Norfolk, Virginia-based Sentara Healthcare and nearby Old Dominion University have teamed up to test the mettle of the blockchain digital ledger tool and assess its ability to protect the integrity of personal health data in the cloud.

The project involves using decentralized and permissioned blockchain to protect privacy and improve identity management. A mobile app collects data from wearable and medical devices and synchronizes it to the cloud for sharing with providers and payers.

[Register Now: Upcoming HIMSS Healthcare Security Forum]

In the project, a proof of integrity and validation is "permanently retrievable from a cloud database and is anchored to the blockchain network," said Sachin Shetty, associate professor at Old Dominion's Center for Cybersecurity Education and Research. "For scalable and performance considerations, we adopt a tree-based data processing and batching method to handle large data sets of personal health data collected and uploaded by the mobile platform."

The goal, essentially, "is to provide the ability to track and report any unauthorized access or modification to your data in the cloud," he said.

Shetty and Dan Bowden, chief information security officer at Sentara, will describe the initiative September 11 at the HIMSS and Healthcare IT News Healthcare Security Forum in Boston.

[Also: Blockchain eyed for potential use cases in revenue cycle]

Blockchain offers "much stronger, more secure way to monitor access to data" than relational databases. But how it gets deployed in healthcare is something that's still coming into focus.

"With the implementation we're currently working on, we have been able to come up with a proof of concept of how blockchain-enabled data provenance system could help track your data," said Shetty. "My interest was to see what type of use case would be a good fit for healthcare. Another problem is identity management. Could we use blockchain to detect any unauthorized entity who is accessing the data? Can we have a blockchain capability to detect a rogue device?" 

As healthcare stakeholders take stock of blockchain, exploring the various ways the emerging technology could be put to work across the industry, there's a healthy mixture of excitement and skepticism for its potential.

For all the exciting potential uses of blockchain in healthcare – to manage identities, to track provenance of data in the cloud – one of the biggest unanswered questions is its scalability.

"I have seen performance metrics for the more stable platforms that are underlying bitcoin – I saw a study that was done earlier this year, and it's still just 20 to 30 transactions per second," he added. "The throughput is not very good. And the network on which the blockchain runs is heavily underutilized. So there is a huge scalability problem. But there are a lot of proposals going around to improve it."

That's a chief aim of the new partnership with Sentara, he said. "I think this collaboration is going to be fruitful. We can open up the hood and provide some performance metrics as it pertains to scalability in security."

After all, there's no such thing as a cookie cutter blockchain platform. 

Every industry – and every use case within that industry – is different. Old Dominion and Sentara intend to study the emerging technology – its pros and cons alike – and to conduct a critical evaluation of existing blockchain platforms.

"We're still in the hype cycle phase, but there are a lot of prospects we see that we want to do further research on," said Bowden. "There is still a hill to climb. But where I want to get to is to further drive the conversation. If enough people get drawn into the conversation, more people mean more momentum."

Bowden said he's hopeful that Sentara will be able to test another blockchain project later this year focused on rogue device detection on Sentara’s network with Hyperledger and Cisco's Stealthwatch tool.

"That's an example of using blockchain to see when something has changed on our network. It's a different way to do internal identity and access management, tracking who people are, what their entitlements are,” Bowden added. “I have a couple of use cases that I want to prove out, and within 12-18 months we could be doing a deployment."

Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn