Blockchain in Healthcare - Technological Marvel, Regulatory Nightmare

Implementing interoperable and reliable electronic medical record systems (EMR or EHR) has been the goal of healthcare entities of all sizes for years.  But a lack of interoperability, both intra- and inter-organizational, means that coordination remains minimal and EMR is fragmented across hospitals, private practices, pharmacies, etc.

Blockchain – the ledger currently used in Bitcoin and other cryptocurrency transactions – has the potential to revolutionize EMR by recording any and all transactions ever to occur during a patient’s care.  Blockchain platforms can potentially support the entire lifecycle of a patient’s EMR.  As suggested in the MIT Technology Review:

Imagine that when a doctor sees a patient or writes a new prescription, the patient agrees to have a reference or “pointer” added to a blockchain—a decentralized digital ledger like the one underlying Bitcoin. Instead of payments, this blockchain would record critical medical information in a virtually incorruptible cryptographic database, maintained by a network of computers, that is accessible to anyone running the software. Every pointer a doctor logs on the blockchain would become part of a patient’s record, no matter which electronic system the doctor was using—so any caregiver could use it without worrying about incompatibility issues.

Similarly, for billing documentation, blockchain provides security and auditability, allowing for the elimination of redundant administrative tasks and user error.  Moreover, blockchain can be used to introduce anti-tampering measures in pharmaceutical manufacturing to ensure products are genuine.

Despite some current technological challenges, the basic nature of blockchain technology — such as interoperability, data security and authenticity — can help in tackling some of the major problems in healthcare.  However, significant regulatory hurdles prevent many potential applications.

For instance, blockchain has no central repository for data, but is spread across numerous computer networks (see generally  At the same time, HIPAA requires medical providers to supply patients with their healthcare records upon request.  As such, the regulatory question arises as to who is responsible for fulfilling such a request and how same is effectuated by a single provider?

As another example, providers must enter into business associate agreements (BAAs), which govern the sharing of protected health information (PHI), with each entity receiving PHI from a covered entity/provider.  Given that a patient’s EMR may be spread across hundreds or thousands of various computer networks, a regulatory concern is whether thousands of BAAs may be necessary, who would execute the same, and would a network holding particular PHI even be aware is it holding the same?

Given these, among a multitude of potential other regulatory concerns, in the immediate future, from a regulatory perspective, is whether there are presently applications to utilize blockchain in healthcare that don’t impede upon existing privacy regulations.

In the long term, EMR, using the blockchain, can assist with more accurate diagnoses and treatments, and thus deliver more cost-effective care, as well as support a host of potential other beneficial applications.  However, the disruptive potential of blockchain in healthcare is largely being constrained by the present regulatory scheme, and must be re-examined to accommodate advances in technology, while ensuring essential privacy protection for patients.  Likewise, industry participants must carefully consider, and prepare, for the use of blockchain and other disruptive technologies, while at the same time, independently determining that such technologies are appropriate for their use from a regulatory perspective.