What Blockchain Could Mean for Your Health Data – Harvard Business Review

Executive Summary

Data is one of the best tools we have for fighting the Covid-19 outbreak, but right now health data — like consumer data — is held in silos in many different institutions and companies. And while third parties can track, trade, and negotiate that data, the people who create it and who have the biggest stake in it, are often cut out of the deal. Their virtual self doesn’t belong to them, which creates problems of access, security, privacy, monetization, and advocacy.

Blockchain can be used to solve these issues, by putting individuals in control of their data, which would be encrypted and and stored in a distributed network that no entity owned. Putting people in control of their data, and their health data in particular, would allow them to control who has access to it, and what they’re allowed to do with it. It would also allow secure sharing of data for critical public health purposes, such as contract tracing, without compromising privacy. It’s time that we reclaim our data as an asset that we create, and which we should both control and benefit from. Healthcare data is a perfect place to start.

Big data is perhaps the most powerful asset we have in solving big problems these days. We need it to track and trace infection, manage healthcare talent and medical supply chains, and plan for our economic futures.

But how can we balance data and privacy? Legislation and regulation of big data such as the European Union’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act are partial measures at best. Regulators and pundits have focused so much on the demand side of the data equation — that is, on the use or sale of private citizens’ data in corporate applications like Facebook, Google, and Uber without the individuals’ awareness — that they’ve failed to look at the supply side of data: where data originates, who creates it, who really owns it, and who gets to capture it in the first place.

The answer is you do. All these data are a subset of your digital identity — the “virtual you,” created by your data contrail across the Internet. That’s how most corporations and institutions view you. As Carlos Moreira, CEO of WISeKey, said, “That identity is now yours, but the data that comes from its interaction in the world is owned by someone else.”

It’s time we started taking our personal data as seriously as the top tech firms do. We need to understand its real value to us in all aspects of our lives. Blockchain technology can help us do that, enabling us to use our data proactively and improve our well-being. And while there are many areas where taking control of our data might improve our lives, there is one particularly promising place to start: healthcare data.

Why should we care about our health data?

“Imagine if General Motors did not pay for its steel, rubber, or glass — its inputs,” economist Robert J. Shapiro once said. “That’s what it’s like for the big Internet companies. It’s a sweet deal.” It’s also a real conundrum for business leaders who want as much data as they can get for their enterprise, yet truly value privacy and individual freedom. Consider the tradeoffs we’re making as individuals:

• We can’t use our own data to plan our lives and long-term healthcare: our treatment plans, the pharmaceuticals and medical supplies we use, our insurance or Medicare supplements, or how we use our health savings accounts. All these data about us reside in other people’s silos — in the separate databases of myriad healthcare providers, pharmacies, insurance companies, and local, state, and national agencies — which we can’t access but third parties like the American Medical Collection Agency (AMCA) can, and often without our knowledge.
• We enjoy none of the rewards of this data usage, yet bear most of the risk and responsibility for its clean up if it’s lost or abused. In 2019, AMCA was hacked, and the hackers made off with the personal data of some 5 million people whose lab tests were handled by AMCA’s clients Quest Diagnostics, LabCorp, BioReference Lab, and others. None of these clients have to deal with the tsunami of fraud alerts and bespoke phishing scams aimed at patients. Yet, unlike Alectra, Amazon, or Tesco, these parties aren’t using our data to improve our healthcare outcomes or cut our costs. This is data malpractice.
• We can’t monetize or manage these data assets for ourselves, family, or heirs — think of Henrietta Lacks, whose cancer cells revolutionized the development of cancer treatment without her knowledge— resulting in a bifurcation of reputation, wealth, and all its discontents. Those who lack access to the Internet altogether may not have data profiles or privacy problems per se, but they often don’t have official identity cards, home addresses, or bank accounts either, and so they can’t participate in the global economy. These aren’t people without papers. These are people without data.
• Our privacy is at risk all the time, as is our family’s. The Chinese government used mass surveillance to gain some measure of control over the spread of Covid-19, tracking data about who specifically was infected, where they lived, when they were infected, when they recovered, how were they infected, whether they sheltered in place, what temperature they had when they went outside, and who else they contacted. Privacy is the foundation of freedom, and while sometimes — perhaps in a pandemic — we may choose to trade on this privacy for the social good, the trouble is that once the crisis is over, we have no way to reclaim or mask our data.
• We can’t develop or contribute to the proposed health policies of elected officials, we can’t effectively advocate for the changes our family needs, and we can’t collectively bargain with other patients or powers of attorney to lower costs or improve delivery — yet every other party in the system can do all these with our data, not just negotiating coverage and rates with governments but lobbying them for industry-favorable regulations. The Pharmaceutical Research and Manufacturers of America alone spent a record $ 27.5 million on lobbying in 2018, with individual companies supplementing these efforts to the tune of $ 194.3 million.

With wearables and the Internet of Things, we can increasingly capture our insulin levels, blood pressure, and the number of steps we take and stairs we climb in a day. By owning our medical and other personal data, we could solve the five problems stated above: access, security, privacy, monetization, and advocacy. The key is to take advantage of existing technologies to manage our data according to our own terms of use.

How patient control over health records could expedite data for treatments

Pioneers like Canada’s University Health Network (UHN) have come up with a win-win solution using blockchain technology, a software that operates as a shared ledger distributed across computer devices connected to a communications network. What sets this type of ledger apart from the interfaces to conventional databases or health record repositories is a) its decentralization, which means we can control transactions involving our data peer to peer, and b) its immutability, in that no one else can alter or undo those transactions behind the scenes or without a majority of the network’s approval.

In 2018, UHN launched a patient control-and-consent platform to enhance the patient experience and to facilitate clinical research using patient data. Designed after workshops with different stakeholder groups and developed in partnership with IBM, the platform leverages blockchain not simply to secure and consolidate patient data across the network, but also to obtain and record patient consent before any information is shared with researchers. When patients consent, the software automatically encrypts and records details of the consent transaction on the shared ledger. The platform also records which parties accessed the data, at what time, and for what purpose.

This kind of functionality can be expanded to uses such as contact tracing. Imagine a scenario where the UHN solution is interconnected to healthcare facilities across Canada, so that every Canadian patient had an opportunity to share personal data, including location over time. With such “a platform for reporting, tracking, and notifying that is global in nature and respects privacy,” said Brian Magierski of the Care Chain collaboration, we can “identify new cases rapidly and verify those who have immunity.” To that effect, the start-up Workwolf has invited the Canadian government to use its proprietary blockchain for tracking Covid-19 cases, immunity or resistance, and test results. And Vital Chain is turning clinically certified results into blockchain-based health and safety credentials for employees to prove their fitness for returning to work.

If we applied these capabilities at a global scale, we could capture a single, comprehensive account of global incidence rates and outcomes that was verified and secure. That’s what the start-up Hacera is trying to do. With the support of IBM, Microsoft, Oracle, the Linux Foundation, and others, it launched MiPasa, an initiative to integrate, aggregate, and share information at a global scale from multiple verified sources — from the Center for Disease Control or the World Health Organization, but also hard-to-get data from local public health agencies, licensed private facilities, and even individuals — all without personal identifiers. MiPasa onboards data providers through Hacera’s Unbounded network, a decentralized blockchain powered by Hyperledger Fabric, and then streams data using the IBM Blockchain platform and IBM Cloud. Hacera has developed a tutorial for coders to build applications on top of the platform. This kind of value creation is the gigantic incentive needed to rally numerous institutions so that we can trace people’s exposure to infected individuals, reduce transmissions, save lives, and put more people back to work.

Finding a Covid-19 vaccine is a top priority. To accelerate discovery, the blockchain start-up Shivom is working on a global project to collect and share virus host data in response to a call for action from the European Union’s Innovative Medicines Initiative. Shivom scientists formed a global Multi-Omics Data Hub Consortium comprised of universities, medical centers, and companies, many of which have expertise in AI and blockchain, all for combatting coronavirus infections. The consortium’s data hub is based on part of Shivom’s blockchain-based precision medicine platform. Founded by Dr. Axel Schumacher, Shivom’s platform uses blockchain not only to manage patient consent dynamically but also to share genomic data and data analysis securely and privately with third parties anywhere, without providing access to raw genomic data. Dr. Schumacher said that researchers “can run algorithms over the data that provide summary statistics to the data sets. No individual, de-identifying data can be obtained without the explicit consent of the patient.”

Transitioning to this self-sovereign future

To realize this future, we need to address the real problem: that you don’t own your virtual self. Each of us needs a self-sovereign and inalienable digital identity that is neither bestowed nor revocable by any central administrator and is enforceable in any context, in person and online, anywhere in the world. Until blockchain, we didn’t have the technological means to assert such sovereignty. Now the technical groundwork has been laid. Organizations are looking at how to deploy it in public key infrastructure, how to separate identification and verification from transactions, and how to expand the use of smart contracts, zero-knowledge proofs, homomorphic encryption, and secure multiparty computation.

Imagine having a digital identity that you stored in your digital wallet on a blockchain. Your wallet collects and protects all your biological, financial, and geospatial data throughout the day, and you decide how you want to use it. Your medical records are central to this identity. Your body generates health data. You, not big companies or governments, have a heart rate and a body temperature. When clinicians measure you or take tests of various kinds, they’re providing a service; the results are your asset, deriving from your body. You should control it.

What we’re shooting for is a wholesale shift in how we define and assign ownership of data assets and how we establish, manage, and protect our identities in a digital world. Change those rules, and we end up changing everything.