Stream: blockchain
Topic: Code as Law
Doug Bulleit (Nov 03 2017 at 13:15):
Here's another angle on blockchain "elegance." Famed IP attorney Larry Lessig once remarked that "Law is code, and code is law." Think a fully distributed and autonomous HIE, one able to side-chain off into CRO, Claims Processing, Population Health and myriad other applications that extend FHIR's relevance https://medium.com/@livecontracts/live-contracts-bringing-justice-through-blockchain-b06696386cf4
John Moehrke (Nov 03 2017 at 14:40):
Myth #4. The point made in Myth 4 is making is that putting fully identifiable information into a permissioned blockchain will enable automatically pseudonymization. I think she does a good job of explaining this. Pseudonymization is more than just putting your fully identifiable information into a permissioned blockchain, it is a process of careful application of use-case specific algorithms... just what she says, pointing at current buzzwords (note most practical algorithms are far less sexy). See my latest blog on this https://healthcaresecprivacy.blogspot.com/2017/09/fhir-and-bulk-de-identification.html
John Moehrke (Nov 03 2017 at 14:41):
and my earlier blog on use of blockchain to create pseudonyms for research https://healthcaresecprivacy.blogspot.com/2016/05/healthcare-blockchain-big-data.html
John Moehrke (Nov 03 2017 at 14:41):
so, I do agree with Myth 4....
John Moehrke (Nov 03 2017 at 14:48):
I also still agree with her assessment of ALL of the myths. No one has yet convinced me of any good use of PHI on blockchain. Financial transactions for payment requests, coverage, and possibly others that don't need anything other than a pseudonym... possibly. The worry I have here is that the security of blockchain relies on those holding an identity to be careful not to be exposed (usually by their participation pattern, or stupid acts). Once exposed, they are fully exposed. Also they must absolutely protect their private key. Any effort to have ways to recover private keys, weakens the whole system. Any loss of a private key in current use of blockchain, simply results in the loss (destruction) of funny-money. Yes funny-money with potential value, but loss of just money... When we have the loss (destruction) of PHI, we have a different 'risk' evaluation.
Doug Bulleit (Nov 03 2017 at 15:20):
John. I agree with all your point AS THEY RELATE TO A PUBLIC BLOCKCHAIN. And, I realize that some see a permissioned blockchain as less sexy and/or otherwise less deserving of DLT consideration. But IFO disagree: a permissioned blockchain--one that relies upon off-chain storage of PHI (e.g., behind FHIR servers) and instead focuses upon federated PII and AAA, could enable an interesting new variety of new FHIR-enabled business models.
As for the issue around pseudonymous PII and lost private key recovery, there are interesting new solutions emerging there as well--e.g., uPort and HyperLedger Indy's "trusted witness/multi-sig" approaches. Moreover, security at the digital wallet level presents a far smaller attack surface to the overall network; in other words, owing both to their distributed architectures as well as multi-levels of advanced cryptography, DLT-based solutions are inherently more secure as well as use-case more nimble than traditional centralized networks.
John Moehrke (Nov 03 2017 at 15:27):
Doug, None of the myths were about the configuration you are referring to... Data is managed in FHIR Servers using classic http REST, access to that data is mediated by permissioned blockchain smart-contracts... If I understand your configuration properly....... If I am understanding properly, then you should see no threat by the statements in the myth busting article. You should see the article as setting the stage for you, not hurting your stage.
John Moehrke (Nov 03 2017 at 15:30):
as to private key management... it is a big deal... destruction of a private key (e.g. I forgot my wallet password), means the destruction of the ONLY way to get the data, thus destruction of PHI.... Some PHI is easy to re-create, but some data are useless without historic data, and some is outright life-threatening to re-create (Stress-Test). Health data is special in some very critical ways.
Lloyd McKenzie (Nov 03 2017 at 15:40):
And if we're talking non-public block chain, then we're talking about some form of trusted intermediary - where said intermediary has the ability to block/filter. And, if I understood the selling point, the intention was to eliminate intermediaries who could block or filter.
Doug Bulleit (Nov 03 2017 at 15:46):
I agree, I think completely, with your first paragraph conclusion (as I think you're correctly surmising the architecture and protocol that we're developing;-)
As to the second, I also agree that private key management is a "big deal." That said, consider that if a complete identity profile can be replicated in a blockchain under it's own multi-sig contract, a properly re-authenticated user, with the assistance of a trusted witness (other user), can recreate the identity and easily create a new private key. There are other proposals to skin this cat differently, and consensus standards have yet to be agreed; but IMO they will sooner than later
Doug Bulleit (Nov 03 2017 at 15:50):
Lloyd. Permsissioned (non-public) blockchains--e.g., HyperLedger--do not require an intermediary; rather they rely upon some level of trust among their P2P nodes, themselves operating over an agreed validation/consensus method. Ongoing governance of the new decentralized ecosystem, however, presents some interesting opportunities of its own;-)
Last updated: Apr 12 2022 at 19:14 UTC
