Healthcare Blockchains & Smart Contracts: Technical and Legal Challenges

Blockchains and related concepts like smart contracts and digital autonomous organizations (DAOs) have emerged from the computer networking and cryptography techniques popularized by cryptocurrencies like bitcoin. With bitcoin having some degree of commercial operational success, a number of folks have been keen to apply these technologies in other fields. One approach to valuation for the impact of technologies is to consider the size of the addressable market. With cryptocurrencies, the potentially addressable market is very large – almost everyone on the planet uses money in some form these days. Many other blockchain applications[1] (e.g. supply chain provenance) address narrower industrial rather than consumer markets. Healthcare blockchain applications may be one area with a large potentially addressable market (who doesn’t have health to worry about?)  depending on the specific use case.

A variety of healthcare applications have been proposed [2] including drug counterfeiting prevention, clinical trial, public healthcare management, longitudinal healthcare records, automated health claims adjudication, online patient access, sharing patients’ medical data, user-oriented medical research, precision medicine, and, smart contracts to improve the credibility of medical research. In some cases, these are moving beyond proposals into implementations based on open-source code bases such as Ethereum or Hyperledger. The designers of healthcare information systems may have a number of different requirements associated with the systems they are designing, and the criteria for applying blockchain are not always clear. Healthcare applications must balance patient care with information privacy, access, completeness, and cost. Rationales proposed for using blockchains in healthcare applications include: access control, non-repudiation, data versioning, logging, data provenance, data auditing, and data integrity, which is quite far from the double-spending problem solved by Nakamoto in his famous whitepaper. The data stored in and the actors operating on a healthcare blockchain also seem quite different from the actors and transactions of cryptocurrency blockchains.

Many of the healthcare application proposals do not address mass markets. Assuring drug provenance, for example, is an important social good given impetus with the DSCSA legislation in the USA. This, however, addresses and industrial market – the pharmaceutical supply chain, and while mass-market consumers benefit from this advancement, they do not directly interact with the blockchain in this use case. Use cases around medical records and adjudication of healthcare claims have a greater potential for impacting mass-market consumers. Work remains, however, to crystalize use cases that are viable – not just from a technological perspective, but also from commercial and legal perspectives as well as from the perspectives of the various actors in health care delivery.  

Technology issues can be seen as risks impeding design and deployment of healthcare blockchains. There is not one blockchain but a variety of implementations with different characteristics (even the original bitcoin has forked). With multiple (and uncertain) use cases and fragmented or customized technology approaches, it is only possible to talk of the technology and legal challenges in general terms. Identified[3] technology challenges to the development of healthcare blockchains include interoperability, security and privacy, scalability, speed, and patient engagement. Interoperability, scalability, and speed are characteristics of the software implementation of healthcare applications on the blockchain. The degree of patient engagement can be significantly impacted by the not just the implementation and trust issues, but also the usability of the system and the overall user experience with the healthcare blockchain. Security, privacy and trust issues reflect concerns about not just the implementation, but the processes for assuring the users can trust the blockchain and its associated software, as well as the organizational and legal context. Because of the use of blockchain technology in the financial industry, and the associated loss risks, the security of blockchains and related smart contracts have received significant attention. Financial losses can often be addressed through other means (e.g. insurance); privacy losses (e.g., disclosed medical records) may be harder to detect and redress.

Legal issues often arise with the introduction of new technologies.  Where the use cases involve sophisticated commercial entities and complement existing industry transactions, the legal issues can often be resolved with private law e.g. contracts between the parties. How existing regulations are applicable would depend on the specific industry and the use case. Where the use case involves mass-market consumers (generally assumed to not be sophisticated parties), public laws and regulations are more likely to be applicable, protective of the consumer, and were written prior to the possibilities of the new technology being envisioned. There are very few public laws explicitly mentioning blockchain, though there has been some incremental progress at the State level in the USA, most of this is targeted as fintech applications of blockchains. In this environment, the legal uncertainty often reduces to assessing how the technology use case would be classified under the existing regulations. DAOs are rather novel as legal entities, but such entities may prove useful to meet the privacy requirements of consumer-oriented healthcare blockchains. While DAOs may fit within some states’ LLC enabling legislation, additional legislative initiatives may be required for DAOs to be deployed more widely.

Smart contracts provide a computational mechanism built on top of a blockchain. These have a number of applications from enforcing legal requirements for transactions to implementing business process workflows. With industrial use cases, sophisticated parties may negotiate the smart contract before implementing it. With consumer use cases, the smart contract would more likely be an adhesion contract that the consumer would not be able to negotiate. Of particular concern with smart contracts is the source of data to trigger smart contract decisions. Oracles for financial data feeds are emerging, but medical data oracles are less widely available. Smart contracts have been proposed for dispute resolution in a manner similar to arbitration, but this has not yet received large scale adoption.

Open source blockchains like ethereum and hyperledger enable easier technology exploration. Building on these with privacy enhancement technologies like zero-knowledge proofs and privacy-preserving computation will help address the technical challenges in privacy that healthcare blockchain use cases bring.  The development of standards[4] to build industry consensus around the terminology and fundamental technical choices to be made will help reduce the fragmentation in the technology. The IEEE 2418.6 healthcare standards project can help, but will take some time to address all the use cases. Specific use case development to define the service requirements from the user point of view would also be very helpful. Automation of existing use cases may be more easily tractable; given increasing concerns for privacy, however, new paradigms to empower people to control their data footprint in cyberspace are emerging. Placing patients in control of their data and having others query for it would be a significant change from existing practices. For industrial markets, existing standards bodies may be well-positioned to develop these use cases. For consumer use cases these may emerge through private enterprise, or through discussion in more public forums (e.g., regulatory hearings, NGO activities etc.).

For a more detailed treatment of this topic refer to my paper presented at the 2019 ITU Kaleidoscope academic conference “ICT for Health: Networks, standards and innovation”.  

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.

[1] See e.g., F.Casino, et. al., “A Systematic literature review of blockchain based applications: Current Status, classification and open issuesTelematics and Informatics, vol. 36, pp 55-81, (2019).

[2] See e.g., S.Agraal, et. al, “Blockchain Technology: applications in Healthcare”, Circulation: Cardiovascular Quality and Outcomes 10.9 (2017)

[3] See, e.g., C. Agbo, et. al., “Blockchain Technology in Healthcare: A Systematic Review”, Healthcare, vol.7, no.56, (2019)

[4] See e.g., the work of ISO TC 307, IEEE, ITU

Posted on
Categories: Business, Legal, Technical
Disclosure of Material Connection: Some of the links in the post above are “affiliate links.” This means if you click on the link and purchase the item, I will receive an affiliate commission. Regardless, I only recommend products or services I use personally orbelieve will add value to my readers. I am disclosing this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.” The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser; drstevenawright.com does not recommend or endorse the contents of the third-party sites. Readers of this website should contact their attorney to obtain advice with respect to any particular legal matter. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client relationship between the reader, user, or browser and website authors, contributors, or Dr. Steven A. Wright. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided "as is;" no representations are made that the content is error-free. This website is owned and operated by Macadamia Solutions LLC.