link4557 link4558 link4559 link4560 link4561 link4562 link4563 link4564 link4565 link4566 link4567 link4568 link4569 link4570 link4571 link4572 link4573 link4574 link4575 link4576 link4577 link4578 link4579 link4580 link4581 link4582 link4583 link4584 link4585 link4586 link4587 link4588 link4589 link4590 link4591 link4592 link4593 link4594 link4595 link4596 link4597 link4598 link4599 link4600 link4601 link4602 link4603 link4604 link4605 link4606 link4607 link4608 link4609 link4610 link4611 link4612 link4613 link4614 link4615 link4616 link4617 link4618 link4619 link4620 link4621 link4622 link4623 link4624 link4625 link4626 link4627 link4628 link4629 link4630 link4631 link4632 link4633 link4634 link4635 link4636 link4637 link4638 link4639 link4640 link4641 link4642 link4643 link4644 link4645 link4646 link4647 link4648 link4649 link4650 link4651 link4652 link4653 link4654 link4655 link4656 link4657 link4658 link4659 link4660 link4661 link4662 link4663 link4664 link4665 link4666 link4667 link4668 link4669 link4670 link4671 link4672 link4673 link4674 link4675 link4676 link4677 link4678 link4679 link4680 link4681 link4682 link4683 link4684 link4685 link4686 link4687 link4688 link4689 link4690 link4691 link4692 link4693 link4694 link4695 link4696 link4697 link4698 link4699 link4700 link4701 link4702 link4703

Blockchain and healthcare privacy laws just don’t mix

Blockchain and healthcare privacy laws just don't mix

Leaders are intrigued by the digital ledger technology's potential, but intrigue alone won’t get it past regulations.
  

Attorney Sharon Klein at the law firm Pepper Hamilton, along with Joe Guagliardo,

who chairs the Blockchain Technology Group at the firm, have been looking at blockchain's implications for healthcare for more than a year.Attorney Sharon Klein first started thinking seriously about blockchain's implications for healthcare about 18 months ago. And she's hardly the only one.

Blockchain has been attracting a lot of attention in healthcare, with many technology stakeholders excited about the potential the new data storage paradigm could hold for cybersecurity and interoperability. But while the digital ledger technology has promise, blockchain will struggle to dovetail with the existing realities of privacy law.

"It's the implementation — in this regulatory environment, particularly given everything else that healthcare needs to deal with — that's the question," said Klein, a partner in the health sciences department at law firm Pepper Hamilton and chair of its privacy, security, and data protection practice. "Is this something people are going to want to devote time, energy, money to? It has a lot of good applications. But we have so much to do."

Klein, who will speak at the HIMSS Health Privacy Forum in San Francisco on May 12, serves on the newly reconstituted HHS task force for cyber security. And, according to her, blockchain is on the agenda. "All kinds of data can be stored with blockchain," said Klein. "But from a privacy perspective, it matters whether the data that is stored can be considered protected health information and therefore regulated. And then all of the regulatory drag then is applicable."

For instance, she said, "HIPAA contains a 'patient bill of rights.' So if I, as the patient, want to go see my healthcare records, I just raise my hand and you've got to give them to me. How's that going to work with blockchain?" Or consider the potential implications for updating business associate agreements —  even medium-sized healthcare providers have hundreds of them on file. "It would break my brain to think of how many business associate agreements you'd have to actually execute, and who would execute them," said Klein. "The structure is so inflexible, and very different from any industry's structure when it comes to exchanging of data. That's the hurdle we have to get through."

Blockchain is an exciting emerging technology, to be sure, but it's one that was barely being talked about back when the privacy and security rules under HIPAA and HITECH were drafted, she said. And as it stands today those laws "probably don't meet with the blockchain technology as it is currently constructed." So the question, from a regulatory perspective, should be: Are there easier ways to put blockchain to work in healthcare, even around the margins, that don't need to get tangled up in existing privacy law? "Are there mechanisms, perhaps at the edges, that are not PHI, not as regulated as PHI, that could be utilized in the way that blockchain in healthcare allows?" she said. "You have to start somewhere."

In the near term, Klein said, "the more that private industry self-regulates and has some standard-setting, I think that is going to increase adoption." Klein's colleague Joe Guagliardo, who chairs the Blockchain Technology Group at Pepper Hamilton, agreed. "There's an important point for everyone who's talking about blockchain to understand, whether you're a regulator or a healthcare institution or a technologist," he said. "We're hearing that blockchain is going to revolutionize the way we interact with and store data. But it's not going to happen tomorrow. It may never happen that digital ledger technology is going to replace current infrastructure, because of the regulations.”

Ultimately, it boils down to how important that transformation really is. "What can we do in the healthcare space, what smaller projects can we do, that don't have the regulatory hurdles?,” he said. “And can we take some baby steps that don't require breaking down all the walls? Let's find smaller problems we can solve as a starting point."

Chuck Reynolds
Contributor

Alan Zibluk Markethive Founding Member