top of page

HIPPA PRIVACY CONCERNS AMID A BLOCKCHAIN FRENZY


There are an abundant amount of inefficiencies with different aspects of the current healthcare system, but this article is about one in particular—the electronic medical records system. When analyzing an industry from a strategic perspective, it is often important to look at the industry environment and ascertain its structure. Looking at the electronic medical records industry would reveal that its structure is highly fragmented with providers often using different electronic medical record operating systems, which creates a number of inefficiencies. For example, if Dr. Seuss wants to know your medical history and his file is incomplete, he must request the medical records from each past medical provider, all of which likely use different medical record operating systems. Because medical record operating systems are innumerous, the medical records industry could be characterized as fragmented as well as antiquated, ripe for consolidation and disruption.


As you have read on this website and probably many others, blockchain technology looks to change how all types of transactions are made and the role agents play in facilitating these transactions. At the forefront of this undertaking in the electronics medical record industry is MedChain, a blockchain-based electronic medical records provider. For a more-detailed look at MedChain, see here. In short, MedChain plans to utilize blockchain technology to encrypt and store personal medical information on a decentralized storage network. The patient can access his/her personal medical information through a MedChain patient application and medical providers would have access to MedChain software that functions as an intermediary of interoperability[1] between the provider’s current HIPPA-compliant software and the MedChain blockchain and distributed storage network.[2] Because this entire process involves the sharing and transmitting of medical data, a plethora of regulations apply.


From a privacy perspective, there are both federal and state privacy laws that apply to the sharing and transmitting of medical data. One major source of federal regulation is the Health Insurance Portability and Accountability Act (HIPPA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH).[3] Broadly, HIPPA is composed of privacy and security rules, the former is the topic of discussion. HIPPA sets out the rules for permissible uses and disclosures of personal medical information and provides the patient with a “patient bill of rights” that ensures, inter alia, patients have access to their personal information. HIPPA also extends to third-party entities that handle, manage, or otherwise have access to personal medical information in connection to the medical provider and the patient. In this context, the third-party is classified as a business associate and the medical provider and the business associate must enter into a business associate agreement that outlines HIPPA obligations that extend to the third-party business associate.[4]


MedChain would be classified as a business associate under HIPPA due to its core business and would need to enter into business associate agreements with each medical provider. Some believe the quantity of business associate agreements that would need to be entered into may render a MedChain-like project impractical.[5] From the patient’s perspective, MedChain provides the “patient bill of rights” via the MedChain patient application by giving the patients access to his/her personal medical information and providing updates to changes or modifications. This was once thought to be an impediment as well[6]—how a patient was going to access their records, remain updated, and provide consent—but that has changed as demonstrated by MedChain’s patient medical application.


There is no doubt that blockchain will change how transactions are recorded and stored. Whether or not MedChain will disrupt and consolidate the electronic medical records industry or spawn a new industry in interoperability of electronic medical records is yet to be determined. The anticipated beta release is in late 2018 and MedChain plans to offer securities under Regulation A and utility tokens[7] under a SAFT agreement early this year. As the technology rolls out, it will be interesting to see how it navigates through regulations such as HIPPA, HITECH, and state laws concerning personal medical information.

[1] The ability of computer systems or software to exchange and make use of information.

[4] Id.

[6] Id.

[7] For a review of utility tokens, see my article on initial coin offerings here.


THE REWIRE: 

 

The Rewire is where technology and law merge to deliver a glimpse into the world of tomorrow. It is a place to find how the most recent technological advances are shaping our ever-evolving regulatory landscape. Technology is continuously changing how we interact with the world and The Rewire offers a unique perspective that shows the dance between innovation, the legal system, and commerce. The Rewire ensures to keep its readers entertained and among the sharpest and most informed at any gathering. 

 RECENT POSTS: 
 FOLLOW THE REWIRE: 
  • Facebook B&W
  • Twitter B&W
  • Instagram B&W
Future EVENTS:
The Future of Money & technology summit
December 4, 2017, San Francisco, CA.
 
RE*WORK Deep Learning & AI Assistance
January 25-26, 2018, San Francisco, CA.
 
TechCrunch's Disrupt SF
September 5-7, 2018, San Francisco, CA.
bottom of page