“What we need is a better balance between sharing healthcare data and ensuring the security of that data”.
Hi Navin – How did a busy doctor like you end up getting involved in a distributed technology project like The IOTA Foundation?
Ha yes, people are often surprised by this. But I believe the underlying theme of data security and integrity is fundamental to eHealth and to making healthcare systems work better in the future. Advancements in Distributed Ledger Technology (DLT) can provide features to healthcare systems that were not previously available.
There is an ongoing process of healthcare digitisation, moving away from the paper medical records with which we grew up. Now admittedly these paper records pose many challenges in terms of legibility, sharing and reuse, but they do have the benefit of relative security. It is quite hard to find my paper records amongst the thousands in any hospital, even after physically breaking into the medical records department!
However, now that many healthcare records are stored electronically in the cloud, it makes it much easier to find out a lot of confidential information about somebody, if you have the technical skills. What we need is a better balance between sharing healthcare data and ensuring the security of that data. Data needs to be more accessible and easily shared but protected by the best possible security measures. Distributed ledger technology (DLT) may play a very important role in both aspects.
If you look at the recent example of ransomware in the NHS, it shows just how vulnerable some systems may be, and how easy it is for everything to grind to a halt, to the detriment of patients. In this case we know about the attack because the result is so obvious. But could we have been attacked more stealthily with records stolen or changed? We are entering the era of Artificial Intelligence and Precision Medicine, both reliant on data to make potentially life-altering decisions. The integrity of the data which powers these decisions will become even more important.
Furthermore with new technologies such as wearables becoming more commonplace we also have to be more vigilant as these technologies may be open to attack. And this in turn could be a route to attacking the bigger systems.
The Guardian recently featured a story about an 11-year old boy who was able to hack into a robotic teddy bear, and some years ago you may remember that Dick Cheney had the wireless connection to his pacemaker disabled due to concerns regarding hacking.
So can you explain to us a bit about the IOTA Foundation and what it has to do with eHealth?
The IOTA Foundation is a non-profit organisation based in Germany whose role is to promote open source distributed ledger and related technologies. We now have 2 healthcare advisors, including myself and John Halamka who is the International Healthcare Innovation Professor at Harvard Medical School, Chief Information Officer of the Beth Israel Deaconess System, and a practicing emergency physician.
IOTA itself is a distributed ledger – it is not a blockchain, in that it doesn’t contain blocks or a chain, but it serves a similar purpose. What it creates is a decentralised ledger for provenance and security of all data. This has been built from the ground up to maximise speed and scaling, to overcome the biggest restrictions of traditional blockchains.
What motivated you to take a role with the IOTA Foundation, given all the other demands on your time?
I stumbled across IOTA almost by accident, when looking at different DLTs. I managed to install the reference implementation and started playing around and getting interested in what it could do. As I started to realise the possibilities for healthcare I become more and more interested and got to know some of the people leading the project. It became clear that we had very similar long-term goals, and so I just had to be involved!
Now we are starting to get serious interest from backers like Outlier Ventures and are launching major projects, like our newly announced DLT research and innovation network for eHealth in Oslo. It’s really exciting to see what will happen in the year ahead.
What makes IOTA so scalable compared to say Bitcoin or Ethereum?
I think people are now starting to see the scaling issues in traditional blockchain. It has been evident in Bitcoin for a while but the recent spate of Initial Coin Offerings or ICOs (a process where digital tokens are sold to raise funds for developing blockchain startups) on Ethereum have highlighted that scaling is just as much of an issue for the Ethereum network.
Blockchains like the Bitcoin network are reliant on “miners”, whose job it is to process all the transactions on the network. To do this the miners must keep a full ledger or ‘bank statement’ of every transaction that has ever occurred on the network and then must perform very complicated computation to solve a puzzle, in order to earn a reward. As there may be thousands of transactions waiting in the queue, miners tend to pick those transactions associated with the largest fee (essentially a bonus “tip”). As the number of transactions has grown, so has the time to process a transaction and the average fee. Concurrently, the puzzles that have to be solved become incrementally harder over time, such that it now takes the same amount of energy to process one bitcoin transaction as it does to power over 3 US households for a day.
This simply can’t work for an Internet of Things involving many millions of devices. IOTA’s network, known as the Tangle, allows for features like low power consumption, zero fees, infinite scalability, fast transactions, and secure data transfer.
IOTA removes the need for miners, which are central to Bitcoin and Ethereum. Instead, in order to send an IOTA transaction, a user’s device must confirm two other transactions on the network, in essence doing the job we would delegate to the blockchain miner. To confirm these two transactions, the device performs low difficulty “proof of work” (a series of mathematical problems, as a security measure) and devices we all own, such as laptops and phones, can do these calculations.
This novel architecture allows for zero mining fees. And since each transaction requires the sender to verify two other transactions on the Tangle, the more transactions that are performed (n), the more transactions are confirmed (n*2). This means that IOTA scales proportionally.
In fact adding more users and transactions actually increases the security of the system from attack (as more computational power would be required to hijack the system). IOTA also utilises a mesh-network-like architecture for in-built protection from attack, automatically picking up if abnormal activity is clustered in one area.
Other than data security, what other problems does the IOTA platform solve from a physician’s perspective?
The security aspect is currently my main focus in the DLT space. However we are also examining many other use cases including identity / consent management, supply chain and research governance. But, I am not a DLT maximalist. I do not believe that DLTs are the magic bullets which will fix all our problems, especially when it comes to data interoperability (see my previous work on opencancer.net).
I think the main value of IOTA is in improving data integrity and providing a ledger which can act as a map to where data resides. Using this combination we can imagine new distributed services that break the traditional silos of information to provide a more patient-centric (rather than institution-centric) model. With proper identity and consent management, the patient may be empowered to control their own data and its use for secondary purposes such as research.
There is some scepticism out there, even in the technology community, about the likelihood of personalised healthcare records being agreed to by legislators. Do you think there will be any pushback from regulators given the sensitivity of healthcare data and the duty to protect the public?
Any new technology is complex and can be tricky for regulators. Healthcare data is very private but many would argue that financial data is often just as confidential. In reality healthcare data may really be no different from any other kind of personal data. In that they are both very sensitive.
The new EU General Data Protection Regulation (GDPR) treats all data as personal and private. We often underestimate the amount we give away via online search and use of GPS data on our phones in an insecure way, which may contradict our stories about who we are and how we behave. The oft-quoted example is when a person declares a certain sexual orientation on their medical records but their search history and GPS tracking data belie a different orientation.
It should also be made clear that these systems are not storing personal healthcare data on the blockchain but using distributed ledgers as a reference tool for tracking where data is stored – which could be on a highly-secure server or on a distributed storage system.
So let’s try to work together with regulators, for example, via a regulatory sandbox approach like the nascent Norwegian DLT collaboration. This approach helps us to simulate future systems and provide confidence to regulators and others that we can build products and services that can serve consumers’ healthcare data better and more securely.
What other developments is IOTA is working on?
IOTA is part of the DIF (Decentralised Identity Foundation), which is an open source project looking at decentralised identity anchored by distributed ledgers, and involving partners like Microsoft, Accenture, Gem, Civic and BigchainDB.
IOTA is also a founding member of The Trusted IoT Alliance, together with partners such as Cisco, Bosch and Gemalto. This is an effort to unite Distributed Ledger Technologies, with the goal of arriving at a production ready blockchain solution for IoT and related large-scale technologies.
Developments to the core technologies can be found on our roadmap. There are many more developments in progress, and these will be revealed as agreements allow.
Additionally, IOTA is developing concrete applications that relate to personal data – for example, in relation to GDPR, we are working with Digital Catapult on personal data receipts on top of the IOTA ledger. The aim is to create a template or standard to display what type of information is stored about you by an institution, and to make sure it complies with the regulation. The ledger would act as a provenance trail tracking your agreement to share various types of data about yourself. In the ecosystem of the future there will be so much more data generated, we need to have systems in place that can both manage and secure that data at scale and at low cost to the user. That is a key area where IOTA is trying to find solutions.
You can find our more about IOTA on Twitter.
Want to know more about Blockchain solutions for healthcare? Dr Ramachandran will be speaking at our upcoming event Healthcare Unblocked which takes place on Friday 13 October. Early bird tickets are available now until end of August.