In January, IBM Watson Health established a partnership with the FDA to
define a secure, efficient and scalable exchange of health data using
blockchain technology, with an initial focus on oncology-related data.
IBM and the FDA are exploring the exchange of owner-mediated data from
several sources, such as electronic medical records, clinical trials,
genomic data and health data from mobile devices, wearables and the
Internet of Things (IoT).
https://distributed.com/news/ibm-partners-cdc-bring-blockchains-public-health
On 16-11-17 00:10, GF wrote:
A EJRC document about Blockchain in education:
http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education(1).pdf
<http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education%281%29.pdf>
Gerard Freriks
+31 620347088
[email protected] <mailto:[email protected]>
Kattensingel 20
2801 CA Gouda
the Netherlands
On 16 Nov 2017, at 00:02, GF <[email protected] <mailto:[email protected]>>
wrote:
Hi,
A *blockchain*^[1]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>
^[2]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-fortune20160515-2>
^[3]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-nyt20160521-3> –
originally *block chain*^[4]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-primer-4> ^[5]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-obmh-5> – is a
continuously growing list of records
<https://en.wikipedia.org/wiki/Record_%28computer_science%29>, called
/blocks/, which are linked and secured using cryptography
<https://en.wikipedia.org/wiki/Cryptography>.^[1]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1>
^[6]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6>
Each block typically contains a hash
<https://en.wikipedia.org/wiki/Cryptographic_hash_function> pointer
as a link to a previous block,^[6]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6>
a timestamp <https://en.wikipedia.org/wiki/Trusted_timestamping> and
transaction data.^[7]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-IPblockchain-7>
By design, blockchains are inherently resistant to modification of
the data. A blockchain can serve as "an open, distributed ledger
<https://en.wikipedia.org/wiki/Distributed_ledger> that can record
transactions between two parties efficiently and in a verifiable and
permanent way."^[8]
<https://en.wikipedia.org/wiki/Blockchain#cite_note-hbr201701-8>
^[/not in citation given
<https://en.wikipedia.org/wiki/Wikipedia:Verifiability> (See
discussion.
<https://en.wikipedia.org/wiki/Talk:Blockchain#Edit_misrepresenting_cited_sources>)/]
For use as a distributed ledger, a blockchain is typically managed
by a peer-to-peer
<https://en.wikipedia.org/wiki/Peer-to-peer> network collectively
adhering to a protocol for validating new blocks. Once recorded, the
data in any given block cannot be altered retroactively without the
alteration of all subsequent blocks, which requires collusion of the
network majority.
https://en.wikipedia.org/wiki/Blockchain
What is Blockchain offering?
Bringing data from a to b?
Storing data?
Securing data?
Preventing privacy incidents?
Taking care of non-repudiation?
Taking care of data integrity?
Play a role in logging?
Will it prevent hacking of PC’s, Servers?
and other attacks such social hacking, pasword sniffing, etc.?
At best it serves a role in: non-repudiation, data integrity and
logging (access control lists) without the need of a trusted third
party service.
But one has to rely on safe/secure IT-systems that make use of it.
It takes care of a non-health related issue; it takes care of a
generic legal issue.
Bye the way.
*NICTIZ*’ opinion is:
- Certainly it (blockchain) can not be deployed and replace in
healthcare the present “proven technology"
Het kan zeker nog niet worden ingezet voor vervanging van de huidige
“proven technology” in de zorg
- It is in the hype-phase.
- Many of the potential advantages will have to be proven.
Gerard Freriks
+31 620347088
[email protected] <mailto:[email protected]>
Kattensingel 20
2801 CA Gouda
the Netherlands
On 15 Nov 2017, at 21:14, Bert Verhees <[email protected]
<mailto:[email protected]>> wrote:
There are so many privacy breaches in medical data, hacked accounts,
data-leaks, wacky account rules, social hacking, temporary personal
from employment agencies, no logging on access to systems, systems
standing open and the nurse doing something else.
A GP can call a specialist, it is very common to call a specialist,
and say that information is needed on patient So and So. This
happens so many times. He does not need to prove that he is the GP
for that patient. A specialist does not have time for that kind of
verifications.
And when you talk about these kind of things to clinicians, the all
denying, but they all know better.
And when you talk about these kind of things to software companies,
they start denying too, their software is oke!
But it isn't, because a doctor does not pay for security, but for
nifty software. On security no money can be earned.
So unless you are talking about the openEHR system being actively
hacked, I don't think this is a real use case. If we are talking
about the openEHR versioning being hacked, then a) they had to hack
RAID 10 storage, DB persistence mirroring, daily backups, b) the
data centre has singificant security, c) some security analysis
will have been made in advance (it will, won't it?!), and depending
on the perceived threat, there may be e.g. hashing + notary, or
signed hashes + notary, which requires the hackers to be of a
superior variety.
No one ever hacks a RAID-system, they hack the software. The RAID
system is to the software like a single disk, if you remove data
from software, then the RAID system will remove it too, it follows
the software. The DB persistence mirroring is the same story. Daily
backups are never rolled back (only in disaster scenario), because
you will lose all newly entered data.
A friend, a journalist was taking track of all illegal data-leaks in
medical context, he has done that for over ten years.
It must have been millions of patients whose data are leaked, stolen
notebooks with copies of databases, lost USB-sticks, hacked
accounts, every day there is something. It happens in the best
secured organizations like the army. A container full with
paper-patient-dossiers was standing on the street in a big city.
Harddisks are not always cleaned up when sold to second hand
computer-shops. I once got (so was said) a brand new
server-hard-disk from HP-reseller, it wasn't new, there were data on it.
Mostly this news is from the USA because there they is the
obligation to report data leaks to the public. In the Netherlands
this is not so, and guess who is against such a law?
https://www.google.nl/search?q=data+leak&source=lnms&tbm=nws
It's a fair bit of work to invisibly hack a properly implemented
versioned DB implementation within a secure facility, which is what
is needed for a medico-legal claim based on data to fail.
How about a patient who discovers its employer has knowledge of
private medical data? People often think about psychiatric
circumstances, but it can be other things in this time of revival
of religions, f.e. a woman who hides the fact she has had an
abortion and is now teaching on a christian school.
ok, now that's privacy, so we are talking data theft, not integrity
or non-repudiation of authorship.
Yes, that is, and maybe it is just paranoia, everybody has the right
to be paranoid. Special in small communities data can leak very
easy. Social hacking, you can call that. Happens all the time. But
that kind of leaking cannot always be avoided with blockchain,
unless the leaking GP is looking at someone else his system over a
secured logging communication-network. Then it should be that the
looking into data will be in a transaction, because it is
interchanging medical data, which must guaranteed to be complete,
unaltered and logged at receiver and sender.
Also interesting in this discussion is how to handle deletion of
medical data (the patients right to be forgotten).
Can it be that data refer to data on other systems, or may they
only refer to data on the same system, copies of data from other
systems?
Do these copies need some accountable reference to where they come
from?
these are I agree, important questions, and we've tried to cover
some of it with openEHR e.g. viaFEEDER_AUDIT
<http://www.openehr.org/releases/RM/latest/docs/common/common.html#_feeder_system_audit>,
URI datatype, and more recently some thinking in anew REPORT type
<https://openehr.atlassian.net/wiki/spaces/spec/pages/92358988/Reports>being
considered for the RM (I've added a note to this to cover the
requirement to safely refer to / ?copy content from external systems).
We need to consider these kind of reference questions more
carefully and provide more comprehensive solutions for sure.
It is a very complicated subject, and I did not expect any action
taken on my initial question, yesterday morning. But there was
discussion, I also learned from it.
Huge ICT companies are implementing blockchain-applications, and the
medical world will for sure be one of the targets. They are ready to
implement and sell it. They will convince governments that it is
needed. In the Netherlands, Nictiz is on their side. Nictiz is the
only information-source for the government.
My question is, can this be transparent, (like RAID 10 is to a
system), or is there an architectural change needed on the logical
layers? Or is there an architectural layer desirable? Do medical
software architects want to influence decisions? Then they need to
take positions.
It is not something for today or tomorrow, or the day after
tomorrow. But next year? In two years?
IBM is selling blockchain-technology:
https://www.ibm.com/blockchain/nl-nl/get-started/
Today I was reading about Mastercard going to use blockchain, they
patented an own implementation (sorry, in Dutch)
https://www.agconnect.nl/artikel/mastercard-legt-eigen-blockchain-vast
The patent
http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=/netahtml/PTO/search-adv.html&r=1&p=1&f=G&l=50&d=PG01&S1=20170323294.PGNR.&OS=dn/20170323294&RS=DN/20170323294
Best regards
Bert
________
_______________________________________________
openEHR-technical mailing list
[email protected]
<mailto:[email protected]>
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
_______________________________________________
openEHR-technical mailing list
[email protected]
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
_______________________________________________
openEHR-technical mailing list
[email protected]
http://lists.openehr.org/mailman/listinfo/openehr-technical_lists.openehr.org
