Implementation Considerations for Blockchain in Healthcare Institutions

Ketan Paranjape,1 Mitchell Parker,2 David Houlding,3 Dr. Josip Car4

Affiliations: 1F. Hoffmann-La Roche Ltd., Roche Diagnostics, Indianapolis, IN, USA; 2Information Security and Compliance, Indiana University Health, Indiana University Health University Hospital, Indianapolis, IN, USA; 3Industry Experiences, Cloud + AI, Microsoft Corporation, Microsoft, Redmond, Washington, DC, USA; 4Centre for Population Health Sciences (CePHaS), Lee Kong Chian School of Medicine, Nanyang Technological University, Singapore, Singapore

Corresponding Author: Ketan Paranjape, Vice President, Roche Diagnostics, 9115 Hague Rd, Indianapolis, IN 46256, USA. Email:

Keywords: Blockchain technology, Healthcare institutions, Implementation, Immutability, Liquidity, Patient records, Protected health information, Tutorial

Section: Use Cases/Pilots/Deployment


Objective: This article aims to provide a primer on blockchain technology and implementation considerations for blockchain at healthcare institutions.

Results: After research and interviews, we developed a primer and a high-level implementation guide for healthcare systems exploring the use of blockchain technology.

Conclusions: The use of blockchain technology in health care is at a promising stage in development but blockchain-based applications are yet to be demonstrated as a viable platform for exchanging and reviewing information. Healthcare systems should be cautiously optimistic regarding the potential of blockchain and do a thorough business and technical diligence that is driven by targeted use cases to be successful.


Health care is undergoing a transformation worldwide.1 In many developed countries, mature but antiquated national healthcare services are burdened by an aging population, payment reforms, worker shortages, and rising costs.2 The emergence of innovative technologies like artificial intelligence (AI),3 however, has made many healthcare systems optimistic about solutions and ready and eager for change. Another key technology leading this trend is blockchain,4 which can help healthcare providers automate medical record mining to aid in making more accurate diagnoses5 or reduce medical errors6 by enabling more accurate and tailored treatment, while simultaneously reducing the financial burden.

After success in industries like financial services7 and retail,8 if blockchain can be scaled and moved into mainstream health care, it can help alleviate many concerns over security and privacy of health data and help stitch together a longitudinal history of health data that are fragmented and locked away in disparate locations in the healthcare system today.

Sophisticated use of blockchain technology will contribute to improved health outcomes, improved healthcare quality, and lower health care costs—the three overarching aims that the United States is striving to achieve (improving care, improving health, and reducing costs).9


Blockchain is a foundational platform to keep secure data in a distributed, encrypted, shared ledger and control access to that data. Blockchain technology is based on distributed ledger technology10,11,12,13,14 (DLT), which is a type of secure database that is implemented among a group of participants, without a central authority or administration. Members or contributors can create, modify, or remove transactions in the database by observing rules that are enforced by the ledger. For example, the ledger may ensure that you cannot spend money you do not have.

Immutability15 is an important aspect of blockchain for building trust and protecting the integrity of data stored on the blockchain. Once data are stored on the blockchain, it cannot be changed. Modifications and deletions can be accomplished through appending new records to the blockchain that supersede the originals. However, the older records on the blockchain remain intact. Distributed ledgers are used for building a broad class of applications and services like secure, robust cryptocurrencies (e.g., Bitcoin); for providing verifiable ownership of assets; and for managing access rights to personal data. These services can be provided without the requirement that a single organization be trusted with the data.

Another important consideration is ownership of assets. This is accomplished by digital keys, addresses, and digital signatures. A pair of digital keys are generated at a time—one public and one private.16 Comparing this to a bank account, the public key is the bank account and the private key is the secret Personal Identification Number (PIN) to access that account. The address is similar to the bank routing number that can be shared with anyone wanting to send money to you. Finally, the digital signature is like a real signature and is used to prove one’s identity, except that blockchain uses cryptography, which is more secure than hand signatures that can be easily forged.


Today’s patients demand a more personalized,17 seamless, and coordinated approach to their care, where providers amalgamate health data from multiple different siloed data sources (e.g., medical records, payer systems, genomics, clinical trials, and government sites) to come up with a diagnosis. Unfortunately, two major issues limit this approach: significant security and privacy concerns18 that impede sharing of health records, and the fact that patients interact with a large number of healthcare providers, leaving a scattered trail of information.19

Much of the apprehension surrounding data security and patient privacy is fueled by recent high-profile security breaches in patient healthcare records. A recent study revealed that healthcare data breaches are rapidly growing in scale and impact to healthcare institution and patients.20 The primary concern of patients is that they have little or no control over their information after it has been provided to a payer, provider, or healthcare exchange. Patients want greater insight into how their data are used, who has access to it, and when it is being modified.21

To complicate matters, patients have medical histories from a variety of caregivers, such as a pediatrician, a university physician, a dentist, an employer health plan provider, or a medical specialist. Over the years, they leave data scattered across many healthcare systems that lock them away in silos.22 The result is a trail of health records that are hard to collect, are difficult to piece together, and are under primary ownership of the healthcare provider.23 Table 1 summarizes the other pain points in health care today and how blockchain technology can be applied.

Table 1. Summary of healthcare pain points and potential blockchain opportunities

Pain Points Blockchain Opportunities
Healthcare “liquidity”—Data silos, lack of trust, ownership and incentives to inter-operate
  • DLT enables a distributed trust framework
  • Allows for secure data access and aggregation with robust auditing capabilities
Healthcare costs and quality of delivery
  • Enables better utilization and risk management through creating a holistic physician–patient centered view
  • Supports value-based care by enabling analytics for quality reporting
Process complexity
  • Enables smart contracts, pre-authorizations to speed up payments.
  • Traceability and time-stamps help eliminate fraud and abuse
Patient/consumer engagement
  • Enables patients to share and control their data, better engagement, and personalized care
Privacy and security
  • Encryption and cryptography-enabled security
  • Better integrity due to peer-to-peer accountability and ability to enforce granular permissions.

DLT: distributed ledger technology.

Blockchain applications24 offer opportunities to address privacy and security concerns and bring together a longitudinal patient record from the patient’s perspective. A key benefit of using blockchain is that it can be used to empower patient to control access their health records. The patient can now give permission to their clinician to review their health record; grant access to another clinician for a second opinion; or provide read-only access to a guardian, doctor, pharmacy, insurance company, as needed via their private key. A subset of the patient data (metadata) that is represented in formats like the Continuity of Care Document (CCD) can be stored on the blockchain together with a link to the actual data location, and a hash code can be used to verify the integrity of the record stored off the blockchain. In this way, only minimal but sufficient (for the defined use case) Personally Identifiable Information (PII) and Protected Healthcare Information (PHI)25 need be stored on the blockchain. The bulk of the PII and PHI can remain in the secure enterprise systems where they currently reside.

In this manner, blockchain can facilitate discovery of information about a patient, and actual records may subsequently be securely exchanged via secure, direct (i.e., not via blockchain), peer-to-peer communications between the sending and receiving healthcare organizations. Confidentiality of patient information can further be protected using private consortium blockchains, accessible only to well-known and highly trusted healthcare organizations that require access to it. Similarly, mechanisms like sidechains26 that can allow tokens from one blockchain to be securely used in a separate blockchain can be used to isolate blockchains. Last, but not least, information on the blockchain can be encrypted to protect data confidentiality. Public Key Infrastructure (PKI) asymmetric encryption techniques can be used to empower patients with their private key and the ability to authorize access and use of their healthcare information. Individuals are granted access using smart contracts.27 This is accomplished when certain conditions listed by the patient are met (see Figure 1).


Figure 1—Example of blockchain ecosystem in health care28.

Blockchain provides the structure for health data that enables it to be analyzed but remain private. Taking advantage of the pseudonymous29 nature (i.e., coded to a digital address rather than to a patient name) of blockchain technology and its privacy, personal health records could be linked securely through the blockchain.30 Blockchain then provides a novel way to securely create a virtual lifelong longitudinal health record by storing encrypted access links to individual records from disparate health systems into a distributed ledger application and make the links accessible to authorized users.

Another important healthcare stakeholder, the payers (e.g., insurance companies, Centers of Medicare and Medicaid Services) also recognize the potential of blockchain. Blockchain can help create and maintain an accurate, comprehensive, longitudinal and secure up-to-date view of patient revenue cycle and clearinghouse activities across the payer–provider network. This allows payers to reduce operational burden, quickly validate a claim, handle pre-authorizations, and develop more sensitive risk stratification practices. Change Healthcare validated this model with its purchase of the assets of PokitDok.31

Finally, to take blockchain mainstream in healthcare, multiple healthcare leaders (payers, providers, and diagnostics laboratory) are coming together to create a common data sharing platform called Synaptic Health Alliance.32


The use of blockchain technology in health care is at a promising stage in development, but blockchain-based applications have not yet been demonstrated as a viable platform for exchanging and reviewing information.

One key challenge with blockchain is the immutability15 of data (i.e., once data are entered, they cannot be removed). From trust building and anti-fraud perspectives, immutability has great value, but from a legal perspective it introduces challenges, especially in the context of data subject to “right to be forgotten” requirements—such as in the recently released General Data Protection Regulation (GDPR) rules33—since PII on the blockchain cannot be erased. Blockchains can also introduce challenges with compliance where nodes span multiple regulatory or data protection law jurisdictions. Any data stored on the shared distributed ledger of the blockchain flow to each copy maintained consistently by each node of the blockchain, and this can introduce data sovereignty and trans-border data flow challenges.

A second challenge with blockchain relates to implementation.34 For blockchain technology to succeed, it must be integrated with current healthcare applications and processes. Care delivery processes may need updating to make use of new capabilities enabled by blockchain, including those for new patient-centric use cases. In these types of use cases, patients could gain more control over who has access to their health records, and the healthcare industry would have to enable this. Enabling patients to manage their healthcare data can be risky, and with multiple parties contributing, managing security keys could be difficult or prove impractical. Cybersecurity challenges with blockchain also remain prevalent.

Blockchain has significant features that strengthen security, in particular in the protection of data integrity with immutability, and improved protection of the availability of the network since blockchains are decentralized and have no single point of failure. However, protecting the availability of each blockchain node remains the responsibility of the associated healthcare organization, and this will become more critical as blockchains are used for mission critical healthcare services. Further, protecting the confidentiality of data stored on the blockchain remains the responsibility of the blockchain consortium of healthcare organizations. Fortunately, there are many well-established multi-layered, defense-in-depth strategies that can be employed to achieve effective security with blockchain.

There also remains a need for guiding principles and controls to establish security in the context of existing risk management programs. The white paper Advancing Blockchain Cybersecurity: Technical and Policy Considerations for the Financial Services Industry35 by Microsoft illustrates eight core principles and controls needed to effectively implement security controls for permissioned blockchains.


The Healthcare Information and Management Systems Society (HIMSS) Blockchain Work Group is in the process of identifying and analyzing business and technical factors that would facilitate blockchain implementation in healthcare.36

The group has developed an initial checklist that healthcare institutions can use to help set up and/or augment their existing blockchain initiatives. Key activities on the business side include identifying use cases, business models, incentives and return on investment (ROI). Careful thought has to be given to privacy, security and compliance. The IT team will have to consider the right technology, architecture, along with performance, throughput and scalability implications. Finally, the institute will have to prototype and pilot the use cases with the ultimate goal of deploying a solution that can improve patient care.


The healthcare industry values many of the basic underlying tenets of blockchain technology, such as trusted execution, non-repudiation of data, auditable trails and records for transactions, full replications of data in a secure environment, consensus on data changes, and decentralization of authority/data. Blockchain technology holds high promise of being a widely adopted mechanism in the healthcare system for resolving issues that have long concerned the industry.

At the same time, there are many areas of blockchain that are relatively untested in a healthcare environment, such as the need for a service level agreement, viability of privacy, scalability of a system to handle large numbers of participants, control and restrictions around access to patient data, and issues of patient record ownership.

Despite its tremendous potential, healthcare systems should be cautiously optimistic regarding blockchain technology and maintain a healthy skepticism toward the hype surrounding it today. As healthcare systems embark on securing and digitizing their infrastructure, they should focus on introducing novel clinical decision support systems using analytics and AI.

Blockchain shows great potential in providing a foundation to support and advance AI. As use cases for blockchain are identified that have compelling value to healthcare—from reducing cost to improving patient outcomes, engagement, and experiences—they can be prototyped with attention to privacy, security, and compliance from the start, and piloted with de-identified test data across consortiums of participating healthcare organizations to test, improve, and evolve the solutions for optimal effectiveness.

Funding Statement: The author(s) received no financial support for the research, authorship, and/or publication of this article.

Conflict of Interest: None of the authors declare any conflicts of interest.

Contributors’ Contributions: Each author contributed to the conception, writing, and revisions of the article.


1. Shaping the Future of Health and Healthcare > Initiatives | World Economic Forum [Internet]. [cited 2018 Jul 8]. Available from:
2. 2018 US and Global health care industry trends | Deloitte US [Internet]. [cited 2018 Jul 8]. Available from:
3. The Lancet. Artificial intelligence in health care: Within touching distance. Lancet (London, England) [Internet]. 2018 Dec 23 [cited 2018 May 6];390(10114):2739. Available from:
4. Pirtle C, Ehrenfeld J. Blockchain for Healthcare: The next generation of medical records? J Med Syst [Internet]. 2018 Sep 10 [cited 2018 Aug 15];42(9):172. Available from:
5. Esteva A, Kuprel B, Novoa RA, et al. Dermatologist-level classification of skin cancer with deep neural networks. Nature [Internet]. 2017 Feb 25 [cited 2018 Aug 15];542(7639):115–8. Available from:
6. Schiff GD, Volk LA, Volodarskaya M, et al. Screening for medication errors using an outlier detection system. J Am Med Informatics Assoc [Internet]. 2017 Jan 19 [cited 2018 Aug 15];24(2):ocw171. Available from:
7. Blockchain innovation for The Royal Bank of Scotland—GFT USA [Internet]. [cited 2018 Aug 15]. Available from:
8. Blockchain poised to “revolutionize” retail, Deloitte says | Retail Dive [Internet]. [cited 2018 Aug 15]. Available from:
9. Berwick DM, Nolan TW, Whittington J. The triple aim: Care, health, and cost. Health Aff [Internet]. 2008 May 2 [cited 2018 Jul 8];27(3):759–69. Available from:
10. Nakamoto [AQ1]S. BitcoIn: A peer-to-peer electronic cash system. WwwBitcoinOrg [Internet]. 2008;9. Available from:
11. Radanović I, Likić R. Opportunities for use of Blockchain technology in medicine. Appl Health Econ Health Policy [Internet]. 2018 Oct 18 [cited 2018 Oct 27];16(5):583–90. Available from:
12. Distributed Ledger Technology: Beyond block chain. [cited 2018 Jan 24]. Available from:
13. Kuo T-T, Kim H-E, Ohno-Machado L. Blockchain distributed ledger technologies for biomedical and health care applications. J Am Med Informatics Assoc [Internet]. 2017 Nov 1 [cited 2018 May 5];24(6):1211–20. Available from:
14. Blockchain challenge on ONC Tech Lab—ONC Tech Lab innovation—Confluence [Internet]. [cited 2018 May 5]. Available from:
15. Hofmann F, Wurster S, Ron E, Bohmecke-Schwafert M. The immutability concept of blockchains and benefits of early standardization. In: 2017 ITU Kaleidoscope: Challenges for a data-driven society (ITU K) [Internet]. IEEE; 2017 [cited 2018 Oct 29]. p. 1–8. Available from:
16. Maram B. Bitcoin generation using Blockchain technology. JOIV Int J Informatics Vis [Internet]. 2018 Apr 20 [cited 2018 Oct 27];2(3):127. Available from:
17. Dudley JT, Listgarten J, Stegle O, Brenner SE, Parts L. Personalized medicine: From genotypes, molecular phenotypes and the quantified self, towards improved medicine. Pac Symp Biocomput [Internet]. 2015 [cited 2018 Jul 8];342–6. Available from:
18. Meingast M, Roosta T, Sastry S. Security and privacy issues with health care information technology. In: 2006 International Conference of the IEEE Engineering in Medicine and Biology Society [Internet]. IEEE; 2006 [cited 2018 Jul 8]. p. 5453–8. Available from:
19. Hanchate AD, Ash AS, Borzecki A, et al. How pooling fragmented healthcare encounter data affects hospital profiling. Am J Manag Care [Internet]. 2015 Feb [cited 2018 Jul 8];21(2):129–38. Available from:
20. Sixth annual benchmark study on privacy & Security of healthcare data. [cited 2018 Jan 24]; Available from:
21. Improving the health records request process for patients insights from user experience research. [cited 2018 Jul 8]; Available from:
22. Mandl KD, Szolovits P, Kohane IS. Public standards and patients’ control: How to keep electronic medical records accessible but private. BMJ [Internet]. 2001 Feb 3 [cited 2018 Jan 24];322(7281):283–7. Available from:
23. Geer L. Who owns medical records: 50 state comparison | Health Information & the Law [Internet]. 2017 [cited 2018 Jan 24]. Available from:
24. BlockchaIn: Opportunities for health care | Deloitte US [Internet]. [cited 2018 Jul 8]. Available from:
25. Methods for de-identification of PHI | [Internet]. [cited 2019 May 25]. Available from:
26. Sidechains: Solving the Blockchain scaling problem—Coinmonks—Medium [Internet]. [cited 2018 Nov 20]. Available from:
27. Nugent T, Upton D, Cimpoesu M. Improving data transparency in clinical trials using blockchain smart contracts. F1000Research [Internet]. 2016 [cited 2018 Jul 8];5:2541. Available from:
28. BlockchaIn: Opportunities for healthcare — RJ Krawiec [Internet]. [cited 2018 May 5]. Available from:
29. Dubovitskaya A, Xu Z, Ryu S, Schumacher M, Wang F. Secure and trustable electronic medical records sharing using Blockchain. AMIA Annu Symp Proc [Internet]. 2017 [cited 2018 Jul 8];2017:650–9. Available from:
30. Swan M. BlockchaIn: Blueprint for a New Economy (1st ed.). O’Reilly Media, Inc. 2015. Available from:
31. Change Healthcare snaps up blockchain startup PokitDok | Healthcare Dive [Internet]. [cited 2019 May 27]. Available from:
32. Home | Synaptic Health Alliance [Internet]. [cited 2019 May 27]. Available from:
33. Can blockchain’s immutability survive GDPR’s right to be forgotten? [Internet]. [cited 2018 Jul 8]. Available from:
34. HIMSS advises layered approach to healthcare blockchain [Internet]. [cited 2018 Jul 8]. Available from:
35. Advancing blockchain cybersecurity [Internet]. [cited 2018 Oct 14]. Available from:
36. Part 2: Healthcare Blockchain—A path to success in 2018 | HIMSS [Internet]. [cited 2018 Aug 15]. Available from:

Copyright Ownership: This is an open access article distributed in accordance with the Creative Commons Attribution Non Commercial (CC BY-NC 4.0) license, which permits others to distribute, adapt, enhance this work non-commercially, and license their derivative works on different terms, provided the original work is properly cited and the use is non-commercial. See: