A blockchain is a ledger of transactions that is stored across a network of computers, known as nodes, as a way of decentralizing ownership and allowing the users to control how the information is amended and updated. Transactions are broadcast across the network, and every node has their own updated version of the transaction events. Removing ownership of the data from one single person lends more accountability and legitimacy to transactions, and allows the activity to be verified by multiple users, making it highly-difficult for outside parties or hackers to corrupt the network or data. Blockchain technology was originally created to support the digital currency, Bitcoin, but the tech community has found quite a few other potential uses for the technology.
One potential application of blockchain technology outside of digital currency is using it to manage electronic health records (EHR). Storing patient data is an essential component of operating a healthcare firm, but maintaining huge volumes of this type of data either physically or digitally can be a daunting and risky task. Blockchain technology has been said to not only be able to help store large amounts of patient data, but could also ensure that the data is accessed by verified users only.
Perhaps the most compelling argument for the use of blockchain technology as a means to manage EHRs is that its use inherently includes an audit trail. This allows the verified users to see exactly which user added or amended data and when they did so. This type of built-in transaction record can help to pinpoint liability in the event of a massive error or breach.
One of the biggest risks in health information technology (HIT) is a lack of connection between policy and procedure among healthcare firm employees when it applies to access control. The need for healthcare firms to actively manage access control was highlighted in a 2017 case involving Memorial Healthcare System in South Florida. A former employee’s login credentials had been used daily to access patients’ personal health information for at least a year, until the US Department of Health and Human Services (HHS) noticed. Memorial had access control policies in place, but did not terminate user privileges, resulting in a $5.5 million settlement against the healthcare provider. While blockchain technology requires each user to be verified in order to access data, it’s not impossible for credentials to be shared.
The emergence and popularity of blockchain companies raises important questions about HIT security risks. It can be difficult to evaluate companies based on a technology that is new and constantly evolving. Just like with any technology or service, not all blockchain companies are as reliable as others, which means there is still a level of associated cyber risk. The healthcare facilities insurance market is poised to help mitigate these risks through cyber insurance products so that healthcare facilities can explore this new technology without having to foot the bill in the event of a costly error or data breach.
About Highland Risk Services
At Highland Risk, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. With offices to serve you in Chicago, Illinois and Phoenix, Arizona, we do everything we can to make your experience with us as professional and transparent as possible. To learn more, contact us at (847) 832-9100.