3 Ugly Truths about Healthcare
Healthcare, and more specifically how it stores and uses data, is in what some people call a “state of chaos” right now. Pretty much every person in the US has had their personal health data including some financial data breached or knows someone who has. I myself have been part of 2.
Truth 1: All Security is Reactive.
According to Protenus who tracks reported breaches in the United States, there were 477 breaches in 2017, that’s more than 1 a day! A new threat of holding data for ransom has also impacted providers last year limiting the ability for providers to access health data required to make effective decisions about the care they offer.
Since records have been mandated to be made digital, providers were forced to adopt digital storage systems but failed to invest in the security of their network. The reality is that it only takes finding the weakest link for hackers to gain unrestricted access to large sets of records that often contain SSN numbers and other financial data.
One solution, to lower the risk of being the weakest link, is moving to a cloud provider for patient data storage. The cloud provider usually has multiple locations with generator back-up, battery backup, security guards around the clock, and the latest cyber security defenses.
This level of protection is much better than most providers can build and maintain themselves, so this is definitely a step in the right direction; however, storing large amounts of data under the administrative control of one owner has not proven very effective. The Equifax breach of 2017 resulted in 148 million records being stolen demonstrating the risks involved with traditional centralized cloud storage solutions. The target value was very high, far exceeding the costs required to accomplish the hack.
To be fair, I’ve been very close to network security for the better part of my professional career and the ugly truth is this…
All security is reactive!!!
The cycle looks something like this:
- A new attack is created
- A number of targets are breached/attacked
- Vendors develop a way to defend the attack
- Additional breaches occur until everyone adopts the new technology
- A new type of attack is created.
What this ultimately means is that in the current system, there will always be breaches and data ransoms and whatever new cyber attack is created. Moving more data to the same location just makes the target larger, increasing the value, and therefore the amount of resources a hacker is willing to put towards their goal.
Truth 2: Other people are monetizing your data
While not as violating as having your personal information exposed, there’s a financial gain factor that is driving the powers that be to push this consolidation to the cloud.
Access to more data for free.
Data is king right now and honestly, from an advancement of medicine perspective, data needs to be accessible to researchers so they can improve on patient outcomes. Without access to large amounts of data, machine learning and AI will not be possible.
I believe this needs to happen to improve the precision with which we deliver medicine, and also to help prevent the top 5 chronic illnesses which are responsible for a large percentage of today’s healthcare costs.
Healthcare simply cannot scale to support the growing population demands. The Commonwealth Fund rated the U.S. health care system as the worst among the 11 developed nations and pays the most for it.
A rarely known truth is that these service providers make money off yourdata.
Many sell “de-identified data” to other companies to be used in research, development, or to learn demographic patterns and behaviors to sell sell more of their product. This is data about you, paid for by your insurance… you should at a minimum, be compensated fairly if your data is sold right?
Truth 3: $1 Trillion in waste in the US Healthcare
The last truth for today find its root cause in a provider’s need to have full access to your data.
The truth is this, there is a cycle consisting of regulation to protect against breaches and fraudulent activity that has snowballed out of control.
Many experts estimate that that 10% of the US healthcare expense is due to fraudulent activities. That’s over $300 Billion per year. In fact, if you add in the administrative costs to protect against fraud, security, and other waste, it is estimated to cost the US $1 Trillion dollars. Almost 1/3rd of the total healthcare spending.
It’s easy to see how this can happen when providers, and those who administer and store your data, have unrestricted access to use your information.
For example: Providers make claims on behalf of the patients, so they need access to all the patients personal health information. They cannot make claims unless they have access to administration. They also answer questions from insurance companies that a patient could not answer. For example, was the proper ICD-10 code is used to record left hip soreness due to a fall? Can an alternate drug be prescribed instead?
With the amount of fraud occurring, every step of a process must be documented, recorded, and verified. This makes it impossible to process claims and records in real-time. So a lot of data entry has to be completed at a later time and it requires access to a patients record. It is a necessary evil based on the way the healthcare system is built.
Now imagine a new way of managing health records and data
- Data is owned and controlled by the person.
- Only the creator and current owner of a patient record has full access
- An owner can share read-only access to specific sets of data, for specified durations, and revoke access at will.
- Information is processed without the need to view the data through the use of executable contracts.
- Databases contain a single record lowering target value.
- Sensitive information is broken into pieces, encrypted, then distributed across multiple services.
- All transactions around this data is recorded in a distributed ledger that has the ability to detect and mitigate fraudulent activity
- People are paid for submitting their data to researcher and education!
- People are rewarded for using their data to improve health and wellness
This is exactly what Helix3 is building today.
To address the storage of data, we are now able to create a decentralized storage system that breaks large information into smaller pieces, encrypts them, and scatters the pieces around the internet. Now, physically taking a device that is storing information will only result in pieces of data, each having a different encryption key to hack, with no relation to each other.
It’s like having 1000 random pieces from 10,000 different puzzles. It is impossible to complete the picture for any of them, since none of the pieces relate to each other and there’s not enough information in each piece of the puzzle.
Through a decentralize system, only the owner of the data, and those with permission to view-only the data can collect the different pieces to make the information whole again. Only the data owner can grant users view-only access, and can set timers where access is automatically blocked.
This effectively creates a database of one so, even if a hacker successfully gains access to one account, the key to access someone else’s is completely different. The value of a target is extremely low especially considering the extreme computational resources required to hack even a single record, and the proof of stake lost when detected as a bad actor.
In a decentralized system, not even the platform administrator can view your data. Even more powerful is that workflows that require access to sensitive data can be controlled through what are called smart contracts and oracles. The benefit of these types of technologies is that machine to machine communication can be leveraged so that a contract processes the information and communicates the results.
For example, before a doctor performs a procedure, a contract can determine if the patient is covered or not. All the doctor needs to do is input a patient ID and the procedure code, the contract will:
- Retrieve permission to retrieve the policy number from the patients record
- Pull the patients insurance information from the benefit’s provider
- Perform the verification of coverage and send confirmation to the patient with costs
- The patient then approves/denies the procedure.
- Insurance company pays the provider instantly upon completion.
Path to adoption
There is a lot of money to be made in the current system, and the incumbents are not known for adopting change very quickly.
This is why Helix3 has chosen a direction that focuses on the patients instead of taking on the giants directly. We’ve created a Goal Achievement System that rewards our members for connecting data sources and performing healthy activities.
In the US, there is a requirement for providers to provide patient’s choice in which app they use to consume and share their health data. Helix3 will leverage this CMS Meaningful Use requirement in a 3 step plan to solve many of the problems in reactive health care and improve proactive healthcare in the process.
- Step 1: Ensure that our members have a consolidated set of all their data for which they have complete control.
- Step 2: Integrate with the existing healthcare systems and Healthcare transformers so that they can leverage all the benefits of the Helix3 platform.
- Step 3: Empower the patient to monetize their data in exchange for a more customized health experience that has significant gains in patient outcomes.