There was once a time when a company data breach was just a PR fiasco. The company would lose face and customers, but that was pretty much it.
Today, a data breach means not only huge reputation damage but huge fines as well. In fact, a company can incur millions of dollars in fines simply for not taking sufficient precautions against a data breach.
Last year, six healthcare-related companies were fined $13 million for this. Among them was the University of Rochester Medical Center, which was fined $3 million dollars by regulators specifically for failing to properly encrypt mobile devices.
Note, we’re not talking about an actual breach of information here. Just that these hospitals did not take sufficient measures to protect against potential data breaches.
I saw first hand how critical data privacy is for companies in the healthcare space when I served as General Counsel for TigerConnect, which was the first and currently the largest HIPAA compliant, an encrypted messaging platform for the US healthcare industry.
The healthcare companies that we worked with would never consider a service provider if data privacy and encryption were not a key feature of what they offered.
Now, companies across many industries are eagerly looking into how to incorporate blockchain technology to streamline their business processes and cut costs. This works for some enterprises, but it is especially tricky for companies in the healthcare industry because of the need to protect patient health information.
Public blockchains typically include an open ledger of all transactions on the blockchain. These transactions are listed with codes, so when blockchain first came out many described it as anonymous. But today, thanks to ‘chain analysis’ companies that accumulate and cross-examine large amounts of ledger data, nearly every transaction can be traced. So instead of providing complete anonymity, public blockchains actually provide the exact opposite: complete transparency.
This might be good for some industries, but for healthcare enterprises, this means that building enterprise solutions on public blockchains are out of the question… or does it?
As it turns out, there are three main ways that healthcare enterprises can leverage blockchain technology in a way that critically protects PHI.
Read on for an overview of each and which provides the maximum data protection for enterprise users at the lowest cost.
Private, Permissioned Blockchain
The most common approach for many big enterprises foraying into blockchain is to invest in building their own private blockchain.
Private blockchains are easy for corporate decision-makers to comprehend because they are similar in structure to a privately controlled server. All you have to do is restrict who has access to the server and you can safeguard data privacy within the network.
An example of this in practice would be a consortium of hospitals that share access to patient health information through a permissioned blockchain with each hospital running its own node.
This allows the private network of hospitals to share data securely, provided each hospital follows the agreed-upon security protocols.
However, with so few nodes in the system, this means that it is not truly decentralized. And thus misses out on the key benefits of a decentralized blockchain.
A private blockchain is not as robust as a decentralized network. If only a handful of nodes are handling transactions, the risk that one or more nodes goes down is quite high. It would be impossible for a small node network to maintain 100% uptime or even the industry-standard of 99.99% or ‘four nines’ availability as they call it.
We saw last year how Stellar went down after a critical mass of its 120-node network was taken offline. Quantity counts. If 120 nodes are not enough to secure a network, then having just a handful is inviting downtime.
With such a limited number of nodes supporting these private networks, their blockchains are also much more vulnerable to a malicious attack. This makes transaction history vulnerable to manipulation.
Note also that private blockchains are very costly to set up. A recent report from Ernst & Young calculated that the costs to set up a private blockchain are over $600,000 for just the initial build and can require an additional $150,000+ per year for on-going maintenance and node hosting.
That’s no small sum for any business. And if a data breach does occur, a couple million in fines could be added to that.
From a corporate perspective, is a private blockchain worth it? In a few cases, it may be. But as we’ll see there are public-private alternatives that are superior in almost every way.
Private Blockchain Data Hashed on Public Chain
Already a lot of companies running private blockchains have recognized the drawbacks to the resilience and reliability of their blockchains.
In order to address the issue of manipulation of ledger history, a private-public solution has popped up in recent years that I’m beginning to see more and more of.
This is an innovative system where the private blockchain periodically takes a snapshot of its ledger and sends the data to a public chain in the form of a ‘hash’. This way the ledger can always be compared to the hash to ensure that there have been no alterations.
While this undoubtedly provides an advantage over a purely private blockchain, it is still not a perfect solution.
The first drawback is that of course, there will always be room for interventions between snapshots. That means a private blockchain will need to ping the public chain frequently in order to maintain the integrity of its data.
The second is, once again, the issue of cost. This system not only requires the exorbitant upfront and maintenance costs of setting up a private blockchain but on top of that, it also requires paying transaction fees to the public blockchain with each hash.
The more frequently the company wants to send data, the more costly it can become. Given that the average cost on Ethereum right now is around $2.80 per transaction, a few thousand pings definitely ads up.
So ultimately, while this public-private system is an improvement over a purely private, permissioned blockchain, it’s only a very slight step up.
Public Sidechain Network That Utilizes Privacy
Ultimately, the ideal solution would enable a company to use a public chain to store its data. Though it would have to be set up with some form of encryption.
This structure would enable an enterprise to have all the benefits of a public chain, nodes, infrastructure, and immutability. But at the same time, it could encrypt certain portions of the data that need to be private, such as patient health information. Then, only people with the correct keys would be able to see that data.
This way an enterprise can take advantage of a massive, decentralized network while still maintaining data privacy. Best of all, it wouldn’t have to build the entire system from scratch and pay to maintain it for perpetuity.
Up until recently, however, this wasn’t an available option for businesses because, for this system to work, there must be a blockchain that both can be built on and that includes privacy features.
Today, zero-knowledge is looking like the encryption of choice amongst cryptographers. It is used in a number of projects including Zcash, Horizen, and Komodo. In addition, it is being added to other chains by cryptography firms that specialize in zero-knowledge.
While there are public blockchains, like Ethereum or EOS, that developers can build on, these chains do not typically include privacy features.
And though there are a number of privacy-enabled public blockchains, it is extremely difficult to build directly on them because control of the blockchain is out of the enterprise’s control.
However, there is at least one option now available and one that I am proud to be a part of.
Horizen, which most people know as the privacy coin ZEN, has just launched a sidechain ecosystem that enables anyone to easily launch their own blockchain supported by Horizen’s zero-knowledge enabled blockchain.
These sidechains can be set up at minimal cost, come privacy-enabled right out of the box, and can leverage the power, throughput, and resiliency of Horizen’s nearly 40,000 nodes.
It’s the perfect solution to allow companies to take advantage of a truly decentralized blockchain that serves their data privacy needs. Best of all, it comes at a price that is significantly less than what companies are currently paying to build their own blockchains.
Blockchain has a lot to offer enterprises in the healthcare industry from cost reduction to more secure supply-chain tracking and beyond. But, until recently, this has been mostly fanciful thinking, with very few able to integrate blockchain into their tech stack.
For the most part, this is because the costs of implementing a private blockchain are simply too high. And though public blockchains are more affordable and secure, given the public nature of their ledgers, these have been essentially off-limits for healthcare companies.
But now that we have a solution that enables healthcare enterprises to build on a public blockchain that is zero-knowledge privacy enabled and requires minimal cost, it is finally feasible to leverage blockchain technology for almost any enterprise’s operations. If you want to learn more about Horizen’s sidechain ecosystem and how to start building your own blockchain, click here for more information.