This article was first published in the July/August 2020 China edition of
Accounting and Business magazine.

The healthcare sector’s response to the Covid-19 pandemic has brought into sharp focus the danger of sidelining data protection rights.

The need for access to health data has become a priority during the crisis, but it has become clear that governments are not always successful in gathering that data or keeping it safe. There are even concerns that the rollout of apps to track and trace individuals infected with coronavirus could equip governments with vast databases of information about their citizens that would allow the creation of ‘surveillance states’.

The European Data Protection Board has warned that national parliaments across the European Union may end up restricting individuals’ rights by mandating the sharing of health data. While information-sharing may be deemed in the public interest, it can be highly controversial. Hungary, for example, has suspended individuals’ rights under the EU’s General Data Protection Regulation (including access to and erasure of personal information) and relaxed the obligation for authorities to notify individuals about personal data collected for the purposes of coronavirus prevention. In Serbia, a database that held all data on coronavirus-monitored individuals was accidentally left publicly accessible for eight days.

The storing of vast amounts of medical data in a single central location is like a honeypot to hackers – medical information is worth up to 40 times more than a credit card number on the black market. And the pandemic has attracted opportunistic hackers looking to exploit vulnerable healthcare institutes; vaccine testing facilities, for example, have been subject to ransomware attacks.

While the global internet has been available for 30 years or so, no definitive solution has yet been created to give people secure ownership of their own digital assets. However, innovative technology does exist that can help alleviate worries that large organisations may be able to suddenly take control of personal data, or that individuals may be exposing their data to single point-of-failure risks.

Enter, blockchain

Blockchain is a relatively new technology whose vast and varied applications are only just being unlocked. It can unify healthcare (and other) records by allowing different systems to connect to each other, thus creating one digital and verified source of a patient’s entire medical history, without putting a central party in charge of protecting what may be highly sensitive data. Specifically, a blockchain-based healthcare solution has the following features:

  • Data is stored in multiple servers controlled by different parties (nodes), so no single party is able to take control or make decisions without the explicit consent of the patient.
  • Not all the data needs to be held by all parties, thus removing the risks associated with a single data location.
  • Certain parties – including patients – have their own ‘key’, which the nodes cannot access. Only a patient can decrypt their own records and decide who can access them.
  • Hackers need every key to access all the information. While one key could be exposed, the value to a hacker is minimal and unlikely to be worth the effort.
  • Data can be pseudonymously encrypted, with a separate database linking to the identity of the person, effectively anonymising what are already strongly encrypted records.
  • Because the data is held on multiple nodes, it is backed up across the system, reducing the risk of data being lost.

This unified system enables individuals’ personal data to be shared with others without compromising patient privacy.

Unlocking the data doors

With no fear of privacy being compromised or of a third party taking advantage of personal data, all patients have the freedom to share their records (with the potential to earn financial reward by doing so) in a blockchain-based system. This creates a multitude of opportunities in the healthcare sector. Clinical trial research, population health management and insurance are just some areas that would benefit greatly from the application of blockchain technology.

For example, multiple countries are currently running Covid-19 immunity tracking studies (patients undergo regular tests to ascertain whether they have had the virus and developed immunity). The ability of patients participating in such studies to seamlessly share their results is essential to ensure complete trial data, which is the basis for optimal scientific conclusions to be drawn.

Additionally, governments could have comprehensive and real-time information on the state of citizens’ health locally, such as the uptake of vaccinations or increases in particular illnesses, which would allow for faster response and better control of potential health risks.
In today’s economy, data has become an essential commodity – one that can be more valuable than any other resource. Every individual deserves the right to have ownership over their own data, yet the value of this data is only truly unlocked when it can be shared.

A decentralised data ecosystem may be the only way to unlock this value without compromising the rights of the individual.

Georgina Kyriakoudes FCCA is CEO of Dcentric Health and co-creator of the blockchain-based Aria medical app.