How blockchain can protect telemedicine programs
Despite the convenience of telemedicine, this technology raises enormous potential security concerns. If the virtual connection between a doctor and the patient is unsecure, it is possible that patients’ location, data and other sensitive information could be leaked.
“The privacy risks associated with telemedicine mostly stem from the lack of security controls over the collection, use and sharing of data,” said Blaise Wabo, associate director of A-LIGN, a cybersecurity technology and services vendor.
“For example, home telehealth devices and sensors may collect and transmit information on activities in the household that a patient wishes to keep private, such as substance abuse or their daily routine, including when their home is unoccupied during particular times of the day,” said Wabo.
Third-party access to personal data
This highly personal data may be stored or transmitted by the device, allowing it to be accessed by third-party users, Wabo explained.
“Additionally, while smartphone apps are useful tools to help manage personal health, they too can share sensitive data with advertisers and other third parties,” he said. “This includes sensor data on location, which allows advertisers and third parties to access an individual’s location and store that data in third-party libraries or online servers.”
"When applied to telemedicine, blockchain will help establish a seamless exchange of data and increase consumer confidence in the system."
Blaise Wabo, A-LIGN
At a basic level, blockchain applications enable secure, immutable and anonymous transactions across networks to mediate mutually agreed upon interactions between parties. In the healthcare industry, this distributed ledger technology can help facilitate a more efficient way to transfer data effectively and communicate across organizations.
“Blockchain also allows medical records to be stored in secure, fragmented systems that can contain large amounts of data and information, enabling providers to store a more complete patient history and securely encrypt medical data,” Wabo explained. “Furthermore, providers could create a private network for their blockchain and only invite patients directly.”
Only shared with trusted parties
The blockchain will only be shared with a trusted patient and agreed upon party. When an approved patient is added to the blockchain, their connected computer devices receive a copy of the blockchain that is updated whenever a new block of transactions is added, and only someone with the private key could access the electronic protected health information in the blockchain. This makes the private blockchain network almost un-hackable, Wabo contended.
“When applied to telemedicine, blockchain will help establish a seamless exchange of data and increase consumer confidence in the system,” he said. “In such a system, the data entered into a computer must be approved by the patient and doctor, as well as verified against a previous ledger.”
Both the patient and doctor can secure a personal copy of the ledger, rather than a single party having control over the data, he explained. This method ensures multiple checks are in place for protecting sensitive data, reducing some of telemedicine’s main security concerns, he said.
“Healthcare providers can leverage blockchain to securely store patient’s ePHI,” he stated. “When a medical record is generated and signed, it can be written into the blockchain, which provides patients with the proof and confidence that the record cannot be changed. This will also provide nonrepudiation, that is the assurance that someone cannot deny making a change to the medical record and the authenticity of their signature on record and finally the authenticity of a message they sent.”
Protected by private keys
These personal health records could be encoded and stored on the blockchain with a private key so that they are only accessible by pre-approved individuals, thereby ensuring privacy, he added.
The major hurdles to adopting blockchain in telemedicine include the cost, lack of expertise in the industry of how to implement it, and the lack of standardization, Wabo said.
“The cost of implementing the technology and extending participation to lower supply tiers is a concern because blockchain technology relies on intensive computing power and hence a lot of electricity to operate,” he said. “This might be especially difficult for patients in rural areas, due both to a lack of resources and infrastructure.”
The lack of expertise for providers, patients and even some IT professionals is also a hurdle, and may be difficult to overcome when combined with the problem that blockchain is costly to operate, Wabo continued. Another problem is the lack of standardization, or interoperability, which limits the ability for platforms to connect to each other at all, he concluded.
Prepare for next-gen cybersecurity threats and join the #HITsecurity discussion at the HIMSS Healthcare Security Forum this Dec. 9-10 in Boston.