Myth Busting: Can a blockchain save healthcare?

10 min read Original article ↗

Andy Coravos

The US Healthcare system is struggling: we spend more per person than any country in the world — and we don’t have the outcomes to show for it. Can a blockchain save our system? Yes and no. Let’s have an honest discussion about how to use these new tools.

DPharm, one of the biggest pharma innovation conferences of the year, wrapped up last week in Boston. Everyone was buzzing about the opportunities for “blockchain” in healthcare.

Anyone who has been following me on Twitter for the past few years knows I’m a big advocate for these new tools. While I’m impressed — and excited — that more people in healthcare are talking about blockchains, there was confusion about how these technologies work.

It’s time to demystify. I’ll walk through the most common blockchain-for-healthcare myths I heard last week.

Myth 1: “It’s too technical. You wouldn't understand.”

This response is the ultimate power-move for someone who isn’t familiar with the technology and wants to dodge the question. The best, most knowledgeable people working on blockchain-related tech will never say this to you.

If you’re already familiar with Bitcoin, Ethereum, ‘smart contracts’ and plugged into the online community — skip to Myth 2. If these concepts are new for you, here are my favorite starting places to learn about Bitcoin/Blockchain:

“Smart contracts” were were hotly discussed at the conference. Ethereum, an open-source, public, blockchain-based distributed computing platform, is known for its smart contract capabilities. Here’s a few starter pieces:

Have questions? Engage with the community on Twitter and Reddit (r/bitcoin, r/ethereum, and others). Here’s a list of my favorite digital asset / crypto people to follow on Twitter.

To go deeper, check out

’s “Digital Currency Reading List” — if you read a few of these each week, you’ll develop a solid grasp of the technology.

Myth 2: “Storing your personal health data on the blockchain will be more secure.” 🙈

Press enter or click to view image in full size

#DPharm2017

I heard this claim multiple times last week. Let’s break down the first part: if someone claims that you can store your health data “on” the blockchain — red flag and you’ll want to listen to what they say next with healthy skepticism.

The blockchain itself is useful to track how data has changed over time (e.g., for time-stamped audits), but it is not designed to be a storage tool for large datasets.

The breakthrough innovation is that a blockchain is decentralized, meaning that any node (computer) can download the entire blockchain from the beginning of time. Blockchains, by design, are small and lightweight.

As of this morning, the Bitcoin blockchain, which started in 2008, is 156.41GB, containing all nine years of historical data. I could download the entire Bitcoin blockchain on my personal laptop.

Let’s do a thought-experiment: If I sequenced my genome, it would take up ~80GB of storage to record the sequence, base qualities, and alignments in a map (BAM) file. Put in perspective, my genome would take up half the size of the entire Bitcoin blockchain for the past nine years.

Red flag: When someone claims that you can store the data “on” the blockchain.

If we stored health data “on” a blockchain, the blockchain would be huge, bloated, and maintaining decentralization would become impractical.

So, where is my health data actually stored?

Perhaps it’s in a distributed system like IPFS, though it could also be stored in a conventional location like Amazon Web Services — which has the same security issues we face today. Until we get Pied Piper-like compression (à la Silicon Valley), no one is going to store your personal health data “on” a blockchain.

What does it mean for data to be “more secure”?

Let’s dig into the part of the statement regarding security. In healthcare, we spend a lot of time talking about HIPAA, encryption and other aspects of “data confidentially” — meaning that we want to make it difficult for people to access the data. While data confidentiality is critical, data integrity, the ability to manipulate the data, is increasingly becoming more important.

Put another way: I might not care that everyone knows that my blood type is O+, but I’d care a lot more if someone could go into my health record and change my blood type to B- the day before my surgery and leave no trace. That’s data integrity. Blockchain-based technologies are by design tamper-resistant.

Data Confidentiality vs. Data Integrity: I might not care that everyone knows that my blood type is O+, but I’d care a lot more if someone could go into my health record and change my blood type to B — and leave no trace.

Most blockchain technologies don’t have any confidentiality (access) benefits that go above and beyond our conventional toolkit. In fact, our data might be even less confidential given that the ledger is most often open and more people will have access than in today’s system.

When we talk about data being “more secure,” it’s important to understand what that means in practice. If security is “tamper-resistance” — yes, a blockchain is a great tool. If security is “data confidentiality” — depends on the design of the decentralized tools (e.g., IPFS), but most likely it is no better than conventional tools.

Myth 3: “With a blockchain, you will (finally) own your health data.”

The optimist inside of me wants this statement to be true; the software engineer in me asks: “how?”

Get Andy Coravos’s stories in your inbox

Join Medium for free to get updates from this writer.

Remember me for faster sign in

There are many challenges when putting this concept into practice. For instance, this summer UC Berkeley and Bitmark paired up to bring data donation to public health studies.

The challenge with this approach, is it only secures ownership one time — during the first transfer. After someone has decrypted and viewed the data, it’s possible to copy, scrape, or download it and put the data into another untracked, non-blockchain-based source. The user (patient) no longer has “ownership” over their data.

This is not a problem that’s unique to healthcare: there is no good way yet to create data-warehouses that can secure the data when multiple parties have the ability to access and decrypt it.

People like to argue that the best healthcare blockchain will be a “private, permissioned” blockchain, a shared ledger, with credible, trustworthy parties. In today’s age, we have to assume that any data shared is already compromised. When we put sensitive data in a single place, there’s always a risk that it can be shared with an attacker.

Press enter or click to view image in full size

Mind-shifting perspective on who owns the data. For the full thread, see Hacker News.

Put another way: today, Equifax accidentally releases my SSNs. Tomorrow, a big pharma company accidentally releases my medical record “on a blockchain”. In both cases, each company is relatively unscathed, while I’m left with the mess.

When companies hold massive power to disclose sensitive information, the people need to be involved in these decisions. Our digital footprint is our identity.

Data sharing permissions should not be hidden into obscure parts of the “Terms of Service” when we sign up for products. Permissions need to be baked into the design of the product itself — and we need more than a blanket yes/no sharing option.

While permissioned blockchains hold promise, they will be challenging to implement and require a lot of coordination with the patient.

Myth 4: “Using the blockchain, you can donate your de-identified health data to research.”

Last week, I heard a lot of people confuse “de-identified” arguments when talking about blockchains. In its pure form, a blockchain is pseudo-anonymous — not anonymous.

Furthermore, the ability to completely remove personally identifiable information (PII) is increasingly becoming a myth itself. HBR published a piece researchers were able to re-identify 90% of 1.1 million people from a dataset that was scrubbed of PII. Security researcher, Yaniv Erlich, famously re-identified 50 DNA donors and their relatives from ‘anonymous’ DNA.

Now that our digital footprint is increasingly tracked, as a society, we’ll have to figure out a better system where surveillance is part of the life we live. Given recent data breaches and the rise of “big data” — we’re making this shift sooner than many of us would like.

The silver lining is: perhaps this isn’t a bad thing. With robust data sets, we’ll be able to enroll the right people into the right clinical trials. We’ll be able to create better drugs and therapies for more targeted groups. Precision medicine is no longer a dream; it becomes a reality.

De-identification becomes a challenging computer science problem as datasets get bigger and more unique

So, is public personally identifiable information good? Perhaps yes (drug discovery) and no (loss of autonomy and privacy).

Life is a line-drawing exercise, and “blockchains” are not going to let us dodge these difficult societal decisions.

If you’re interested in this topic, there’s a number of emerging advancements that could solve these challenges that don’t require a blockchain: differential privacy, secure multiparty computation, and homomorphic encryption.

Myth 5: “We need blockchain to solve [X problem we have in healthcare].”

Do we need better electronic health record (EHR) interoperability? Yes. Do we need better ways to store the massive health IT data that is coming into our systems? Yes. Do we need to empower our patients by creating systems where they own their own personal health information? Yes.

When someone is pitching a blockchain solution to you — the best question you can ask is “do I really need a blockchain to do this?”

Most likely the answer is no. We can make huge dents in the problems listed above without introducing a blockchain. The dirty secret is that, today, conventional software tools are probably even better suited than blockchain-based tools.

The follow-up question is “are blockchain-based tools ready?

Fred Ehrsam, a co-founder of Coinbase, drafted a readiness barometer for blockchain-based decentralized apps (dApp). dApps need to develop a number of components in order to compete with a normal web or mobile app, including scalable computation, file storage, external data, monetization and payments.

Press enter or click to view image in full size

Fred Ehrsam’s dApp Barometer.

Conventional web and mobile apps have all of those components ready to go. dApps have 2 out of 5.

Additionally, today’s decentralized tools are not ready (yet) for massive scale. Ehrsam writes that we will need a “100x improvement,” to host an app that has 1–10m users. There are a number of hard computer science and game theory problems that need to be solved before we can scale with blockchain-based apps.

Myth 6: “Technology always makes life better.”

In healthcare, we need better audit trails and improved incentive systems. Blockchain technologies can help with this. As we develop new technologies, we should to watch for the Silicon Valley bias of technological optimism, the idea that technology makes life better.

With nuclear power, comes nuclear bombs. With good there is bad — and blockchains are no exception. We know that change is coming, and it’s better to guide that change in a positive direction rather than fight it.

The best leaders of our time are thinking through these incentives. We have a lot of important decisions to make as a society, and if you’re not making them, someone will make them on your behalf.

Bullies hide behind the excuse “it’s really technical.” Don’t accept it. If something doesn’t sound right, speak up, ask the good/“naive” question publicly, and dig into the tech — our future society will thank you.

Curious to learn about more blockchain-for-healthcare projects? Check out our open-source landscape map.

Many thanks to

, , , , , and many others who read early drafts of this post.