Healthcare Blockchains & Smart Contracts: Technical and Legal Challenges

Blockchains and related concepts like smart contracts and digital autonomous organizations (DAOs) have emerged from the computer networking and cryptography techniques popularized by cryptocurrencies like bitcoin. With bitcoin having some degree of commercial operational success, a number of folks have been keen to apply these technologies in other fields. One approach to valuation for the impact of technologies is to consider the size of the addressable market. With cryptocurrencies, the potentially addressable market is very large – almost everyone on the planet uses money in some form these days. Many other blockchain applications[1] (e.g. supply chain provenance) address narrower industrial rather than consumer markets. Healthcare blockchain applications may be one area with a large potentially addressable market (who doesn’t have health to worry about?)  depending on the specific use case.

A variety of healthcare applications have been proposed [2] including drug counterfeiting prevention, clinical trial, public healthcare management, longitudinal healthcare records, automated health claims adjudication, online patient access, sharing patients’ medical data, user-oriented medical research, precision medicine, and, smart contracts to improve the credibility of medical research. In some cases, these are moving beyond proposals into implementations based on open-source code bases such as Ethereum or Hyperledger. The designers of healthcare information systems may have a number of different requirements associated with the systems they are designing, and the criteria for applying blockchain are not always clear. Healthcare applications must balance patient care with information privacy, access, completeness, and cost. Rationales proposed for using blockchains in healthcare applications include: access control, non-repudiation, data versioning, logging, data provenance, data auditing, and data integrity, which is quite far from the double-spending problem solved by Nakamoto in his famous whitepaper. The data stored in and the actors operating on a healthcare blockchain also seem quite different from the actors and transactions of cryptocurrency blockchains.

Many of the healthcare application proposals do not address mass markets. Assuring drug provenance, for example, is an important social good given impetus with the DSCSA legislation in the USA. This, however, addresses and industrial market – the pharmaceutical supply chain, and while mass-market consumers benefit from this advancement, they do not directly interact with the blockchain in this use case. Use cases around medical records and adjudication of healthcare claims have a greater potential for impacting mass-market consumers. Work remains, however, to crystalize use cases that are viable – not just from a technological perspective, but also from commercial and legal perspectives as well as from the perspectives of the various actors in health care delivery.  

Technology issues can be seen as risks impeding design and deployment of healthcare blockchains. There is not one blockchain but a variety of implementations with different characteristics (even the original bitcoin has forked). With multiple (and uncertain) use cases and fragmented or customized technology approaches, it is only possible to talk of the technology and legal challenges in general terms. Identified[3] technology challenges to the development of healthcare blockchains include interoperability, security and privacy, scalability, speed, and patient engagement. Interoperability, scalability, and speed are characteristics of the software implementation of healthcare applications on the blockchain. The degree of patient engagement can be significantly impacted by the not just the implementation and trust issues, but also the usability of the system and the overall user experience with the healthcare blockchain. Security, privacy and trust issues reflect concerns about not just the implementation, but the processes for assuring the users can trust the blockchain and its associated software, as well as the organizational and legal context. Because of the use of blockchain technology in the financial industry, and the associated loss risks, the security of blockchains and related smart contracts have received significant attention. Financial losses can often be addressed through other means (e.g. insurance); privacy losses (e.g., disclosed medical records) may be harder to detect and redress.

Legal issues often arise with the introduction of new technologies.  Where the use cases involve sophisticated commercial entities and complement existing industry transactions, the legal issues can often be resolved with private law e.g. contracts between the parties. How existing regulations are applicable would depend on the specific industry and the use case. Where the use case involves mass-market consumers (generally assumed to not be sophisticated parties), public laws and regulations are more likely to be applicable, protective of the consumer, and were written prior to the possibilities of the new technology being envisioned. There are very few public laws explicitly mentioning blockchain, though there has been some incremental progress at the State level in the USA, most of this is targeted as fintech applications of blockchains. In this environment, the legal uncertainty often reduces to assessing how the technology use case would be classified under the existing regulations. DAOs are rather novel as legal entities, but such entities may prove useful to meet the privacy requirements of consumer-oriented healthcare blockchains. While DAOs may fit within some states’ LLC enabling legislation, additional legislative initiatives may be required for DAOs to be deployed more widely.

Smart contracts provide a computational mechanism built on top of a blockchain. These have a number of applications from enforcing legal requirements for transactions to implementing business process workflows. With industrial use cases, sophisticated parties may negotiate the smart contract before implementing it. With consumer use cases, the smart contract would more likely be an adhesion contract that the consumer would not be able to negotiate. Of particular concern with smart contracts is the source of data to trigger smart contract decisions. Oracles for financial data feeds are emerging, but medical data oracles are less widely available. Smart contracts have been proposed for dispute resolution in a manner similar to arbitration, but this has not yet received large scale adoption.

Open source blockchains like ethereum and hyperledger enable easier technology exploration. Building on these with privacy enhancement technologies like zero-knowledge proofs and privacy-preserving computation will help address the technical challenges in privacy that healthcare blockchain use cases bring.  The development of standards[4] to build industry consensus around the terminology and fundamental technical choices to be made will help reduce the fragmentation in the technology. The IEEE 2418.6 healthcare standards project can help, but will take some time to address all the use cases. Specific use case development to define the service requirements from the user point of view would also be very helpful. Automation of existing use cases may be more easily tractable; given increasing concerns for privacy, however, new paradigms to empower people to control their data footprint in cyberspace are emerging. Placing patients in control of their data and having others query for it would be a significant change from existing practices. For industrial markets, existing standards bodies may be well-positioned to develop these use cases. For consumer use cases these may emerge through private enterprise, or through discussion in more public forums (e.g., regulatory hearings, NGO activities etc.).

For a more detailed treatment of this topic refer to my paper presented at the 2019 ITU Kaleidoscope academic conference “ICT for Health: Networks, standards and innovation”.  

If you are looking for a book that provides a detailed overview of the legal implications of blockchain technology and smart contracts, then “Blockchains, Smart Contracts, and the Law” is the perfect choice for you. This book is written clearly and concisely, making it easy to understand even for those who are new to the topic.


[1] See e.g., F.Casino, et. al., “A Systematic literature review of blockchain based applications: Current Status, classification and open issuesTelematics and Informatics, vol. 36, pp 55-81, (2019).

[2] See e.g., S.Agraal, et. al, “Blockchain Technology: applications in Healthcare”, Circulation: Cardiovascular Quality and Outcomes 10.9 (2017)

[3] See, e.g., C. Agbo, et. al., “Blockchain Technology in Healthcare: A Systematic Review”, Healthcare, vol.7, no.56, (2019)

[4] See e.g., the work of ISO TC 307, IEEE, ITU