Dear Gerard, Nictiz published hundreds of pages about blockchain. So if it is a hype (which it is), then Nictiz is playing an important role in that.
You cannot summarize those hundreds of pages to a few words and then state that that reflects the opinion of Nictiz. Blockchain is a comprehensive subject. Please read this document, which is an nuanced inventory of their positions regarding this: https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_ zorg.pdf In paragraph 2.1 is mentioned an advisoryboard from the ministry of health (VWS) about blockchain, and it is said that smart contracts and also other applications of blockchain are possible and maybe desirable. Please read also page 13 which has an summarized overview of arguments pro and contra blockchain in specific applications. Again, I don't know on which of level the logical architecture blockchain will become important, but if it does, it is very likely that it will be, like Thomas Beale also writes, in the part of Feeder-Audit, where information transactions between systems are worked out. I mentioned yesterday that it was also possible to secure chains of events in the Statemachine, or the extended counterpart which Thomas described shrt time ago, especially if more healthcare institutions are involved in those serie of events, which is very often the case. A lot may have to do with the costs of the implementation and if there are cheaper variants possible. High volume expert Mastercard thinks that this is indeed possible. Best regards Bert Verhees Op 16 nov. 2017 00:03 schreef "GF" <[email protected]>: > Hi, > > > A *blockchain*[1] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>[2] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-fortune20160515-2>[3] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-nyt20160521-3> – > originally *block chain*[4] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-primer-4>[5] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-obmh-5> – is a > continuously growing list of records > <https://en.wikipedia.org/wiki/Record_(computer_science)>, called *blocks*, > which are linked and secured using cryptography > <https://en.wikipedia.org/wiki/Cryptography>.[1] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>[6] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6> Each > block typically contains a hash > <https://en.wikipedia.org/wiki/Cryptographic_hash_function> pointer as a > link to a previous block,[6] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6> > a timestamp <https://en.wikipedia.org/wiki/Trusted_timestamping> and > transaction data.[7] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-IPblockchain-7> By > design, blockchains are inherently resistant to modification of the data. A > blockchain can serve as "an open, distributed ledger > <https://en.wikipedia.org/wiki/Distributed_ledger> that can record > transactions between two parties efficiently and in a verifiable and > permanent way."[8] > <https://en.wikipedia.org/wiki/Blockchain#cite_note-hbr201701-8>[*not in > citation given <https://en.wikipedia.org/wiki/Wikipedia:Verifiability> (See > discussion. > <https://en.wikipedia.org/wiki/Talk:Blockchain#Edit_misrepresenting_cited_sources>)* > ] For use as a distributed ledger, a blockchain is typically managed by a > peer-to-peer <https://en.wikipedia.org/wiki/Peer-to-peer> network > collectively adhering to a protocol for validating new blocks. Once > recorded, the data in any given block cannot be altered retroactively > without the alteration of all subsequent blocks, which requires collusion > of the network majority. > https://en.wikipedia.org/wiki/Blockchain > > > > What is Blockchain offering? > Bringing data from a to b? > Storing data? > Securing data? > Preventing privacy incidents? > Taking care of non-repudiation? > Taking care of data integrity? > Play a role in logging? > Will it prevent hacking of PC’s, Servers? > and other attacks such social hacking, pasword sniffing, etc.? > > At best it serves a role in: non-repudiation, data integrity and logging > (access control lists) without the need of a trusted third party service. > But one has to rely on safe/secure IT-systems that make use of it. > It takes care of a non-health related issue; it takes care of a generic > legal issue. > > Bye the way. > *NICTIZ*’ opinion is: > - Certainly it (blockchain) can not be deployed and replace in healthcare > the present “proven technology" > Het kan zeker nog niet worden ingezet voor vervanging van de huidige > “proven technology” in de zorg > - It is in the hype-phase. > - Many of the potential advantages will have to be proven. > > > > Gerard Freriks > +31 620347088 <+31%206%2020347088> > [email protected] > > Kattensingel 20 > 2801 CA Gouda > the Netherlands > > On 15 Nov 2017, at 21:14, Bert Verhees <[email protected]> wrote: > > There are so many privacy breaches in medical data, hacked accounts, > data-leaks, wacky account rules, social hacking, temporary personal from > employment agencies, no logging on access to systems, systems standing open > and the nurse doing something else. > A GP can call a specialist, it is very common to call a specialist, and > say that information is needed on patient So and So. This happens so many > times. He does not need to prove that he is the GP for that patient. A > specialist does not have time for that kind of verifications. > > And when you talk about these kind of things to clinicians, the all > denying, but they all know better. > And when you talk about these kind of things to software companies, they > start denying too, their software is oke! > But it isn't, because a doctor does not pay for security, but for nifty > software. On security no money can be earned. > > So unless you are talking about the openEHR system being actively hacked, > I don't think this is a real use case. If we are talking about the openEHR > versioning being hacked, then a) they had to hack RAID 10 storage, DB > persistence mirroring, daily backups, b) the data centre has singificant > security, c) some security analysis will have been made in advance (it > will, won't it?!), and depending on the perceived threat, there may be e.g. > hashing + notary, or signed hashes + notary, which requires the hackers to > be of a superior variety. > > > No one ever hacks a RAID-system, they hack the software. The RAID system > is to the software like a single disk, if you remove data from software, > then the RAID system will remove it too, it follows the software. The DB > persistence mirroring is the same story. Daily backups are never rolled > back (only in disaster scenario), because you will lose all newly entered > data. > > A friend, a journalist was taking track of all illegal data-leaks in > medical context, he has done that for over ten years. > It must have been millions of patients whose data are leaked, stolen > notebooks with copies of databases, lost USB-sticks, hacked accounts, every > day there is something. It happens in the best secured organizations like > the army. A container full with paper-patient-dossiers was standing on the > street in a big city. Harddisks are not always cleaned up when sold to > second hand computer-shops. I once got (so was said) a brand new > server-hard-disk from HP-reseller, it wasn't new, there were data on it. > > Mostly this news is from the USA because there they is the obligation to > report data leaks to the public. In the Netherlands this is not so, and > guess who is against such a law? > https://www.google.nl/search?q=data+leak&source=lnms&tbm=nws > > > It's a fair bit of work to invisibly hack a properly implemented versioned > DB implementation within a secure facility, which is what is needed for a > medico-legal claim based on data to fail. > > How about a patient who discovers its employer has knowledge of private > medical data? People often think about psychiatric circumstances, but it > can be other things in this time of revival of religions, f.e. a woman who > hides the fact she has had an abortion and is now teaching on a christian > school. > > > ok, now that's privacy, so we are talking data theft, not integrity or > non-repudiation of authorship. > > > Yes, that is, and maybe it is just paranoia, everybody has the right to be > paranoid. Special in small communities data can leak very easy. Social > hacking, you can call that. Happens all the time. But that kind of leaking > cannot always be avoided with blockchain, unless the leaking GP is looking > at someone else his system over a secured logging communication-network. > Then it should be that the looking into data will be in a transaction, > because it is interchanging medical data, which must guaranteed to be > complete, unaltered and logged at receiver and sender. > > > > Also interesting in this discussion is how to handle deletion of medical > data (the patients right to be forgotten). > Can it be that data refer to data on other systems, or may they only refer > to data on the same system, copies of data from other systems? > Do these copies need some accountable reference to where they come from? > > > these are I agree, important questions, and we've tried to cover some of > it with openEHR e.g. via FEEDER_AUDIT > <http://www.openehr.org/releases/RM/latest/docs/common/common.html#_feeder_system_audit>, > URI datatype, and more recently some thinking in a new REPORT type > <https://openehr.atlassian.net/wiki/spaces/spec/pages/92358988/Reports> being > considered for the RM (I've added a note to this to cover the requirement > to safely refer to / ?copy content from external systems). > > We need to consider these kind of reference questions more carefully and > provide more comprehensive solutions for sure. > > > It is a very complicated subject, and I did not expect any action taken on > my initial question, yesterday morning. But there was discussion, I also > learned from it. > > Huge ICT companies are implementing blockchain-applications, and the > medical world will for sure be one of the targets. They are ready to > implement and sell it. They will convince governments that it is needed. In > the Netherlands, Nictiz is on their side. Nictiz is the only > information-source for the government. > > My question is, can this be transparent, (like RAID 10 is to a system), or > is there an architectural change needed on the logical layers? Or is there > an architectural layer desirable? Do medical software architects want to > influence decisions? Then they need to take positions. > > It is not something for today or tomorrow, or the day after tomorrow. But > next year? In two years? > > IBM is selling blockchain-technology: > https://www.ibm.com/blockchain/nl-nl/get-started/ > > Today I was reading about Mastercard going to use blockchain, they > patented an own implementation (sorry, in Dutch) > https://www.agconnect.nl/artikel/mastercard-legt-eigen-blockchain-vast > > > The patent > http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&; > Sect2=HITOFF&u=/netahtml/PTO/search-adv.html&r=1&p=1&f=G&l= > 50&d=PG01&S1=20170323294.PGNR.&OS=dn/20170323294&RS=DN/20170323294 > > Best regards > Bert > ________ > > > > _______________________________________________ > openEHR-technical mailing list > [email protected] > http://lists.openehr.org/mailman/listinfo/openehr- > technical_lists.openehr.org >
_______________________________________________ openEHR-technical mailing list [email protected] http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
