In health care, blockchain technology could help secure medical records, clinical trials and prescription drug monitoring. (Photo: Getty)

A recent survey found that data security is the No. 1 issue worrying lawyers at health care systems nationwide. The explosion of information, devices and new technology that puts sensitive patient data at risk makes practicing in this highly regulated industry complicated.

But it may just be a new technology that starts putting minds at ease.

The blockchain, which experts agree is near impossible to hack, was first developed as the technology behind the digital currency bitcoin, but it is starting to be applied in other settings, including supply chains and the financial technology and health care industries.

In health care, the technology lends itself to a number of applications, namely medical records, clinical trials and prescription drug monitoring, experts say.

Simply put, a blockchain is a digital network of information, compiled in a decentralized database shared with users that may have access. Each “block” in a blockchain is a record of information, such as an entry in a ledger, that can be signed and time-stamped using a private key to prevent tampering, and is linked to a previous block.

For example, in the health care context, this means that each doctor who sees a particular patient need not undergo the time-consuming process of collecting and recording that patient’s medical history because, assuming the patient gave access to that physician, the doctor may view that information on the decentralized data­base. Patients also could revoke access to health records from a provider if providers are switched, so certain providers would only be given temporary access to these records.

Because one block cannot be hacked without hacking every other block in the chain, the technology is “a very secure system that is good for sensitive information like health records,” says Joe Dewey, a Holland & Knight partner at the forefront of blockchain development.

And some health care companies have started to notice. IBM has launched a blockchain project to develop additional uses for the technology.

It made the software open source, and the foundation that now controls the code, Hyperledger Foundation, has recruited other companies to collaboratively work on the project to develop “cross-industry blockchain technologies.” Health insurer Kaiser Permanente recently joined the efforts. In addition, IBM found in a survey that 16 percent of health care companies intend to adopt some sort of blockchain solution this year.

For legal departments, implementation of blockchain technology could mean more regulation, the most obvious of which is in the area of data privacy, experts say. Health care companies could expect oversight from the U.S. Department of Health and Human Services’ Office for Civil Rights, which enforces the Health Insurance Portability and Accountability Act, they add.

The Office of the National Coordinator for Health Information Technology—the techie arm of HHS—likely also would become involved. Last year, the office held a challenge that solicited white papers on blockchain technology and its potential use in health IT systems.

State regulations, which can be more protective of data and vary significantly, would also come into play and could restrict information sharing, says Melissa Bianchi, a partner in the health law practice at Hogan Lovells.

“You can’t do a work-around of the state rules just by coming up with a new solution,” she says.

In addition, the Federal Trade Commission, which Bianchi adds is “always important in privacy and security issues,” generally weighs in when health data that are not subject to HIPAA come into play.

“Companies still have to comply with the FTC’s expectations for consumer health data,” she says.

The Food and Drug Administration would oversee the protection of data collected from clinical trials. And the FDA, like HHS’s health information technology office, may also recognize blockchain’s potential. In January, the agency entered into an agreement with IBM’s Watson to explore the use of the technology to securely share patient data.