"The Bridge to Blockchain in Health Care Guidance for Business Lawyers" Kristen Johns published in American Health Lawyers Association
The application of distributed ledger, or blockchain, technology has permeated many industries. Since its debut through cryptocurrency, many companies have embraced its potential and many more are actively identifying and implementing novel use cases. The health care industry is no different, and blockchain technology is currently being used for physician and nurse credentialing, electronic medical records (EMRs), patient engagement, patient identity, and pharma supply chain management. This article is intended to provide an overview of the current state of adoption of blockchain technology in health care, emerging regulatory and policy implications, and recent guidance that may enable growth and scalability of this technology.
Overview of BlockchainIn the simplest terms, true to its name, blockchain technology involves recording transactions in a database as a “block,” and those blocks form a “chain.” Each independent database comprising a blockchain network is called a node.1 Blockchainnetworks are decentralized, where data is stored by and accessible to all systems that connect to and comprise the network.
Blockchain architectures can vary and have unique characteristics, which can make understanding “blockchains” challenging. As an example, a blockchain network limits who can connect to or access certain transactions stored in the blockchain; this structure is called a permissioned blockchain. Permissioned blockchains allow for only a few predetermined nodes to have administrator-type control. Permissionless blockchains allow every node in a blockchain equal access to information in the network in a peer-to-peer fashion.2 The bitcoin blockchain, for example, is a permissionless, or distributed, blockchain.
Current ChallengesIn the United States, the use of blockchain technology in a health care context is not directly regulated. Rather, peripheral laws and regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), establish privacy and security standards for certain health care entities (covered entities and business associates) that create, receive, maintain, or transmit Protected Health Information (PHI). It has been discussed ad nauseum that HIPAA, as it is currently structured, is likely the largest obstacle to the commercialization and mainstream adoption of certain applications of blockchain technology involving PHI.