{"id":12714,"date":"2018-06-04T14:05:36","date_gmt":"2018-06-04T14:05:36","guid":{"rendered":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/?p=12714"},"modified":"2018-06-04T14:08:09","modified_gmt":"2018-06-04T14:08:09","slug":"blockchain-chock-full-of-problems-for-medical-data-privacy-by-jessica-berger-mlis-cipm","status":"publish","type":"post","link":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/blockchain-chock-full-of-problems-for-medical-data-privacy-by-jessica-berger-mlis-cipm\/","title":{"rendered":"Blockchain \u2013 Chock full of problems for medical data privacy by Jessica Berger, MLIS, CIPM"},"content":{"rendered":"<p><strong>Readers are invited to challenge my position.\u00a0 This technology is in its nascence and more is yet to come\u2026.<\/strong><\/p>\n<p><strong>Blockchain undermines The Fair Information Practices Principle of Participation<\/strong><\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Computer based patient records have already caused millions of innocent patients\u2019 private medical details to be breached and exploited.\u00a0 These records should by right have remained offline.\u00a0 Currently, I believe that it is a serious mistake for the health care field to adopt blockchain technology as a storage and transmission modality for patient information. \u00a0Existence of information in perpetuity on a Blockchain obliterates the protections inherent in the Fair Information Practices Principle of Participation.\u00a0\u00a0 The Fair Information Practices Principle of Participation states that an individual should \u201cbe able to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended\u201d (IAPP, 2018).<\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 When wrongly diagnosed with a medical condition that might stigmatize an individual, the widely distributed nature of Blockchain storage renders it extremely difficult if not impossible to erase erroneous and potentially damaging information.\u00a0 In the case of private and sensitive medical information in general, the place for this information is with the doctor or nurse alone. \u00a0For all the good it has done, HIPAA has failed to prevent the data breaches of 229,659,140 medical records (Privacy Rights Clearinghouse, 2018).\u00a0 No amount of security engineering will be sufficient to prevent more data breaches of computerized patient records stored on Blockchain.\u00a0 The world-wide-web was created to share information.\u00a0 It is by its very nature unsuitable for storing confidential patient information.<\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 For medical information that will be widely distributed, even if this distribution occurs in a private Blockchain, that format is still prone to hacking.\u00a0\u00a0 If revealed to prejudiced potential employers or other entities, this could affect a person\u2019s ability to earn a living, establishing a framework for the commitment of egregious wrongs that are inarguably intolerable to individuals.\u00a0 For example, if someone receives a false positive diagnosis of a serious communicable disease, this can be ruinous if the information is breached.\u00a0<\/p>\n<p><strong>Blockchain<\/strong>\u00a0<strong>contradicts the foundational concept of Information Life Cycle Management<\/strong><\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Information Life Cycle Management facilitates organizations\u2019 ability to comply with laws and industry regulations regarding the disposition of personal data.\u00a0 Compliance with these regulations supplies numerous benefits, including but not limited to the security of information about individuals. \u201cILM is a policy-based approach to managing the flow of information through a life cycle from creation to final disposition\u201d (IAPP, 2018).\u00a0 Where information is stored on a blockchain, the disposition of that information becomes impossible even when the information contained in those records is erroneous.\u00a0 Since blockchains can be hacked, and since they are widely distributed, personal information that should have been destroyed (but which could not be destroyed because of the very nature of a blockchain) becomes linked to numerous entities, exposing that information to breaches and the person to whom it is connected.\u00a0<\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The lack of boundaries within this schema is also reason for concern with regards to confidential information.\u00a0 Despite robust encryption and other security measures, we have witnessed the proliferation of data breaches that would never occur if the information was simply collected by the one entity that needs it and stored in one locked cabinet, or on an offline hard drive.\u00a0 The notion that your personal information exists to be exploited has been widely adopted as a foundational credo of modern marketing, but its popularity does not render it ethical or right.<\/p>\n<p><strong>Blockchain prevents the Fair Information Practice Principle of Openness<\/strong><\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 When people&#8217;s personal information is entered into a system and they are not informed that it will become part of a blockchain, this runs counter to the Fair Information Practice Principle of Openness which states that \u201cthat there should be a general policy of openness about developments, practices and policies with respect to personal data. \u00a0Means should be readily available to establish the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller\u201d (IAPP, 2018). Given that the data will reside with myriad entities, it is not possible to inform users of where their personal data will reside, even if they are informed up front about the fact that their data will be stored on a blockchain.\u00a0 While some people may not care about their medical privacy, others may avoid seeking care altogether rather than risk their confidential health information being pushed through the torrent to numerous strangers.\u00a0 Yes, there are safeguards, but history tells us that these are likely to be dismantled.<\/p>\n<p><strong>With Blockchain, Consent and Choice Rights Are Denied to Patients<\/strong><\/p>\n<p>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 A Privacy Impact Assessment evaluates numerous factors in a system that collects PII, including the presence of \u201cconsent and choice rights for data subjects and whether the system is designed with information lifecycle principles in mind\u201d (IAPP, 2018).\u00a0 It is unclear how storage of private information distributed across numerous entities in a blockchain allows a patient to have a choice about where their most personal data will be stored and shared and at the moment, it does not seem possible to delete the data once it is input into the blockchain.\u00a0 This nullifies a key feature of the information lifecycle.<\/p>\n<p>\u201c&#8221;For me, it should be very clear that it\u2019s the user, using a service, who should be the one deciding, if how and for what purpose his data are processed,&#8221; Sippel said.\u201d\u00a0 This reason alone is enough to nullify the idea of adopting blockchain technology as a modality for medical information storage.<\/p>\n<p>It goes back to the most fundamental credo:<\/p>\n<p>Just because a technology exist does not mean we should use it.\u00a0<\/p>\n<p>The nuclear bomb exists, but we should not use it.<\/p>\n<p>The blockchain exists, but we should not use it to store any sensitive information, especially medical information.<\/p>\n<p><strong>References:<\/strong><\/p>\n<p>Carson, A. (2018). Sippel\u2019s appeal to privacy pros: Help me maintain human dignity.\u00a0 The Privacy Advisor. IAPP. Retrieved from\u00a0<a href=\"https:\/\/iapp.org\/news\/a\/sippels-appeal-to-privacy-pros-help-me-maintain-human-dignity\/\" data-saferedirecturl=\"https:\/\/www.google.com\/url?hl=en&amp;q=https:\/\/iapp.org\/news\/a\/sippels-appeal-to-privacy-pros-help-me-maintain-human-dignity\/&amp;source=gmail&amp;ust=1528205767302000&amp;usg=AFQjCNH-zg4woR49TYs_9MVA6CNM7zavEQ\">https:\/\/iapp.org\/news\/a\/sippels-appeal-to-privacy-pros-help-me-maintain-human-dignity<\/a><\/p>\n<p>Privacy Rights Clearinghouse. (2018). Data breaches. Retrieved from\u00a0<a href=\"https:\/\/www.privacyrights.org\/data-breaches\" data-saferedirecturl=\"https:\/\/www.google.com\/url?hl=en&amp;q=https:\/\/www.privacyrights.org\/data-breaches&amp;source=gmail&amp;ust=1528205767302000&amp;usg=AFQjCNFMZX2LPwjulzgw7UXvTHrprJQZJw\">https:\/\/www.privacyrights.org\/data-breaches<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Readers are invited to challenge my position.\u00a0 This technology is in its nascence and more is yet to come\u2026. Blockchain undermines The Fair Information Practices Principle of Participation \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Computer [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,20],"tags":[34],"class_list":{"0":"post-12714","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-blockchain","7":"category-professional-views","8":"tag-medical-data-privacy","9":"czr-hentry"},"_links":{"self":[{"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/posts\/12714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/comments?post=12714"}],"version-history":[{"count":2,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/posts\/12714\/revisions"}],"predecessor-version":[{"id":12716,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/posts\/12714\/revisions\/12716"}],"wp:attachment":[{"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/media?parent=12714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/categories?post=12714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ischoolblogs.sjsu.edu\/blockchains\/wp-json\/wp\/v2\/tags?post=12714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}