Engineers develop capabilities for more secure blockchain applications

Engineers develop capabilities for more secure blockchain applications
Credit: Vanderbilt University

Vanderbilt engineers have successfully developed and validated the feasibility of blockchain-based technologies for secure, confidential sharing of patient medical records in a case study that demonstrates how blockchain could solve a huge healthcare challenge.

Health IT interoperability has been an elusive goal, with data silos between hospitals, clinics, pharmacies, and payers making exchange of information difficult. The Vanderbilt case study shows how blockchain tech could securely streamline the process.

Significantly, researchers also are partnering with a Nashville company that plans to use blockchain technology to tackle the nation's opioid addiction crises.

These developments are part of a larger effort at Vanderbilt's Institute for Software Integrated Systems to approach the problems and promise of blockchain in a holistic way. Researchers have created a range of significant capabilities, including an architecture that supports secure information access to design standards for best practices, mathematical verification that the underlying code is correct, and a test bed for researchers to try out their ideas.

In addition to healthcare, they are working on blockchain test cases with smart, connected cities, power grid applications, and supplier risk management.

"A few years ago people thought blockchain technologies would solve every imaginable problem," said Cornelius Vanderbilt Professor of Engineering Douglas C. Schmidt. "People are realizing that this goal is simply not realistic and are now looking more carefully at when and where these technologies might be useful."

Beyond the hype and high Bitcoin prices, conventional blockchain technology has been problematic for widespread applications. Its technical foundation has been around for decades, based on the concept of a public, distributed ledger. The underlying code itself is buggy and the conventional model doesn't support large volumes of transactions with stringent time constraints.

But the potential power of blockchain technology in healthcare—particularly sharing of patient data to support more timely diagnosis and treatment—is getting closer.

Credit: Vanderbilt University

Sharing medical data without an intermediary

The case study, which involved a rural hospital tumor board, as well as the blockchain architecture supporting that secure information exchange are discussed in the team's paper, "FHIRChain: Applying Blockchain to Securely and Scalably Share Clinical Data." It is available as a preprint and has been submitted to the Computational and Structural Biotechnology Journal.

Researchers from Vanderbilt and Varian Medical Systems evaluated FHIRChain, as they dubbed the technology. Pronounced as "fire," FHIR stands for Fast Healthcare Interoperability Resources.

Their goal was to design a blockchain-based system that complied with standards established by the Office of the National Coordinator for Health Information Technology—called the Shared Nationwide Interoperability Roadmap.

Healthcare companies typically contract with third parties to exchange patient medical information securely, said study co-author Dana Zhang, a Vanderbilt computer science Ph.D. candidate. This third-party intermediary serves as the trusted agent, which verifies secure transactions. For example, Hospital A, sends health information to a trusted agent, which sends it to a cancer specialist at Clinic B.

In contrast, FHIRChain is a trustless exchange with no centralized third party. The Vanderbilt/Varian team envisions a system of public and private keys that allow an identified physician or clinic access to health information at Hospital A for a specific period of time. Think of password reset emails that require action within 24 hours.

Under this scenario the data itself never leaves Hospital A.

Zhang, who has interned at Varian, a medical device and software firm based in California, as well as the Nashville-based Center for Medical Interoperability, said the team wanted to use blockchain as a decentralized access mechanism to facilitate permissioned medical record exchange. The case study is not unlike a patient wanting a second opinion on a medical issue from an outside specialist because board members are spread out geographically.

"The problem always is getting data to another doctor," she said. "In this approach, the data is opened up for a temporary period of time (with a decryption key), but the original facility or doctor is still the data owner."

The keys, or long, complex passwords generated by the system, make accessing data easier but also give all parties, including the patient, confidence in the security of the system.

Engineers develop capabilities for more secure blockchain applications
Credit: Vanderbilt University

Balancing decentralization and confidentiality

Blockchain technologies provide a decentralized peer-to-peer network, which involves some tradeoffs. Researchers at Vanderbilt and elsewhere are focusing their efforts on applications in domains where disintermediation (that is, having no central authority) is more important than strict confidentiality, Schmidt said.

"The idea is there is strength in numbers," he said. "Because you don't want anyone in charge, you are willing to give up some confidentiality. You may know Party A sold something to Party B and although you don't know who they are, you know some transaction took place."

Such a system is "tamper-aware," Schmidt said.

In the area of humanitarian aid, where blockchain already is being tested, the priority is ensuring aid gets into the right hands, for the right purposes, and no one is cooking the books. Applications in renewable energy involve maintaining a record of who is buying and selling power from their solar panels and wind farms to the grid.

The broader effort at Vanderbilt is tackling blockchain fundamentals. That includes developing more secure "smart contracts" that are a foundation of the technology. Jules White, an associate professor of computer science, said a meta-analysis of 20,000 smart contracts found 8,000 with security issues.

"The major bugs actually came from the creators of blockchain platforms," he said.

Yet permanence is part of classic blockchain theory—the idea that each step in a transaction is ledger entry that cannot be changed. When problems, including serious security breaches, surface the fixes are not easy.

Experts at Vanderbilt are attacking that problem from multiple fronts, including developing a secure test bed where researchers and developers can try out their ideas.

Engineers develop capabilities for more secure blockchain applications
Credit: Vanderbilt University

"If you cannot change anything how do you learn from your mistakes?" said Abhishek Dubey, assistant professor of computer science and computer engineering. "We are creating an environment in the lab containing tools to build blockchain smart contracts and ensure they are correct."

Anastasia Mavridou, a post-doctoral researcher on the team, focuses on correct-by-design smart contracts. Advanced mathematics techniques can prove the soundness of the code; the test bed, or foundry, uses verified blockchain "recipes" as a starting point and examines new code based on patterns known to be glitch-free.

The application generates code, as well as validates it .

Advancing blockchain tech a Nashville priority

Leveraging components of earlier work done for DARPA, medical devices, and satellite security, Vanderbilt's experts at the Institute for Software Integrated Systems want to accelerate the development of secure blockchain technology to solve some thorny problems with transactions that involve digital assets.

The comprehensive push also adds to Nashville's reputation as a hub for healthcare IT innovation, including technologies with roots in blockchain fundamentals. Jumpstart Foundry parent company Briovation, for example, recently launched an investment fund for healthcare specific blockchain technologies. Music City ranks No. 17 on a list of metro areas for blockchain jobs in the U.S., according to a recent study by CyrptoFundResearch – ahead of Oakland, Santa Clara and Washington D.C.

The Center for Medical Interoperability, a nonprofit cooperative research and development lab founded by major health systems, is based here, aiming to simplify data sharing among medical systems and technologies. Healthcare IT providers have their own proprietary blockchain-related products in the works and, to some extent, in the market.

Vanderbilt researchers, however, approach blockchain-based applications from an open source mindset. They already are working with the city economic development leaders, who consider development of blockchain technology for healthcare vital to the city's competitiveness.

Greater Nashville is home to healthcare companies with $84 billion in annual revenue, and the industry is ripe for technological disruption. Vanderbilt's deep expertise in this area is among the assets Nashville is leveraging to lead the disruption—not follow it or get left behind altogether.

Explore further: HSBC, ING banks announce blockchain first