Australia's My Health Record has been met with security and privacy concerns since day dot. The legislation wrapping the medical file in so-called protections had to be amended to allay the privacy concerns that led to 900,000 Australians opting out of the centralised digital health records system over a year ago.
Earlier this month, the Australian Digital Health Agency (ADHA) -- the agency responsible for oversight of My Health Record -- revealed a handful of occurrences where the security of the contentious medical records system was compromised.
SEE: How blockchain will disrupt business (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)
38 matters were reported, 37 were counted as breaches. Most were the result of administrative errors such as "intertwined" Medicare records or processing errors when creating records for infants.
None of the breaches were serious, but all should have been prevented.
While there is a long list of issues still plaguing the project and enough to encourage individuals to keep dropping out of the online medical file -- around 23,528 records were cancelled from February through October -- there are arguably benefits of having a health history accessible in a digital format.
Must read: Is it moral to benefit from research while opting out of electronic health records?
Speaking with ZDNet while on the Gold Coast for Gartner Symposium/ITxpo last month, Gartner fellow and VP David Furlonger floated blockchain as being one potential way a health record could be both useful and secure.
"I think the number one piece of digital functionality that we want is consent, right? We want to have more consent over who has access to our stuff and what they do with it," he said.
Although Furlonger would argue blockchain is far too embryonic to solve a problem such as a medical record just yet, he noted that a use case currently underway in a hospital in Taiwan had caught the analyst's attention due to what its future applications could be.
"The initial play here was very much efficiencies; how do I get my medical records to the individuals that need to see that portion of record in order to give me a faster or more effective treatment," he explained. "You could do that probably without any kind of blockchain -- and that's not to say that's not beneficial. Clearly, if you can cut down diagnosis time and get better treatment, it's great."
For a medical file like a My Health Record, what blockchain could allow is for the individual or the authorised representative of that individual to decide who gets access to its contents, and for how long. It could also allow for access information to be stored in a ledger.
"What the hospital [in Taiwan did] was to say, 'okay, you're in charge of this' or 'if you don't want big pharma or Facebook or whatever, to see it, they can't see it'," Furlonger said. "It's an encrypted record. You haven't given them the key, you're in charge of that for your own benefit."
Expanding further, Furlonger said the hospital looked at creating, in essence, a healthcare passport.
"They created knowledge around who that patient was -- name, gender, age, medical conditions, lifestyle etc -- and in the past, what you would find is that data is either massively distributed and loads of people that you don't want to have access to have access to it, or it's controlled by certain entities."
In that situation, what the hospital did instead was acknowledge the data actually belonged to the individual.
"They said, 'no, no, this is your information about how healthy you are, or how healthy you want to be, so you're in control of that. If you want to release that information to a drug company, because you want to access this medical trial that you would otherwise be in, or if you want to release that information to a lifestyle company because you can get discounted products -- that's up to you," he said.
What that could allow the individual to do, Furlonger said, is grant access to that information for a number of seconds, hours, or even a month, until the hash breaks and they can't gain access anymore.
According to Furlonger, this is similar to a project being undertaken by the government of British Columbia, which is trialling giving ID control to small businesses to allow them to determine where and how information is shared.
See also: Electronic health records: A cheat sheet for professionals (TechRepublic)
But taking the blockchain element of the health file one step further, he posited the idea of introducing a rewards-based system.
Healthcare is very expensive, usually because it's to do with cures as opposed to prevention; whereas blockchain, thanks to a health passport, could add future functionality for preventing health issues through the introduction of tokens.
"If you have someone with, let's say, a particular condition, in the past, you would either have not dealt with that until they [were] presented and then you have to give them drugs and that's expensive … or hit them over the head with a stick [to say] stop smoking," Furlonger pondered.
"But now you can say with tokens, if you do something, then you'll get this, which is more of a reward-based mechanism."
"You could say, your cholesterol is showing poorly, we think it would be a good idea if you ate more broccoli, or whatever it might be. If you do that, then we can give you some form of token of value, which will allow you access to something else, maybe it will reduce your healthcare insurance cost, maybe it will give you access to premium products in the grocery store, maybe it would allow you access to a gym membership, you know -- you could structure that reward mechanism," Furlonger said.
But being rewarded by eating greens when your cholesterol is high is one thing; it's another for the application of tokens to stretch to insurance companies.
There's still a long way to go before this could be a viable solution, if it at all transforms into one.
Asha Barbaschow travelled to Gartner IT Symposium/Xpo as a guest of Gartner.