Data storage in healthcare has historically presented a challenge to traditional healthcare networks and presents other unique considerations as part of a distributed ledger implementation. Blockchain technology, by design, is intended to provide an effective means of recording “transactions”. While these transactions are often associated with financial activities, they can also apply to health delivery services or in conjunction with traditional health information exchange, such as the sharing of information related to a clinical encounter, lab results, benefits management, or identity.
Blockchains are optimized to capture a discrete data set that records the essential elements of the type of transaction. This approach is commonly known as the “minimum necessary principle” of blockchain configuration. This principle is applied based on the selected blockchain protocol and as part of the design of the blockchain network, capturing only those data elements required for each identified workflow.
While blockchain structures can technically support any data necessary for the transaction, very large data files (or the accumulation of large files for a given transaction) can introduce latency and impact distributed ledger performance. As a result, blockchain transactions in a healthcare environment present unique challenges for the minimum necessary principle. Additionally, current clinical workflows may not be suitable to the performance of the distributed ledger and present challenges to existing interpretations of HIPAA requirements for storage and processing of protected health information (PHI).
Guidelines for Health Data Storage
To address these implementation challenges, the following provides guidance on what data belongs on- and off-chain:
- High Level Data: The ideal blockchain transaction typically takes the form of higher level data, metadata, transactional information, audit records, pointers and hash codes.
- Large Data Files: The architecture of the distributed ledger should keep large volumes of clinical information off the blockchain and in secure access-controlled enterprise systems where they exist today, and reference these data records as required from the blockchain with pointers and hash codes that can be used to verify their integrity.
- PHI and PII: Personally identifiable information (PII) and protected health information (PHI) should be stored in secure access-controlled enterprise systems. Referencing these data records as required from the blockchain would be an acceptable way to get the benefit of blockchain technology while maintaining HIPAA and other privacy standards.
Utilization of existing data stores allows organizations to leverage their existing data storage investment while capitalizing on the advantages of blockchain for decentralized data exchange.
For further questions or content suggestions, please email firstname.lastname@example.org.