Blockchain – Chock full of problems for medical data privacy by Jessica Berger, MLIS, CIPM

Readers are invited to challenge my position.  This technology is in its nascence and more is yet to come….

Blockchain undermines The Fair Information Practices Principle of Participation

                  Computer based patient records have already caused millions of innocent patients’ private medical details to be breached and exploited.  These records should by right have remained offline.  Currently, I believe that it is a serious mistake for the health care field to adopt blockchain technology as a storage and transmission modality for patient information.  Existence of information in perpetuity on a Blockchain obliterates the protections inherent in the Fair Information Practices Principle of Participation.   The Fair Information Practices Principle of Participation states that an individual should “be able to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended” (IAPP, 2018).

                  When wrongly diagnosed with a medical condition that might stigmatize an individual, the widely distributed nature of Blockchain storage renders it extremely difficult if not impossible to erase erroneous and potentially damaging information.  In the case of private and sensitive medical information in general, the place for this information is with the doctor or nurse alone.  For all the good it has done, HIPAA has failed to prevent the data breaches of 229,659,140 medical records (Privacy Rights Clearinghouse, 2018).  No amount of security engineering will be sufficient to prevent more data breaches of computerized patient records stored on Blockchain.  The world-wide-web was created to share information.  It is by its very nature unsuitable for storing confidential patient information.

                  For medical information that will be widely distributed, even if this distribution occurs in a private Blockchain, that format is still prone to hacking.   If revealed to prejudiced potential employers or other entities, this could affect a person’s ability to earn a living, establishing a framework for the commitment of egregious wrongs that are inarguably intolerable to individuals.  For example, if someone receives a false positive diagnosis of a serious communicable disease, this can be ruinous if the information is breached. 

Blockchain contradicts the foundational concept of Information Life Cycle Management

                  Information Life Cycle Management facilitates organizations’ ability to comply with laws and industry regulations regarding the disposition of personal data.  Compliance with these regulations supplies numerous benefits, including but not limited to the security of information about individuals. “ILM is a policy-based approach to managing the flow of information through a life cycle from creation to final disposition” (IAPP, 2018).  Where information is stored on a blockchain, the disposition of that information becomes impossible even when the information contained in those records is erroneous.  Since blockchains can be hacked, and since they are widely distributed, personal information that should have been destroyed (but which could not be destroyed because of the very nature of a blockchain) becomes linked to numerous entities, exposing that information to breaches and the person to whom it is connected. 

                  The lack of boundaries within this schema is also reason for concern with regards to confidential information.  Despite robust encryption and other security measures, we have witnessed the proliferation of data breaches that would never occur if the information was simply collected by the one entity that needs it and stored in one locked cabinet, or on an offline hard drive.  The notion that your personal information exists to be exploited has been widely adopted as a foundational credo of modern marketing, but its popularity does not render it ethical or right.

Blockchain prevents the Fair Information Practice Principle of Openness

                  When people’s personal information is entered into a system and they are not informed that it will become part of a blockchain, this runs counter to the Fair Information Practice Principle of Openness which states that “that there should be a general policy of openness about developments, practices and policies with respect to personal data.  Means should be readily available to establish the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller” (IAPP, 2018). Given that the data will reside with myriad entities, it is not possible to inform users of where their personal data will reside, even if they are informed up front about the fact that their data will be stored on a blockchain.  While some people may not care about their medical privacy, others may avoid seeking care altogether rather than risk their confidential health information being pushed through the torrent to numerous strangers.  Yes, there are safeguards, but history tells us that these are likely to be dismantled.

With Blockchain, Consent and Choice Rights Are Denied to Patients

                  A Privacy Impact Assessment evaluates numerous factors in a system that collects PII, including the presence of “consent and choice rights for data subjects and whether the system is designed with information lifecycle principles in mind” (IAPP, 2018).  It is unclear how storage of private information distributed across numerous entities in a blockchain allows a patient to have a choice about where their most personal data will be stored and shared and at the moment, it does not seem possible to delete the data once it is input into the blockchain.  This nullifies a key feature of the information lifecycle.

“”For me, it should be very clear that it’s the user, using a service, who should be the one deciding, if how and for what purpose his data are processed,” Sippel said.”  This reason alone is enough to nullify the idea of adopting blockchain technology as a modality for medical information storage.

It goes back to the most fundamental credo:

Just because a technology exist does not mean we should use it. 

The nuclear bomb exists, but we should not use it.

The blockchain exists, but we should not use it to store any sensitive information, especially medical information.


Carson, A. (2018). Sippel’s appeal to privacy pros: Help me maintain human dignity.  The Privacy Advisor. IAPP. Retrieved from

Privacy Rights Clearinghouse. (2018). Data breaches. Retrieved from

Leave a comment