Unintended consequences of new technologies in healthcare – thoughts on #blockchains pt 2 by Dr. Senthil N @nacsen


In part one of this blog I discussed blockchains and how they could be used in health care in an ideal world. 

In the real world however, block chain use poses many challenges. The challenges range from security to accessibility perspectives, some of which are unique to health care. In a healthcare blockchain, each unique identifier is a human being, not a piece of cryptocurrency. So, anyone with access to a blockchain can see how many transactions a patient has had and their timestamps, then extrapolate how healthy or sick a person has been. 

The timestamps as well as the names and inferred locations of hospitals and doctors who are granted access expose some amount of personal information about the age of a person, what provider he/she has seen and when, and possible diagnoses, location or travel patterns. So, it becomes critical to control access to the blockchain itself, not just the records that the blockchain entries point to.

It would be naïve to assume that all patients can manage authorizations to their blockchain if they have a mobile application, considering we have been struggling with patient education and patient compliance for years in the real world. 

Many patients struggle to understand their health conditions and to comply with treatments or preventive interventions, let alone being able to afford and use a mobile device effectively. I can see that mobile devices with simple screens can ask a patient whether they want to allow “Dr. X at hospital Y to access their medical record,” but the questions become complex if the access is for specific documents or specific purposes for specific periods of time. Furthermore, if the data access is for research, the authorization questions become even more complicated.

It is just as complex to help users revoke complex access patterns. When mobile phones figure out how to provide an easy mechanism to grant or revoke specific hardware or data access permissions to the umpteen number of apps in a usable manner, I would think it is possible to do so with blockchain access control.

Another challenge for patient privacy is to define a way to protect sensitive data categories (HIV, mental health or substance abuse records, for example). We need a way to protect the blockchain entries for these categories through effective use of authorization records in the blockchain. 

Authorization records will need to specify the authorized individual at applicable document and accessing healthcare provider levels rather than allowing access to the patient’s entire blockchain and accessing healthcare organization levels. The blockchain entries need to have sufficient metadata to describe sensitive data categories and the blockchain service needs to return appropriate responses when there are redacted sensitive data categories to which a provider is not allowed access.

Currently, some of the challenges in creating a longitudinal, interoperable medical record are the unique identification of patients across multiple systems and merging duplicate identifiers reliably in Enterprise Master Person Index (EMPI) systems. This becomes even more challenging with blockchains because we would require patients to provide their blockchain identifier rather than their name, date of birth, driver license or social security number. 

We would need to find each patient’s blockchain identifier to avoid creating multiple blockchains for a single patient, and we need the ability to merge or unmerge blockchains to reconcile cases where a patient ends up having multiple blockchains or when the blockchains of different patients are erroneously merged. Such capabilities are required before the technology can be adopted in health care.

Additionally, we need to consider the ramifications of a security breach and develop measures to reduce the risk or mitigate the consequences. Due to the replicated nature of blockchains, the blockchain services will potentially have blockchain entries of individuals from all over the country or the world. There are both pros and cons to allowing or disallowing global replication of blockchain entries. 

Ideally, the blockchain service should not have any personally identifiable information (PII) in order to reduce the risk of this information being compromised in a breach. Not having PII would mean that one cannot search the blockchain using a patient’s PII. So, a patient’s blockchain would need to be replicated to all trusted blockchain services so that the patient’s entire medical record can be reconstructed without knowing any PII. 

Now, if methods to identify patients become available in the future, we cannot limit the exposure of past entries that are already added to a patient’s blockchain and could get replicated globally. There is no way to guarantee the security of all the distributed blockchain services, and one breach would mean that the blockchain entries of all patients are out in the open. 

The authorization entries in the blockchain would be invalid. This would place undue burden of security on the off-blockchain medical record stores. They may have to resort to measures such as one-time passwords (single use keys) that the patient gives to the provider to further authenticate the access request, or we may need a separate trust relationship system that is outside the blockchain.

Modern medicine is “modern” due to the adoption of new technologies, while it remains “medicine” due to the almost fanatical devotion to the guiding principles of ‘primum non nocere’ and the scientific method. As practitioners and supporters of modern medicine, it behooves each of us to think through all the unintended consequences that are unique to health care, as well as applicable to other domains while we create new breakthroughs to make medicine even more modern.

The article was first published by the author on the 3M HIS Inside Angle – Blog, the article is being republished here with permission.
Author
Senthil K. Nachimuthu, MD, PhD,

a Medical Informaticist with 3M Health Information Systems’ Healthcare Data Dictionary (HDD) team at 3M Health Information Systems, Inc. He is a medical informaticist and a physician by training, and he leads the research and design of HDD Access and other clinical terminology products of 3M HIS. He is also an avid user and contributor to various open source projects, and has served as the Chair of the AMIA Open Source Working Group in the past. He also contributes to the development of various standards such as HL7 Common Terminology Services version 2 (CTS2) and SNOMED CT. In addition to clinical terminologies and ontologies, his research interests include in clinical decision support, epidemiology, data mining, machine learning and patient safety.
Advertisements

Unintended consequences of new technologies in healthcare – thoughts on #blockchains, Part 1 by Dr. Senthil @nacsen


Many of you might have read the recent findings by researchers Isao Echizen et al. from the National Institute of Informatics (NII) of Japan that it is possible to copy one’s fingerprints from pictures taken from up to 10 feet from the subject who was holding a peace sign, given proper lighting and focus. As cameras with more than 20 megapixel resolution become commonplace, many daylight photographs would meet this criteria. It is not farfetched to imagine that one could copy iris patterns from portrait photographs just as easily. For the majority of the world population with darker eye colors, their iris patterns would not be clearly visible in the visible light wavelength, which is why iris scanners use near-infrared wavelengths. 

However, it is easy to see that the improvements in ubiquitous high resolution photography make two technologies obsolete at once. Suddenly, copying fingerprints and iris patterns isn’t just the running gag of the “Mission Impossible” movies anymore, since there is not much we can do to retract publicly available images of one’s fingerprints and irises. The most that can be done is to use fingerprint and iris recognition technologies for convenience rather than security. The fingerprint and iris patterns would reduce the search space, but we will still need to authenticate the individual in a different way. We cannot have the fingerprint and fingerprick blood analyzer machines such as the ones in the “Gattaca” movie all over the place, so we have to use other non-invasive multifactor authentication technologies

This made me think about unintended consequences of new technologies in health care, and how those consequences could affect health care. One of the new technologies that has been popular in the medical informatics literature recently is the use of blockchains (like the ones used in bitcoin).

A blockchain is a log of all transactions that sequentially link what happened to a specific piece of digital currency. The blockchain is transparent and is replicated to multiple servers almost immediately. So, when you use a digital cryptocurrency such as bitcoin, one could verify if you are the rightful owner of that piece of currency by checking its blockchain, and maintain the log by adding the new transaction to the blockchain service.

There have been many articles recently in medical informatics/healthcare IT literature that describe how blockchains can be used to both compile a patient’s longitudinal medical record as well as manage authorization to a person’s medical record. Many of them seem to cite the article “Decentralizing Privacy: Using Blockchain to Protect Personal Data” (PDF link) by MIT researchers Zyskind et al., which describes how blockchains can be used to have data stored in decentralized stores (think hospital EMR systems), while using a blockchain service to link them all and control authorization (think health information networks).

Various articles describe how the blockchain will contain records for all data and authorization transactions for a patient’s medical record. Every time a new document is created for a patient, whether by a clinician, laboratory, pharmacy, billing system or  wearable medical device, a new record is added to that patient’s blockchain, which contains a pointer to an off-blockchain location where that record is stored, such as a specific document identifier in a hospital’s electronic medical record.

Each patient owns their blockchain, and grants or revokes access to those who can add new records to their blockchain or who can read the documents referred to by the blockchain. These data are stored in the blockchain itself as authorization records. It is easy to see that a patient could also say who can query their blockchain itself. Healthcare providers with the proper authorization can access a patient’s blockchain or add new transactions to it.

As with standard practice in medicine, I can see that healthcare providers without authorization can “break glass” during a medical emergency to treat a patient. In addition to providers, wearable electronic devices can also add transactions to a user’s blockchain to track data from their biosensors. Patients can use mobile applications or rely on a healthcare provider to grant and revoke access to their blockchain. 

Technologies like FHIR can come in very handy since every document referred to by the blockchain entries can be a FHIR resource, and the FHIR resource directory for a patient can be integrated with a blockchain service to get a distributed medical record that provides the benefits of both FHIR and blockchain technologies.

While this sounds like a great application in the ideal scenario, it is not without its challenges. Look for part two of my blog where I will discuss the challenges of implementing blockchains in health care.

The article was first published by the author on the 3M HIS Inside Angle – Blog, the article is being republished here with permission.
Author
Senthil K. Nachimuthu, MD, PhD,

a Medical Informaticist with 3M Health Information Systems’ Healthcare Data Dictionary (HDD) team at 3M Health Information Systems, Inc. He is a medical informaticist and a physician by training, and he leads the research and design of HDD Access and other clinical terminology products of 3M HIS. He is also an avid user and contributor to various open source projects, and has served as the Chair of the AMIA Open Source Working Group in the past. He also contributes to the development of various standards such as HL7 Common Terminology Services version 2 (CTS2) and SNOMED CT. In addition to clinical terminologies and ontologies, his research interests include in clinical decision support, epidemiology, data mining, machine learning and patient safety.

#PatientSafety is the key in the era of #DigitalHealth by @Drvikram

India has just seven registered allopathy doctors per 1,000 people; Indian healthcare was ranked 112th in the world by WHO; It takes almost 133 people to take care of 1 patient in a tertiary care hospital; There are now 133 touch points where patient safety can be compromised; Our healthcare system is unable to measure Patient safety, a very important parameter, mostly due to lack of longitudinal records;


India has just seven registered allopathy doctors per 1,000 people. Indian healthcare was ranked 112th in the world in a survey by the WHO. It is therefore unsurprising that most discussions in the healthcare sector today are focused around ways and means to build more infrastructure and increase access to care. 

Many startups have sprung up in the healthcare space promoting better health and preventive care. Investments are pouring into the country and new state of the art hospitals are being set up. But one must wonder are we doing the best we can with the existing system of doctors, hospitals, clinics and processes? How efficient is our system of care and what are the current outcomes we are seeing? Does a patient come out healthier and better than when he went in? Or was it just a case of good fortune that nothing untoward happened to him? What exactly are our priorities for safer care?

As per the Indian Confederation for Healthcare Accreditation (ICHA) it takes almost 133 people to take care of 1 patient in a tertiary care hospital. This is right from the time the patient decides to access healthcare in the hospital and till the time (s) he is discharged. Though the numbers seem interesting but it also gives us an idea about the complexity of the current healthcare system. Digital transformation, Modern technology and techniques might have made healthcare more effective but it has also made care more complex and unsafe – There are now 133 touch points where patient safety can be compromised.

Patient safety is a very important parameter. Somehow our healthcare system is unable to measure it, mostly due to lack of longitudinal records, as India has still not really adopted electronic medical records. Also key contributory factors are over diagnosis and reducing Hospital Acquired Infections (HAIs)

The solution to this issue could be in changing the approach to quality or excellence in healthcare. The traditional approach is to set rigid and stringent specifications against which service providers are benchmarked to see the extent of conformance. This “Outside – In” approach works well where the variables are mechanical and predictable. Unfortunately, healthcare is a sector where uncertainty is high and compounded by each patient’s unique condition and his/ her ability to respond to treatment. In such circumstances, the “Inside – Out” approach that begins with the patient’s needs and requirements may be a better fit.

“Optimum quality of healthcare delivery can be ensured by working backwards to align processes in tandem to meet these requirements” Says Dr Akhil Sangal, CEO of ICHA. “Healthcare has processes that have some predictable and many uncertain variables, and thus a mixed need based customized approach may be desirable,”

One example of the “inside-out” approach is the new infusion system introduced at the Virinchi Hospitals in Hyderabad. Patients going through invasive procedures and surgeries are more prone to infections. The risk of HAIs, including catheter associated infections, is common in patients due to various reasons, mostly the use of plastic or glass bottles in infusion therapy. 

The normal practice, which the nurses follow with these bottles, is to get a needle into the plastic bottle or open the air inlet of the IV sets with glass bottles for the fluid to flow into the patient’s body. This may lead to infection from the micro-organisms, that enter the bottle & may cause severe infection to the patients.

Dr. Srinivas Samavedam, Head of Critical Care Medicine, Virinchi Hospitals, Banjara Hills, Hyderabad added that “To prevent this type of infections from the infected air going inside the bottle, some medical institutions & hospitals have started to use the new-state- of the art German technology for IV solutions. These new IV containers are very advanced and do not require any needle prick for collapsibility thus ensuring high patient safety.”

No venting is necessary with this closed infusion system made by German Technology, as this collapses completely when emptying and therefore there is no need of needles to allow entry of air and hence any external infection.

International bodies like CDC & NIOSH also recommend risk free drug admixture, which reduces potential microbiological contamination. Accurate fluid delivery to the patient is also very important. The latest technology design of Closed Infusion System should facilitate dosage accuracy & should also be compatible with all pharmaceutical drugs.

Another example of the inside – out approach, is the launch of the Azurion from Philips. Philips’s new-generation image guided therapy platform is developed in collaboration with leading global hospitals allowing clinicians to easily perform a wide range of routine and complex procedures, helping them to optimize interventional lab performance and provide superior care. Azurion is built upon Philip’s redesigned operating system ConnectOS, which provided a real-time multi-workspot technology and a user-friendly interface for Physicians, Radiologists and Technicians. The Azurion platform also features over 1,000 new components, including an enhanced flat-panel detector, which provides a functionality to seamlessly integrate advanced interventional tools into the Azurion platform to support the clinical workflow.

It is clear that using the new infusion technology and using image guided therapy platforms like the Azurion there is a greater chance of improving patient safety. 

As always we would love to hear your views on the topic. Comments, suggestions and questions are welcome.

The article is authored by Dr. Vikram, it is reproduced here with the authors permission
Author

[tab]
[content title=”About Dr. Vikram Venkateswaran”]

Dr. Vikram Venkateswaran

Dr Vikram Venkateswaran is a healthcare thought leader who writes and speaks about the emerging healthcare models in India and the role technology plays in them.
Connect with me

[/content]
[content title=”Latest Articles”]

[/content] [/tab]