More secure blockchain applications

that complied with standards established by the Office of the National Coordinator for Health Information Technology—called the Shared Nationwide Interoperability Roadmap.

Healthcare companies typically contract with third parties to exchange patient medical information securely, said study co-author Dana Zhang, a Vanderbilt computer science PhD candidate. This third-party intermediary serves as the trusted agent, which verifies secure transactions. For example, Hospital A, sends health information to a trusted agent, which sends it to a cancer specialist at Clinic B.

In contrast, FHIRChain is a trustless exchange with no centralized third party. The Vanderbilt/Varian team envisions a system of public and private keys that allow an identified physician or clinic access to health information at Hospital A for a specific period of time. Think of password reset emails that require action within 24 hours.

Under this scenario the data itself never leaves Hospital A.

Zhang, who has interned at Varian, a medical device and software firm based in California, as well as the Nashville-based Center for Medical Interoperability, said the team wanted to use blockchain as a decentralized access mechanism to facilitate permissioned medical record exchange. The case study is not unlike a patient wanting a second opinion on a medical issue from an outside specialist because board members are spread out geographically.

“The problem always is getting data to another doctor,” she said. “In this approach, the data is opened up for a temporary period of time (with a decryption key), but the original facility or doctor is still the data owner.”

The keys, or long, complex passwords generated by the system, make accessing data easier but also give all parties, including the patient, confidence in the security of the system.

Balancing decentralization and confidentiality
Blockchain technologies provide a decentralized peer-to-peer network, which involves some tradeoffs. Researchers at Vanderbilt and elsewhere are focusing their efforts on applications in domains where disintermediation (that is, having no central authority) is more important than strict confidentiality, Schmidt said.

“The idea is there is strength in numbers,” he said. “Because you don’t want anyone in charge, you are willing to give up some confidentiality. You may know Party A sold something to Party B and although you don’t know who they are, you know some transaction took place.”

Such a system is “tamper-aware,” Schmidt said.

In the area of humanitarian aid, where blockchain already is being tested, the priority is ensuring aid gets into the right hands, for the right purposes, and no one is cooking the books. Applications in renewable energy involve