Matt Fisher, partner and chair of the Health Law Group at Mirick O'Connell in Worcester, Mass., discusses potential legal ramifications of using blockchain as well as the privacy and security measures health systems should establish before using the technology.
Responses have been lightly edited for clarity and length.
Question: What do health IT leaders at hospitals and health systems need to know about blockchain today?
Matt Fisher: Health IT leaders need to be cognizant of the potential legal and regulatory ramifications of using blockchain technology. It is not entirely clear where all the data stored on a blockchain reside, nor who has control over that data. As such, the privacy and security implications under HIPAA for use of a blockchain should be carefully teased out to ensure that appropriate contractual relationships are established as well as delineating what party bears responsibility for which specific obligation under HIPAA.
A related consideration is whether access to the data can be shutoff, which could implicate state level laws on maintenance of patient information by a licensed facility or clinician. All these issues show that implementation of a blockchain solution is not just a technology issue but should involve an interdisciplinary team at any organization.
To participate in future Becker's Q&As, contact Jackie Drees at jdrees@beckershealthcare.com.