can help you as follows:
Once the information is encrypted and stored in IPFS a hash is generated. This hash can be used to retrieve the encrypted content. And recipient can use the private key to decrypt the encrypted message. Hence, only those can see the message content who are actually assigned to view the message.
Blockchain can also be helpful for Section 164.308(a)(1)(ii)(D), “Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports.” Blockchain offers immortal, immutable recording of information, for comprehensive and tamper proof audit-trail of who wrote and accessed every record.
HIPAA requires the PHI to be protected and audit trail to be visible, whereas Blockchain has a reputation for being open. While these two point-of-view contradict, the limitations to blockchain in terms of data are few and if carefully developed, HIPAA is not an achievement that is impossible.
Need help with your next big idea?