Medical records, but on the blockchain — the history of a bad idea

Patients having control over their own medical data — whatever “control” means here — is a perennial favourite blockchain pitch. Even if it’s blithering nonsense.

The claim is vague, ill-formed and varies between perpetrators — but it’s generally that patients will be able to control who has access to which of their data at what time, in what context.

The following image is from a survey sponsored by the Personal Connected Health Alliance, who love “blockchain,” and also “AI,” whatever they think those things are. The survey was about “connected healthcare” — apps, devices, Fitbits, smart watches and so on:



Have you heard of any of the following patient data right / data management providers using ‘blockchain technology,’ i.e. technologies that promise to give patients greater control over their health data.

Well, blockchains sure promise it … but they don’t, in fact, achieve it. There are no blockchain systems that do this.

How do you tell someone that blockchains do not do this? How do you get them back to reality, from a place where this sounds like a reasonable question?

This particular survey appears to be marketing for MintHealth, a “decentralised health information” startup, which also — gosh, who’d have thought! — has an ICO for a “security token offering” (archive).

But they’re just the latest in a long line of snake oil salesmen. I first encountered the idea in 2016 — to quote chapter 11 of Attack of the 50 Foot Blockchain:

I sat in on one presentation by a Big Four accounting firm on the Blockchain in health care: three blokes (one with a tie, two without) talking about the hypothetical possibilities a blockchain might offer health care in the future, all of which was generic extruded blockchain hype, and much of it Bitcoin hype with the buzzword changed. When an audience member, tiring of this foggy talk, asked if there was anything concrete that blockchains could offer the NHS, they responded that asking for practical uses of Blockchain was “like trying to predict Facebook in 1993.” The main takeaway for the health care sector people I was with was swearing never to use said accounting firm for anything whatsoever that wasn’t accounting.

The idea was first put forward in November 2014 — and the current version of the concept seems to originate with the MIT Media Lab’s Digital Currency Initiative in 2015, as we’ll see shortly.

What can a blockchain do?

The “blockchain” is the data structure behind Bitcoin. It’s a ledger you can only add new entries to — plus a “consensus mechanism” to decide who gets to add new entries. That’s it. That’s all.

It gets weird because Bitcoin is a bit cultish, and literally based on conspiracy theories. And that’s before you even get to the bit where the real draw is the promise you’ll get rich for free. People will talk any magical nonsense if they think they might get rich from it.

“Blockchain” in business is an attempt to market this idea as the solution to literally any organisational problem. This was originally to evangelise Bitcoin, but the big push these days is from consultancies looking to sell billable hours.

Also, there’s not in fact any agreed technical definition of “blockchain” — in practice, it really does just mean “whatever I’m trying to sell you today.”

If you want more detail, the simple non-technical introduction is this talk I did for market researchers — that’s a 22-minute talk with slides you can crib, and some questions after. Blockchains are really simple, and the usual reaction is: “What? That’s not magical at all. How do they get all of this nonsense out of that?”

The health care pitch is mostly “unalterable record” and “no central control.” Neither of these is really true enough for the job — and neither is what you’d actually want.

The problem with patient data

Patients worry about their personal data. They want their doctor to have everything the doctor needs to help them — but that data is highly sensitive and personal, and it’s nobody else’s business. It’s not even the business of other medical personnel in the same organisation, unless they’re actively working on your case.

The obvious way to control access to patient data is a conventional centralised database, with a suitable structure of access control lists (ACLs) — who’s allowed to see what, and when. You will be unsurprised that this is precisely how the National Health Service (NHS) in the UK does it in practice.

There are important issues with large central pools of data — specifically, data protection, susceptibility to leaks, and what a private service provider may have access to. The NHS databases are arguably too centralised.

The hard part in practice is to come up with an ACL structure that’s comprehensible and usable by mere human NHS employees and patients — and which meets their social expectations.

Blockchain proposals tend to claim that the patient’s threat model is the healthcare providers themselves. Nobody likes being messed around by bureaucrats — but cryptography will save you!

The American-style health insurance industry is another excellent bogeyman — it’s clearly evil and superfluous. You can sell technical “solutions” to this 100% political problem, whether or not the solutions would do a single thing about it.

How would you even use a blockchain for this?

So — how would you do any of this with a blockchain? And what does a blockchain in particular bring to the problem? This is where the various projects’ white papers start getting a little vague.

There’s the brittle-but-obvious ideas — like encrypting data, or its hash, in a message field on a blockchain, with conventional PGP-style public key encryption. This means you could permanently lose your healthcare record as easily as you can lose your bitcoins, just through a fat-finger fumble.

I think of users like my 85-year-old mother — who is reasonably competent and has all her marbles, but can barely work a computer, let alone manage PGP cryptographic keys.

And what do you do when a patient is incapacitated, or unable to consent?

You can’t provide customer service — fixing basic human error — in a decentralised system. If you need problems to be fixable — and, of course, you do — there’s no reason not to just use a centralised system, like the present NHS database.

And if problems aren’t fixable, your patient outcome numbers are only going to be negative.

The problem is not the mechanism — it’s the politics of who gets access to what. The legal structures, and the social structures. These needs are complex and often inchoate, and not easily reduced to a few lines of Solidity code.

It’s easy to put already-encrypted data onto a blockchain — the entire hard part of the problem is digital identity that is usable by ordinary humans. It turns out that replacing a social institution with a computer program is difficult.

So the usual strategy is to write hundreds of pages about how well you’ve done with the easy bits — and the hard bit’s coming some time in the astounding future.

It turns out that medical records regulations exist

I won’t go into great detail — but almost everything about blockchain proposals for medical records is laughably illegal under almost any health information privacy law.

Every American I asked who deals with this stuff went “what on earth, HIPAA, HITECH” and “do these people know anything about this at all?”

The answer is: no, of course they don’t — because blockchain promoters pretty much never do.

Blockchain promoters are never going to get US institutional providers to adopt systems that could possibly violate privacy laws. I can’t overstate how seriously the providers take HIPAA.

Systems that are adopted will be built from a standpoint of complete regulatory compliance — and whether the backend database runs on something blockchain-descended will be absolutely the last thing anyone worries about.

The source of the disease

The very earliest medical blockchain proposal my readers and I can find is a November 2014 blog post by Ryan Walker. This outlines some of the present-day promises.

Factom claimed a medical blockchain initiative, in partnershp with HealthNautica, in April 2015 — based merely around adding encrypted records to a blockchain. This press release was retracted when HealthNautica found out about it. (Good thing Factom didn’t announce it on a blockchain, then.)

A May 2015 presentation by Melanie Swan, “Digital Health Revolution: Blockchain Health and Crypto Wellness Futures,” promises all manner of ill-specified nonsense, some time in the astounding future, with magical added blockchains.

But as far as we can tell, patient zero for the present-day forms of medical blockchain claims is a November 2015 presentation by the MIT Media Lab’s Digital Currency Initiative.

Chelsea Barabas: Patient-Centered Health on the Blockchain

Chelsea Barabas, then at the MIT Media Lab’s Digital Currency Initiative, gave this presentation at Singularity University’s Exponential Medicine conference.

Barabas’ talk seems to be the direct ancestor for many claims about medical blockchains since. Not just the ideas — including some technically bizarre ones, like blockchain-based logs of all accesses to patient data — but some of her phrasings.

Barabas’ talk also gives away much of the thinking behind the advocacy of medical blockchains — it’s a weird version of Bitcoin libertarianism.

The Digital Currency Initiative was founded to fund Bitcoin core development. This would be why MIT’s pitch here — for software that’s supposed to make administration work better — is so heavy on talking up Bitcoin.

(If anyone ever tries to tell you that “blockchain” is totally separate from Bitcoin — it’s always the same people talking up both of them, in the same venues.)



This talk is worth watching, even at 2× speed with captions on.

Barabas starts by pitching Bitcoin, including in terms of its “market cap.” She claims (2:31) that “there’s five and a half billion dollars right now tied up in Bitcoin.” Of course, it’s completely false to claim that $5.5b of money is “tied up” — you’re just talking about that day’s volatile price, multiplied by the number of coins that someone thinks are accessible. If the price goes up $10, did more cash suddenly get “tied up”? Of course it didn’t.

Marketing Bitcoin with made-up numbers catches the singularitarians’ attention. So let’s sell them on “blockchains,”  which Barabas describes in terms of how the decentralised Bitcoin blockchain works.

And you can put any kind of data onto the blockchain — at 6:23, Barabas specifically suggests putting MP3s or videos on the blockchain. This is while talking about Bitcoin’s blockchain in particular — which really just doesn’t have space for arbitrary quantities of cat pictures.

The threat model to medical service provision is governments, apparently — “Especially for the libertarian-leaning type of people in the audience.” (5:27)

We eventually get to medicine at 6:38:

How could this be useful within the context of medicine? This is a question that I posed just two weeks ago to a group of MIT researchers, and health professionals back at MIT, and together we collaboratively came up with a list of what we call the “blockchain superpowers” — basically, features of the blockchain that we think are particularly exciting to explore moving forward.

The specific medical use cases Barabas outlines are:

  • Interoperability — that is, blockchain will apparently fix your data formats and connectivity. Blockchain will also work around those pesky laws on access to medical data — “to access data across jurisdictional lines” (7:11). At best, Barabas is describing a problem that’s correctly solved with a centralised database.
  • Data integrity — that you just have to make things “cryptographically authenticated on the blockchain this way” (9:03) to be accurate. (This turns out not to be the case.)
  • Counterfeit drugs and supply chain integrity — because the people who forge documents now will, for some reason, not lie to a blockchain. At  best, this is another problem that’s correctly solved with a centralised database.
  • Access control to patient data — this is where the dream is set out in full. Barabas proposes you work around institutions by using … other institutions? Remember, this is what MIT is saying that ordinary people — e.g., my mother — will be expected to go out and do. Quoting Barabas from 13:27 on:

There are a group of researchers who are thinking about using the blockchain as a way to transform this paradigm, from an institutional-centric approach to data management, to an individual-centric approach around data management.

What this approach would look like is using the blockchain as a means for doing data access management. What you would do is, instead of having that data being diverted to third-party servers that you have no control over, you would either set up your own server or pay for a service by a trusted third party to store that data yourself.

  • Access logs for patient data on the blockchain — this one is frankly bizarre. There is no blockchain that offers this functionality — but this too has become a standard promise for medical blockchains. Quoting Barabas from 14:08 on:

You’d register pointers to that data in the blockchain that then would enable you to set up a wide range of very detailed transactions about who has access to that data, when they have access to it, and very specific detail about what specific data you have access to.

  • Zero-knowledge proofs — we can answer questions about encrypted data without decrypting it — which Barabas literally claims “wouldn’t be possible without the blockchain as it currently is” (17:10), and never mind that zero-knowledge proofs were first put forward in 1989.
  • Smart contracts — these will apparently “cut through a lot of those bureaucratic inefficiencies” (19:39) in an unspecified manner, thus making health insurance cheaper — rather than the actual problem being the dysfunctional American private health insurance system.

MIT’s MedRec — protecting medical data with Proof-of-Work

The Media Lab tried putting their ideas into practice with MedRec, a system for patient-controlled medical data, in August 2016.

MedRec proposes a Proof-of-Work system, where massive quantities of electricity are wasted to secure highly sensitive patient data. That’s the best idea they could come up with. Rather than, e.g., a centralised database with access control, in a functional legal system and society.

Thankfully, the initial implementation used “Proof-of-Authority” — in which a closed pool of participants just take turns to add blocks:

In the current design, providers themselves maintain the blockchain. The rationale for this is that providers are already trusted keepers of medical data.

That is — “trustless” decentralisation works so much more efficiently if you centralise it to trusted entities.

It’s not clear if the MedRec initiative is still active — the only institution involved was Beth Israel Deaconess Medical Center, and it’s not even clear if they ran a trial or just hosted the test instance.

The current state of play

It’s 2019, and, of course, no systems using blockchains for access control of patient data are in production. Because this is snake oil that claims to work around political, social and legal issues using impossible and nonexistent technological magic.

The only beneficiaries will be blockchain consultancies. Patient outcomes — which is a number that you have to provide for literally every exciting new medical initiative — will only be negative.

The claim is nonsense in detail. It’s been reprehensible marketing rubbish since it was first put forward. If these guys show up trying to sell you “blockchain,” escort them off the premises immediately.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

12 Comments on “Medical records, but on the blockchain — the history of a bad idea”

  1. My mind is boggled by the delightful lasagna of stupidity these folks are putting together. Layer upon layer of wrongness, with a sauce of libertarian balderdash!

  2. I’ve been sharing similar concerns for several years —

    Blockchain doesn’t solve “healthcare interoperability” issues because as a Technology architecture it can’t fix the main problem of SOCIO-POLITICAL reasons (turf wars, competition for customers) that keep different healthcare orgs and vendors from sharing data; and even if orgs/vendors were willing to share data, there is a lack of Semantic Interoperability, so combined datasets can’t be analyzed/used unless significant efforts to do data normalization and data cleaning.

    For all the blockchain startups that tout the benefits of giving different users Different Levels of Access to different parts of datasets and software systems — that’s already possible without blockchain — using Passwords and Sys Admin settings for Access Controls. Data Encryption already possible without blockchain.

    And the Supply Chain use cases that focus on the immutability of the chain of documentation – that doesn’t address the issues of 1. what if initial record entered into the blockchain is wrong/fake, and 2. even if the documentation trail is solid, that still doesn’t “prove” what’s INSIDE the packaging.

    I’m not saying there are no use cases for blockchain, just not many of the ones that get hyped about.

    1. Blockchain makes the proof of who inserted the wrong data, and offers a strong alternative to many paper based process for transferring probing information between organizations.

      The purpose of a Blockchain for the traceability/authenticity of data, is not much for replacing actual databases, but rather to propose a way of interconnection between them, and their legal entity.

      Some solutions can guaranty the accessibility of data thanks to ACLs policies.

      1. Both of those are common in existing real-life systems, and neither requires any sort of “blockchain”. Or we’d see blockchains in the production systems.

        Every single blockchain use case outside actual cryptocurrencies turn out to be made-up rubbish to sell you blockchains. And cryptocurrencies have their own extensive list of problems.

  3. Hi David, thanks for describing this so clearly. I have been puzzled by the obvious stupidity of blockhain as a technology for healthcare interoperability and I am glad you have taken the effort to peak against that!

  4. Whilst I share similar concerns to those outlined in the article – especially in relation to compliance with various privacy regulations, I understand that Estonia has used blockchain technology as a further layer of security to underpin their centralised e-health records.

    It is worth noting that this was only possible through a whole of government commitment, across all aspects of government administration, including the implementation of a secure national identity system.

    I am in no position to assess the depth or success of this implementation, however it does appear to meet GDPR requirements.

    1. The Estonian “blockchain” is a prime example of the “whatever I’m trying to sell you” approach to “blockchain” marketing – it literally isn’t even a blockchain, they tried to redefine the 1979-model Merkle tree append-only ledger as “blockchain” for marketing purposes.

      1. Thanks David. I appreciate the correction as I don’t have sufficient technical knowledge to assess the technology or assertions.

  5. When I can’t find any humor on Internet and cat videos, I read crypto news. I find reading crypto news cheap and effective way to combat boredom. That’s how I landed on this article. Cheers!

  6. Very belated comment, but thank you for this post. I used to work as a software developer in digital health, and the first time I heard someone in all seriousness suggest putting medical records on the blockchain my head pretty much exploded. It’s great to see someone spelling out why this is such a terrible idea and why all these promises are so much hot air, as I was only capable of angry sputtering.

    Something that did strike me reading this post is that crypto enthusiasts are prone to a very particular sort of verbal sleight-of-hand – inherent in the very name “crypto” – namely, that they equate using cryptography with using their pet blockchain implementation. Some of the benefits they claim blockchain will bring, insofar as they’re possible at all, would be feasible using a centralized database with ACLs *combined with* client-side encryption. I worked on a system like this for a while, and although I can’t say I’d recommend it overall it’s still miles better than attempting to do the same with blockchain as a backing mechanism. (Especially because every single reason I wouldn’t recommend it would apply to the blockchain version, too.) But options like this are brushed under the carpet, it’s blockchain or bust. Seriously disingenuous.

    And I’d be very curious to hear how exactly blockchain is supposed to solve the interoperability problem.

  7. As a general rule all ideas proposed by the MIT Media Lab are idiotic. If MIT is not institutionally embarrassed by the Media Lab’s very existence, it ought to be.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.