
Medical records on the blockchain – the history of a bad idea - mmcclure
https://davidgerard.co.uk/blockchain/2019/04/20/medical-records-on-the-blockchain-the-history-of-a-bad-idea/
======
tracker1
I cringe every single time someone suggests blockchain in our space. Either
it's easier with other tech (even public/private key tech doesn't require
blockchain), or open to potential leaks/abuse in the future (tracking how
everyone voted).

There are a lot of use cases, most even, where it's not a great fit, and there
are other, better, approaches.

Disclosure, I work for an election services company...

~~~
smt88
I've discovered that some people say "blockchain" when they mean "immutable,
distributed, cryptographically-verified database" \-- which is actually a
useful thing for many people.

The Byzantine fault tolerance, public consensus, and mining aspects that we
associate with "true" blockchains are the parts that people can't find a way
to justify and can typically be ignored.

~~~
DebtDeflation
>"immutable, distributed, cryptographically-verified database"

>Byzantine fault tolerance, public consensus, and mining

Why would I want ANY of these things associated with the system that manages
my medical records?

I don't want them to be immutable, if there's an error I want it corrected.
Clearly there should be security to control who (my provider) can update them,
and perhaps turn on the database transaction log to track what updates were
made by whom and when.

I don't want my medical records to be distributed for obvious reasons.

Encrypted, sure, but "cryptologically verified" seems to be overkill as
there's little incentive for third parties to try and forge medical records.

Byzantine fault tolerance? Lol. My medical records get updated maybe once per
year, by my provider, and no one has an incentive to insert false data.

Public consensus? See above.

Mining? Come on.

99.9% of the time when someone says we should use blockchain, they really just
need a database, this is one of those cases.

~~~
dikei
>> I don't want them to be immutable, if there's an error I want it corrected.

Immutable here means no in-place update, you have to update using an "errata"
record. This is the requirement for many type of official documents, even
before computers were used.

>> I don't want my medical records to be distributed for obvious reasons.

Distributed here means no single point of failure.

>> Encrypted, sure, but "cryptographically-verified" seems to be overkill as
there's little incentive for third parties to try and forge medical records.

Encryption without authentication opens up many types of attack. You almost
always want authenticated encryption

~~~
DebtDeflation
>>>Immutable here means no in-place update, you have to update using an
"errata" record.

Yes, and people have been building financial systems with relational databases
using this journaling principle (updates and deletes handled by inserting new
records and timestamping) for decades.

>>>Distributed here means no single point of failure.

Which can be done with most standard RDBMS or NoSQL databases and
clustering/sharding. Not that the scale of medical records is anywhere near
requiring any of this. Do you really want multiple copies of your personal
medical records on some public blockchain?

>>>Encryption without authentication opens up many types of attack. You almost
always want authenticated encryption

For financial transactions, sure, but for medical records? For what purpose?
Other than me and my provider (and any specialist I select) why would anyone
else even need to access my medical records? Who would be faking them?

None of this makes any sense for medical records.

~~~
dikei
Make up your mind. First, you said these properties were useless, now you're
saying these properties have been in use for a long time using relational
database, which means they're really useful.

>> Do you really want multiple copies of your personal medical records on some
public blockchain? No I don't. This thread's starter and I never said that
these properties can only provided by "blockchain", neither did we said that
"blockchain" should be used. We only said that these properties were useful
and people wanted them.

>> For financial transactions, sure, but for medical records? For what
purpose? Other than me and my provider (and any specialist I select) why would
anyone else even need to access my medical records? Who would be faking them?

For example, a fraudulent specialist with access to your data can modify your
prescription so they can steal money from your insurance provider and also
take these extra medicine to sell on the black market.

------
Uptrenda
I feel its become very fashionable to dismiss the simpler applications of the
tech because of how unrealistically its been applied. It's so easy to do too.
Look at the insane valuations, the fraud, and hype cooked up by marketers, and
the whole thing looks very stupid. But its a mistake to let this get in the
way of critical thinking.

There is a reason why the topic is brought up so often and its because among
all that garbage there is genuine potential. It requires education, and R & D
to unlock most of it. But at some point we'll have straight-forward tools that
can be applied to solve a variety of common problems.

I predict the end result won't look any where near as exciting as it is today.
It's likely going to end up being a flexible and boring set of auditing tools.
But that's still going to improve the transparency and efficiency of many
organizations. And give how archaic some of the processes around businesses
are today -- those changes are still going to look revolutionary in their
context.

~~~
chris_wot
If you could tell me even one application of this technology outside of
cryptocurrency, I'd genuinely be interested.

~~~
WalterSear
* Decentralized, anonymized reputation management. Imagine an ebay score that couldn't be owned by ebay, or any another company.

* Decentralized digital Asset ownership verification. Again, imagine facebook without a facebook. Or imagine purchase a music or software token that you could use on any provider, and never expired. Sign up for a new streaming service and take all your songs/videos/games with you from the old one.

* All the legal structures of a company, purchased off the shelf, handling all the vagaries of human resources and accounting, but without managers or payroll accountants. Just remote teammates, who may never have worked before, but know they will get paid a salary, receive evaluations and promotions from their peers.

These are just toy examples, I'm sure if I took more than a few seconds, I
could give you much better ones. The problem with blockchain isn't finding
applications - it's finding _monetizable_ ones.

All the examples above would make amazing open source projects, but IMHO would
be very difficult to generate revenue without compromising their decentralized
nature, by inserting oneself into the transactions to take a cut. Centralized
control of an application is almost a requirement for monetization, and,
blockchains, are, by definition, intended to circumvent centralization.

Moreover, trust and verification aren't new problems, and we already have
plenty of centralized solutions for these problems. So, blockchain
applications both have to be better than what was there before, _and_ work
around the decentralized nature of the system.

Consequently, people trying to make a living on the blockchain mostly resort
to monetizing the networks themselves - in other words, developing
cryptocurrency-like products of some form. Is this decentralized? Not
entirely, but it's less centralized than what came before. If people disagree
with the behaviour oof the ethereum foundation, they can fork the currency.
However, this still a long cry from actual decentralization. It is certainly
an open question what value 'kindof-sortof' decentralized networks provide.

~~~
jakevn
None of which you have listed can be proven by blockchain as it has proofs for
today. All would rely on external sources of truth which entirely live outside
the verification of the blockchain. The blockchain in these cases would be an
immutable chain of unverified facts.

~~~
WalterSear
* An anonymized reputation system is the equivalent of a transaction ledger. It needs no external source, as long as the involved actors agree to enter into evaluation of each other.

* Digital assets ownership ultimately only require external sources of truth for storage of whatever digital asset they intend to provide. I concur that this would be impossibly expensive to provide via an existing blockchain implementations, without an external point of truth, but still a technically possible feat.

* An entire company on the blockchain? Sure, it's not reasonable at the moment. It was just an attempt to paint a bigger picture. The fact that it's 'not yet reasonable' is why many people are starting to try. By the time it's 'reasonable', someone will have done it.

------
drcode
As someone who is a CEO of a medical blockchain startup which is trying to
find actual meaningful use cases, I agree 100% with the conclusions of this
post.

(finding actual convincing use cases in the medical space for this tech is
hard)

~~~
marcus_holmes
so...why are you still the CEO of a medical blockchain startup? Surely you
escorted yourself off the premises by now? ;)

But seriously, isn't this putting the cart before the horse? The usual order
is "find a problem, build a solution", not "find a technology, build a
solution, work out who has a problem it can solve". How's that working out for
you?

~~~
pryelluw
There might be potential uses for distributed ledgers in an industry that is
required by law to share your care history. This specific company not having
arrived at a concrete product does not negate the potential upside. All it
takes for them to do is develop a technology that can be of interest to an
industry giant and become acquired. Im not saying this is the case here, but
it is a real option.

~~~
marcus_holmes
ahh, I see... so more like speculative R&D, developing a technology to the
point where it's saleable to a larger organisation. So there's no need for a
customer problem to solve, it's just about building enough capability with the
tech to become acqui-hirable, is that right?

~~~
pryelluw
To a point. I cant comment on regards to this being the goal of the company
above.

We should consider the following:

A startup can have a product offering and also be the product itself.

~~~
marcus_holmes
not sure that works in many places outside Silicon Valley. I've been working
in the startup scene in Perth, Western Australia, for years now, and the
opportunities for getting bought areslim. A startup there needs to have a
global customer base to stand a chance of making revenue, let alone equity
growth.

------
monkeydreams
I work in this space and I am hard pressed to see where blockchain could
improve patient control of data. The real problem that I have is that health
data rules and workflows are completely unlike any other type of data I have
worked with. Ownership of data, attribution of information, interoperability,
all of these elements are context dependent. Centralised, independent storage
of information so that all healthcare providers (with the patient's
permission) can access critical records is a much simpler solution. It is
still complex, but at least you don't have the byzantine bullshit of the
blockchain sitting beneath it.

------
godzillabrennus
I recently worked on a yellow paper that outlines a data exchange with no
centralized authority that puts ownership and encryption responsibility of
that data back onto the users of the network. It's a data exchange not a
blockchain because all data should be mutable and nullifiable. Blockchain is
the wrong technology for so many things that it's been hyped for.

~~~
80x25
Perhaps your comment was meant to be tongue in cheek, but it sounds like this
data exchange is a replacement for the World Wide Web? It's not IPFS is it?

~~~
godzillabrennus
IPFS was a technology we evaluated but decided it was not appropriate given
specific requirements of all parties that will be using it.

------
woah
Never have I seen someone so angry that a college student gave a vague talk, a
startup made some exaggerated claims, and a university research project wasn’t
completed.

I hope he doesn’t read hacker news. The vague talks, exaggerated claims, and
unfinished research projects here would give him an aneurism!

------
JohnFen
Of all the crazy applications that I've heard for the blockchain, medical
records are easily the craziest.

~~~
M2Ys4U
Elections on a blockchain are probably in the same ballpark

------
djyaz1200
To be generous to those proposing blockchain for health records I think their
intent to suggest that it be used for the access/authentication layer of a
more conventional secure database, but that's just a guess.

~~~
munchbunny
I've found this diagram to be extremely helpful for thinking about why/why not
to use blockchain:
[https://i.redd.it/uu0qg8t28tq11.png](https://i.redd.it/uu0qg8t28tq11.png)
(p.42
[https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf](https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf))

One problem is blockchain is good for _identity_ but not so much
access/authentication.

~~~
jeevest
When I look at the first flowchart - there’s no way a PMI-certified Project
Manager would say No to any question on the flowchart - so Blockchain it is !

------
nwhatt
May be of interest to some: In recent years healthcare has adopted centralized
PKI in the Direct project.
[https://www.directtrust.org/](https://www.directtrust.org/)

------
zby
When a technology does an unexpected thing, something you'd never thought
would be possible, it is tempting to think that it is magic and it can do all
the other impossible things.

------
buhrmi
Gosh I love David Gerard....

------
oooshha
Hard not to imagine a pompous Brit spraying saliva everywhere while reading
this.

To the content - there is only one way to place data on the cloud that is
impervious to all global state, corporate and nefarious actors. That is with a
robust blockchain. Whether or not you think that is useful in medical records
is another story.

I've been a medical doctor for 10 years and think that it is.

~~~
tracker1
How do you use this and not allow for anyone with access to the block chain to
also have access to all medical records? How do you secure this data without
also securing the block chain access itself? How do you provide this security
without effectively losing the usefulness of the block chain in general? How
do you do this in a way that is effective in terms of performance/speed?

~~~
erulabs
I don't have a side in this fight, and in general I absolutely agree with
"solution in search of a problem", etc, but, if I had to think of an
application:

All medical records are encoded as transactions between doctors and patients -
that is, if person A is diagnosed with medical issue A by Doctor A, a public
transaction is sent from a patient, via anonymized address, with a few bits of
information:

\- Amount (public due to nature of transaction on blockchain)

\- Doctor (public due to complexity of anonymized destination addresses on
blockchain, lets not solve impossible problems)

\- Encrypted with the public key of the Doctor, the medical record

\- Encrypted with the public key of the Patient, the medical record again

\- Public, well-known "code" for some medical transaction, for example "code
1" could be a checkup, "code 2" could be a heart-transplant - I'm completely
unfamiliar with the medical world so I suspect this system most likely already
exists

\- Encrypted with the public key of the Doctor, a random UUID identification
code

This would allow Doctors offices to collect all their records by reading thru
all transactions. Offices could validate that the patient correctly filed the
transaction before accepting the transaction, and one can imagine software
such that patients could easily file the transaction without having to copy
the medical records, etc.

Additionally, using the public key of a doctor, one could verify that similar
medical procedures were priced fairly compared to their own (ie: you could see
the average cost of checkups, etc). This is most likely a naive assumption
about pricing in healthcare, but maybe a good feature thanks to blockchain?

It would be particularly neat if it was powered by a contract, via something
like Ethereum - You'd still need a bit of government help, but:

\- Retrieval of medical data by the Doctors office is signed by a secret key
contained in a contract oracle. When data is retrieved, it's signed with a
timestamp indicating when the data was obtained.

\- Laws requiring that valid signatures for valid timestamps from the contract
oracle accompany _any and all_ use of medical records.

\- Assuming the fines were steep and enforced, medical records could not be
used for longer than a certain date, could be invalidated, and could be
"observed being observed" by the patient.

In other words, assuming minor changes in the legal/medical system, the
blockchain could actually be used to create immutable records of medical
transactions, protect patient privacy, etc.

But if to accomplish this blockchain _also needs_ a trusted 3rd party and law
enforcement... Then i'm not sure how it's better than any other application,
except that it comes with a free globally available API, which is not actually
a bad feature. Just not world-changing is all.

