Many of you might have read the recent findings by researchers Isao Echizen et al. from the National Institute of Informatics (NII) of Japan that it is possible to copy one’s fingerprints from pictures taken from up to 10 feet from the subject who was holding a peace sign, given proper lighting and focus. As cameras with more than 20 megapixel resolution become commonplace, many daylight photographs would meet this criteria. It is not farfetched to imagine that one could copy iris patterns from portrait photographs just as easily. For the majority of the world population with darker eye colors, their iris patterns would not be clearly visible in the visible light wavelength, which is why iris scanners use near-infrared wavelengths. However, it is easy to see that the improvements in ubiquitous high resolution photography make two technologies obsolete at once. Suddenly, copying fingerprints and iris patterns isn’t just the running gag of the “Mission Impossible” movies anymore, since there is not much we can do to retract publicly available images of one’s fingerprints and irises. The most that can be done is to use fingerprint and iris recognition technologies for convenience rather than security. The fingerprint and iris patterns would reduce the search space, but we will still need to authenticate the individual in a different way. We cannot have the fingerprint and fingerprick blood analyzer machines such as the ones in the “Gattaca” movie all over the place, so we have to use other non-invasive multifactor authentication technologies.

This made me think about unintended consequences of new technologies in health care, and how those consequences could affect health care. One of the new technologies that has been popular in the medical informatics literature recently is the use of blockchains (like the ones used in bitcoin. A blockchain is a log of all transactions that sequentially link what happened to a specific piece of digital currency. The blockchain is transparent and is replicated to multiple servers almost immediately. So, when you use a digital cryptocurrency such as bitcoin, one could verify if you are the rightful owner of that piece of currency by checking its blockchain, and maintain the log by adding the new transaction to the blockchain service. There have been many articles recently in medical informatics/healthcare IT literature that describe how blockchains can be used to both compile a patient’s longitudinal medical record as well as manage authorization to a person’s medical record. Many of them seem to cite the article “Decentralizing Privacy: Using Blockchain to Protect Personal Data” (PDF link) by MIT researchers Zyskind et al., which describes how blockchains can be used to have data stored in decentralized stores (think hospital EMR systems), while using a blockchain service to link them all and control authorization (think health information networks).

Various articles describe how the blockchain will contain records for all data and authorization transactions for a patient’s medical record. Every time a new document is created for a patient, whether by a clinician, laboratory, pharmacy, billing system or  wearable medical device, a new record is added to that patient’s blockchain, which contains a pointer to an off-blockchain location where that record is stored, such as a specific document identifier in a hospital’s electronic medical record. Each patient owns their blockchain, and grants or revokes access to those who can add new records to their blockchain or who can read the documents referred to by the blockchain. These data are stored in the blockchain itself as authorization records. It is easy to see that a patient could also say who can query their blockchain itself. Healthcare providers with the proper authorization can access a patient’s blockchain or add new transactions to it. As with standard practice in medicine, I can see that healthcare providers without authorization can “break glass” during a medical emergency to treat a patient. In addition to providers, wearable electronic devices can also add transactions to a user’s blockchain to track data from their biosensors. Patients can use mobile applications or rely on a healthcare provider to grant and revoke access to their blockchain. Technologies like FHIR can come in very handy since every document referred to by the blockchain entries can be a FHIR resource, and the FHIR resource directory for a patient can be integrated with a blockchain service to get a distributed medical record that provides the benefits of both FHIR and blockchain technologies.

While this sounds like a great application in the ideal scenario, it is not without its challenges. Look for part two of my blog where I will discuss the challenges of implementing blockchains in health care.

Senthil K. Nachimuthu, MD, PhD,  medical informaticist with 3M Health Information Systems’ Healthcare Data Dictionary (HDD) team.