How do you use this and not allow for anyone with access to the block chain to also have access to all medical records? How do you secure this data without also securing the block chain access itself? How do you provide this security without effectively losing the usefulness of the block chain in general? How do you do this in a way that is effective in terms of performance/speed?
I don't have a side in this fight, and in general I absolutely agree with "solution in search of a problem", etc, but, if I had to think of an application:
All medical records are encoded as transactions between doctors and patients - that is, if person A is diagnosed with medical issue A by Doctor A, a public transaction is sent from a patient, via anonymized address, with a few bits of information:
- Amount (public due to nature of transaction on blockchain)
- Doctor (public due to complexity of anonymized destination addresses on blockchain, lets not solve impossible problems)
- Encrypted with the public key of the Doctor, the medical record
- Encrypted with the public key of the Patient, the medical record again
- Public, well-known "code" for some medical transaction, for example "code 1" could be a checkup, "code 2" could be a heart-transplant - I'm completely unfamiliar with the medical world so I suspect this system most likely already exists
- Encrypted with the public key of the Doctor, a random UUID identification code
This would allow Doctors offices to collect all their records by reading thru all transactions. Offices could validate that the patient correctly filed the transaction before accepting the transaction, and one can imagine software such that patients could easily file the transaction without having to copy the medical records, etc.
Additionally, using the public key of a doctor, one could verify that similar medical procedures were priced fairly compared to their own (ie: you could see the average cost of checkups, etc). This is most likely a naive assumption about pricing in healthcare, but maybe a good feature thanks to blockchain?
It would be particularly neat if it was powered by a contract, via something like Ethereum - You'd still need a bit of government help, but:
- Retrieval of medical data by the Doctors office is signed by a secret key contained in a contract oracle. When data is retrieved, it's signed with a timestamp indicating when the data was obtained.
- Laws requiring that valid signatures for valid timestamps from the contract oracle accompany _any and all_ use of medical records.
- Assuming the fines were steep and enforced, medical records could not be used for longer than a certain date, could be invalidated, and could be "observed being observed" by the patient.
In other words, assuming minor changes in the legal/medical system, the blockchain could actually be used to create immutable records of medical transactions, protect patient privacy, etc.
But if to accomplish this blockchain _also needs_ a trusted 3rd party and law enforcement... Then i'm not sure how it's better than any other application, except that it comes with a free globally available API, which is not actually a bad feature. Just not world-changing is all.
