# Blockchain

**Category:** [Technical (archive)](https://discourse.openehr.org/c/technical-archive/156)
**Created:** 2017-11-13 11:46 UTC
**Views:** 3
**Replies:** 69
**URL:** https://discourse.openehr.org/t/blockchain/14384

---

## Post #1 by @system

How are the plans about blockchain for OpenEhr? Is there any plan to incorporate it in the standard, or is it regarded as a technical implementers business?

Bert

---

## Post #2 by @grahamegrieve

what would it do?

Grahame

---

## Post #3 by @yampeku

Hi Bert,

Where do you want to apply it?

---

## Post #4 by @system

Hi Bert,

I think this highly depends on the color of the blockchain.

Best,

Birger

---

## Post #5 by @system

For example to guarantee a position of a composition in a chain of events, or use it in audits for the same purpose\.

There is a lot of noise about blockchain in health\-ict\. So, I wonder if there are plans to incorporate it in the standard\. But maybe it is regarded as something technical OpenEhr does not want to get involved with\.

Bert

---

## Post #6 by @system

> Hi Bert,
>
> I think this highly depends on the color of the blockchain\.

https://twitter.com/backfeed_cc/status/684338051263369216

---

## Post #7 by @ANASTASIOU_A

Perhaps an optional Blockchain capability could be added in the service model, at points where an
&quot;internal&quot; system had to interface with one or more &quot;external&quot; systems\.

For example, you could provide access to a specific dataset and blockchain calls that
modify its state\.

This would then also require the extension of the service model for verifying certain actions
against the blockchain\.

Within the RM, there is the Feeder System Audit \(http://www.openehr.org/releases/RM/latest/docs/common/common.html#_feeder_system_audit)

It&#39;s a new concept, still needs use cases about it I think\.

All the best
Athanasios Anastasiou

---

## Post #8 by @system

;) Sorry, I could not resist

---

## Post #9 by @system

What problem is BlockChain solving, that deployed technologies can not solve?

Gerard Freriks
\+31 620347088
gfrer@luna\.nl

---

## Post #10 by @system

better an old joke then everybody sad ;\-\)

---

## Post #11 by @system

Not very far from now \(looking into the future, Scotty and Captain Kirk\), health information will be a worldwide web\.
Mayor players are diving into this trillion dollar business\.

Health information will need to be accessible, and blockchain can be used to guard all interaction between systems\.
You can find dozens of documents which handle about this\.

In the Netherlands Nictiz is busy with it\.

For example read this \(sorry, only Dutch\)
https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_zorg.pdf

Summarizing:
\- Blockchain is needed when interacting parties do not trust or know each other
\- A trusted third party cannot be found or is not desirable
\- Validity en transparency of transactions is important
\- Stored or interchanged data are very important

---

## Post #12 by @yampeku

I think the first point is key:

I don't really see an scenario where your health data would be sent to an untrusted source. But maybe in a future where we can envision an "ebay-like" service of distributed medical services or something like that

---

## Post #13 by @ANASTASIOU_A

I agree, I was referring to more use cases with the outlook of incorporating blockchain into the existing
openEHR model\. Not blockchain itself\.

\(The bit about interacting parties is the &quot;maybe add it in the service model&quot; \(?\)\)

---

## Post #14 by @system

> What problem is BlockChain solving, that deployed technologies can not solve?

Read the document I linked to in my previous message, you can read dutch\.

---

## Post #15 by @system

Maybe, I am not the specialist\. I was wondering if or why it is \(not\) discussed in the OpenEhr circles \(as far as I can see them\)

Best regards
Bert

---

## Post #16 by @grahamegrieve

I am sceptical of most use cases of block chain outside payments witnessing in some limited trading schemes. There are 2 inter-related problems.

- block chain is a very inefficient solution to a problem that largely does not exist in healthcare: untamperable evidence that something happened, in the context of not having any trustable governor. In almost all cases, we actually want to be able to tamper with the record - except the audit trail. And/or suppress data from being visible except to a few authorised parties. For the audit trail, the average institution generates more data per day than block chain presently holds - we are talking vast amounts of data

- the inefficiency is considerable - full block chain requires some benefit to the miners - and in any volume of data, the price is considerable (e.g. blockchain consumes more power than nigeria, I read this week); that is not evident in any scheme I've seen, but schemes that have restricted mining loads require restricted attack surfaces, and I don't believe that there's a sweet spot there in healthcare

There are some interesting use cases around selective sharing data for research using active blockchains (e.g. ethereum) but by and large these seem outside the scope of records and EHRs to me

Grahame

---

## Post #17 by @system

Depends on how you define trusted. First of course there are the rights from the other to send/receive information, second is the transparency, a patient must be able to know who has received his data and which data. Blockchain can help in legal proceedings afterwards to proof why and when and how someone or some instance received information. I think this will be very important in the near future when there will be more and more data-exchange. Not all countries have their healthcare governed in a single organization, but have many healthcare organizations, which can work together on curing a single patient. Someone I know has now a medical problem with one of her legs. She is receiving healthcare from five parties, just to work on that problem: a specialist, the GP, a physiotherapist, a special shoemaker and the employer which needs to arrange special working place. That is the reality today, this will become more and more soon. Bert

---

## Post #18 by @system

I heard too about the enormous energy used by miners, and I heard also some solutions for health\-ICT\.

Because the miners in Health\-ICT are nor working as fast as they can with dollar\-signs in their eyes to create money, but they only create keys to facilitate the needed processes\. So, maybe the idle running servers an create blocks, and they can use alternative methods which have other quality\-features then the bitcoin, because they have another purpose\. I don&#39;t know if it is feasible, but there are many publications about this subject\.

About the data\-state\. In OpenEhr there is a state\-machine, which has, at this moment no defined secure mechanism to ensure that the states truly reflect reality\.
Maybe OpenEhr is not the place to define that, that is my original question\.
But if OpenEhr wants to secure the states of the statemachine, blockchain can help\.
For example, there is the often used medication\-delivery\-example\. It has been subscribed, delivered, and the patient has taken it or stopped it, etc\.
A chain of these connected events can be ensured truly happened if they are connected with blockchain\. Their place in the chain of events is secured, and not changeable\.

Bert

---

## Post #19 by @system

see below.

Gerard Freriks
+31 620347088
[gfrer@luna.nl](mailto:gfrer@luna.nl)

>
> Not very far from now (looking into the future, Scotty and Captain Kirk), health information will be a worldwide web.
> Mayor players are diving into this trillion dollar business.
>
> Health information will need to be accessible, and blockchain can be used to guard all interaction between systems.
> You can find dozens of documents which handle about this.

Blockchain is a service that supplies functionality such as: non-repudiation, trust between parties in the public domain.
These functionalities can be achieved using existing technology.
In addition health is not something that takes place in the public domain.
There are not many things in healthcare that need anonymous transaction services that banks, notary public, provide.
Healthcare is highly personal.

> In the Netherlands Nictiz is busy with it.
>
> For example read this (sorry, only Dutch)
> [https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_zorg.pdf](https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_zorg.pdf)

NICTIZ sees some application of Blockchains at the IT-Infrastructure level: authentication, authorisation, and Access control.

OpenEHR is not a specification at the IT-Infrastructure level.

---

## Post #20 by @system

This is more or less my opinion at the moment as well\.

What openEHR has as an underlying data management paradigm is distributed version control \- each EHR is like a little git repo\. This is no longer new or interesting \(in fact, I was exposed to it from 1988, so really not new\), but it&#39;s just as applicable today as it was then\. Re\-doing all that in blockchain seems sort of pointless\. Yes, health systems can be hacked, but mainly to break privacy, not to fake transactions\. Not what blockchain was designed for \(and it&#39;s more or less the opposite regarding privacy\)\.

\- thomas

---

## Post #21 by @system

Blockchain is existing technology. The first work on a cryptographically secured chain of blocks was described in 1991 by Stuart Haber and W. Scott Stornetta. In 1992, Bayer, Haber and Stornetta incorporated Merkle trees to the blockchain as an efficiency improvement to be able to collect several documents into one block. So 25 years old, which is quite old in IT history There a re a lot more applications of blockchain in healthcare ICT, also described in the document I linked to, in very simple examples. Most important are transparent and provable tracking order of events, independent from sending/receiving computers, tracking of messages, it will be impossible to send a secret message, for example. It is very convenient for the all stakeholders to be able to be sure messages are only send to what they approved too at a moment they approved too, containing what they approved too. This will become very important in the future when exchanging medical data will explode in volume.

---

## Post #22 by @system

It is not about hacking why blockchain is interesting, although, that can happen too\. But it is about having trustworthy computing without a trusted third party\. Not only protecting against bad intentions but also against errors, for example, system which not run synchronous or have date/time\(zone\) not well configured\. Not a trusted party ensures delivery and time of delivery and contents of delivery, but blockchain as a mechanism does\.
I have given already a few examples\.

Remember, computers make no errors, but people do, and it are people which configure computers and use them, and their responsibility must be able to transparently replayed afterwards\.

Bert

---

## Post #23 by @system

There may be applications such as &#39;digital notary&#39; that blockchain might be useful for, which is a trusted third party notary that accumulates signed hashes of content transactions to the main EHR; if it is thought that the EHR was hacked or integrity was in question, the digital notary can be used to check\. There was even a gNotary project in gnu health years ago\. But as Grahame says, protecting against transaction errors / hacking isn&#39;t a burning problem to date\. However, if you want to accumulate the whole contents of transactions, blockchain is unlikely to be be scalable\.

Maybe this will change and blockchain will find use there\.

\- thomas

---

## Post #24 by @system

I understand, I take that as an authoritative answer to my question why it hasn&#39;t been discussed in OpenEhr context\.
The answer is also supported by Grahame\. So what can I say ;\-\)

Thank you both for that\.

I think that both of you will discuss within two years if and maybe how to implement blockchain in OpenEhr and in FHIR\.

In FHIR I think that discussion will come very sooner, because, it is about messaging, and also, it describes technical layers\.
In OpenEhr maybe in that discussion it will be rejected as something because it will be regarded as not belonging to the non\-technical character of the Openehr\-specification\.

Best regards and thanks for the considerations
Bert

---

## Post #25 by @Karsten_Hilbert

It never got any traction so we discontinued that project\.

Karsten

---

## Post #26 by @grahamegrieve

>
> In FHIR I think that discussion will come very sooner, because, it is
> about messaging, and also, it describes technical layers\.
>
yes it did\. I&#39;m sceptical there for the same reasons\. You can track the
discussion if you are interested:
https://chat.fhir.org/#narrow/stream/blockchain

Grahame

---

## Post #27 by @system

Thomas, one  more remark, I remember the task\-planning\-specification where you have been working on, and on which you planning to give a presentation in London soon\.

It is there where I thought there could be an excellent example of implementation of blockchain\. Because it is about a processing model, state\-machine, decisions, how good would it be for a performer to be able to prove: a decision taken on information or having taken a step, or other cicrumstances, by implementing the blockchain mechanism?

That would just be a classical use case for which blockchain was invented\.

Bert

---

## Post #28 by @William_Archibald

Bert, in particular, might find the collection of technologies around OpenBazaar[1][2] interesting.

It relies on DHT for it's P2P marketplace framework and implementation, Ricardian contracts[3] for agreements, 2-of-3 multi-sig for escrow, BTC for remittance and IPFS for distributed file storage.

[1] [https://www.openbazaar.org/](https://www.openbazaar.org/)
[2] [https://en.wikipedia.org/wiki/OpenBazaar](https://en.wikipedia.org/wiki/OpenBazaar)
[3] [https://en.wikipedia.org/wiki/Ricardian_contract](https://en.wikipedia.org/wiki/Ricardian_contract)

---

## Post #29 by @system

thanks

---

## Post #30 by @system

Thanks William, but that is just the association I want to avoid\. OpenBazaar is about Bitcoin, which I find a not so welcome implementation of blockchain, although there are situations where it can help people for the good\.
OpenBazaar seems to be inspired by a hackathon project called DarkMarket, and the association with illegal trade is too obvious, and not what I want to associate this discussion with\.

However, there maybe elements in that which are usable in this discussion\-context, but there are many documents on the Internet which describe research\-results for blockchain in health\-ICT and filtered out unwanted associations\.

Bert

---

## Post #31 by @system

I agree, that&#39;s an interesting idea\. I have not put any thought into it, but it&#39;s worth investigating\. But we need to be clear on what problem is being solved here\. Is it improvements in medico\-legal standard of proof, or something else? What is the economic driver, and why are the current mechanisms \(signing and versioning\) not good enough?

\- thomas

---

## Post #32 by @system

> I agree, that&#39;s an interesting idea\. I have not put any thought into it, but it&#39;s worth investigating\. But we need to be clear on what problem is being solved here\. Is it improvements in medico\-legal standard of proof, or something else? What is the economic driver, and why are the current mechanisms \(signing and versioning\) not good enough?

The advantage in legal context is that independent of machines can be proven what has happened\. A nurse writes down in her app that a patient is doing bad, a doctor sees the messages, having it on the screen is also an action, and then going to visit the patient, action\.\.\.

It gets more interesting when more systems are involved because they together register a chain of events, and because of the blockchain they can relate to each other\.

---

## Post #33 by @Alexander_Garcia_Cas

Following up on the interesting exchange wrt blockchain what I can see is confusion. When to use blockchain technology? when to go for a distributed database? when is provenance and time stamping critical but blockchain does not make sense?

We want to hear about vision of technology, work in progress, critical views of technology in specific areas and much more. Our Call for Papers is clearly on topic for this discussion.

[https://datasciencehub.net/content/special-issue-distributed-ledgers-making-data-science-more-open-transparent-and-accountable](https://datasciencehub.net/content/special-issue-distributed-ledgers-making-data-science-more-open-transparent-and-accountable)

Hopefully OpenEHR may share some interesting light in the use, or the when not to use, blockchain tech in health care.

---

## Post #34 by @Alexander_Garcia_Cas

Following up on the interesting exchange wrt blockchain what I can see is confusion. When to use blockchain technology? when to go for a distributed database? when is provenance and time stamping critical but blockchain does not make sense?

We want to hear about vision of technology, work in progress, critical views of technology in specific areas and much more. Our Call for Papers is clearly on topic for this discussion.

[https://datasciencehub.net/content/special-issue-distributed-ledgers-making-data-science-more-open-transparent-and-accountable](https://datasciencehub.net/content/special-issue-distributed-ledgers-making-data-science-more-open-transparent-and-accountable)

Hopefully OpenEHR may share some interesting light in the use, or the when not to use, blockchain tech in health care.

---

## Post #35 by @Philippe_AMELINE

Hi to all,

A Blockchain is a public \(or at least shared\) digital notary\.

The easiest \(hence probably the more meaningful\) use case is to disrupt
existing notary systems \(disrupt in its accurate definition: deliver
something that is initially less powerful, but evolves greatly faster\)\.
A Blockchain can come with or without a trusted third party\. It seems to
me \(in such a domain, I know very few people with a firm opinion\) that
transactions are more expensive without a third party, because you need
to make the process of adding a new block &quot;expensive enough&quot; in order to
make sure that the one doing it can not deploy enough computing power to
hack the existing blocks during the process\.

However, in real estate, for example, the price of a Blockchain
transaction, even if we take the cost of a Bitcoin transaction as a
reference, remains far below what we have to pay to register our ownership\.

In health, I am always amazed by the level of ingenuity of some actors
\(do you know of any innovation that has not been qualified as
&quot;applicable in health&quot;?\) and, in contrast, the global archaism of the
domain at large\.
I recently read a paper about a FIHR conference that said that all this
is fantastic, but that, in current times, it could be nice not to only
exchange information &quot;about the patient&quot; ;\-\)

So\.\.\. yes, the Blockchain is super trendy\.\.\. yes there are probably many
smart ways to use it in health\.\.\. but maybe, before considering the use
of such marvelous pieces of technology, it could be wondered if the
medical domain is not fully missing its inclusion in the information
society\.

Best,

Philippe

---

## Post #36 by @Karsten_Hilbert

> A Blockchain is a public \(or at least shared\) digital notary\.

\.\.\.
> transactions are more expensive without a third party, because you need
> to make the process of adding a new block &quot;expensive enough&quot; in order to
> make sure that the one doing it can not deploy enough computing power to
> hack the existing blocks during the process\.

And, one needs to remind oneself, &quot;expensive enough&quot; can only ever mean &quot;today&quot;\.

Karsten Hilbert

---

## Post #37 by @system

I think we are heading an era where it can be impossible to tell where from and/or when data are received /created and which event created the data or made the data cause to interchange when the data do not tell us themselves on an accountable way\. For that we need an open notary\-system which does not rely on third parties \(which would make it to expensive\)\.

There are not many kinds of personal data which will be interchanged so much or are created in chains of events \(context\) as medical data\.

I see that is quite a challenge to arrange such a system, but we will need it to guarantee professional and medical safety and also privacy\.
Maybe I am wrong, but I think blockchain may be a way to help us with that\.

I have not seen in this discussion many people acknowledging these near future problems which can effect clinicians \(in accountability\) and patients \(in health\-safety\)\.

How about a clinician taking a fatal decision on base of an event described on another system and that other system changed its contents afterwards?
How about a patient who discovers its employer has knowledge of private medical data? People often think about psychiatric circumstances, but it can be other things in this time of revival of religions, f\.e\. a woman who hides the fact she has had an abortion and is now teaching on a christian school\.

Also interesting in this discussion is how to handle deletion of medical data \(the patients right to be forgotten\)\.
Can it be that data refer to data on other systems, or may they only refer to data on the same system, copies of data from other systems?
Do these copies need some accountable reference to where they come from?

These are problems which will not be solved easy\. But they need to be solved by system builders which will advise the lawmakers\.

Bert

---

## Post #38 by @Philippe_AMELINE

Hi Karsten,

This is the reason why, at least in the Bitcoin universe, adding a block
is organized as a competition between miners\.
Hence a bad guy who intends to use the addition of a new block as an
opportunity to modify some already existing blocks would need to process
this much more complex task quicker than the other miners who simply
concentrate on adding a block\.

It can currently been argued that this competition led to concentrating
miners in China\.\.\. but what could possibly go wrong? ;\-\)

Philippe

---

## Post #39 by @system

In the Netherlands we have a national system called the LSP, which makes medical data available to other clinicians\. They can look into medical data from other institutions \(of course, in the right legal context, however that is also a problem, but apart from that\)

Data which a clinician has seen, but not copied in a \*accountable way\* to his own system, may disappear from another system, by system error, or by an other clinician trying to hide an error

Remember this quote from Leslie Lamport \(from DEC, was it in 1988?\)

&quot;A distributed system is one in which the failure of a computer you didn&#39;t even know existed can render your own computer unusable\.&quot;

Replace the last &quot;computer&quot; by &quot;data&quot; and you have the current context\. In the Netherlands people will discover the meaning of this quote when they do not handle information carefully

---

## Post #40 by @Alejandro_Benavides

It must be clear that Blockchain is not a complete solution and should be seen as a piece within the gear.

Who we have approached blockchain, we see it as an opportunity for innovation, which needs "some surgery" to be used in the health area, and that its current implementation is not to make "CTRL + C - CTRL + V" in the health area.

It seems to me totally valid to make a map in what blockchain has won and all the weaknesses that the current implementations have, even applying standards, since, the possibility of implementing standards is not in the hands, nor in the pockets of Third World countries.

Businesses like SAP and Deloitte do see a great opportunity to eliminate certain gaps in the health area. As an implementer, I hope that the organizations that manage the standards consider objectively and seriously if a technology such as blockchain would give us a great leap in the management and empowerment of health ... my two cents ;-)

‌
[<img src="https://s3-eu-west-1.amazonaws.com/mailtrack-crx/icon-signature.png" height="14">](https://mailtrack.io/)Enviado con [Mailtrack](https://chrome.google.com/webstore/detail/mailtrack-for-gmail-inbox/ndnaehgpjlnokgebbaldlmgkapkpjkkb?utm_source=gmail&utm_medium=signature&utm_campaign=signaturevirality)

Powered by [Gmelius](https://gmelius.com?ref=mail)
<img alt="" width="1" height="1" src="https://gml.email/v2/t/image/MTUxMDY3MjQ4MDllNzc4MzVjMjZhN2Q2YmVjMzhkNGEzMWQzZGZhYjFjJmFsZWphbmRyb0BhY3JvbnltY3IuY29tJm9wZW5laHItdGVjaG5pY2FsQGxpc3RzLm9wZW5laHIub3Jn.gif" id="_gml">

---

## Post #41 by @system

Bitcoin is since a few weeks prohibited in China but it seems hard to kill\.

But still, I don&#39;t think the use of blockchain in healthcare can be compared to the use of blockchain in currency, because, bitcoins is about getting rich by creating as many as possible, while in healthcare they exist to facilitate processes, and the number of processes create the demand, not the wish to get rich\.

Another thing which came to mind, electricity is expensive because it needs to be created near the place where it is going to be used, or it needs to be transported\. But blockchains for any purpose can be created on any place on earth, also on places where energy is almost for free\. For example, windmills on top of the Himalaya, or solar cells in the middle of the Sahara\. Just transport the bitcoins, no need to pollute the world very much\.

---

## Post #42 by @Seref

You may want to check internet access packages in the Himalayas or Sahara before you setup shop there Bert ;)

---

## Post #43 by @system

I am not really into that technical knowledge like radio\-modulation or laser\-light modulation\. But when they communicate with the Hubble telescope, transmitting simple numbers over a few hundred kilometers will not be a big problem\.

Bert

---

## Post #44 by @system

In the healthcare related blockchain ideas or prototype implementations I have heard about so far something different than proof of work is used, for example proof of authority\. That has other drawbacks and challenges, but it does not suffer from the same power consumption problems\.

Also any public healthcare related blockchain has interesting privacy issues that will need to be solved\.

Regards,

Pieter Bos

---

## Post #45 by @Karsten_Hilbert

> You may want to check internet access packages in the Himalayas or Sahara before you setup shop there Bert ;\)

As for that, Namche had faster internet than myself at home, last time I checked\.

Karsten

---

## Post #46 by @grahamegrieve

>
> In the healthcare related blockchain ideas or prototype implementations I
> have heard about so far something different than proof of work is used, for
> example proof of authority\. That has other drawbacks and challenges, but it
> does not suffer from the same power consumption problems\.
>
that&#39;s true\. But I don&#39;t see s sweet spot there; either you end up falling
back to a central authority after all \- in which case you might as well
just trust the central authority and design a more efficient solution, or
you have something that&#39;s less secure \- but doesn&#39;t \- as far as I can
figure out \- have less of a reason to need security\. The one possible
exception I&#39;ve seen, which I&#39;ve seen in production, is closed trading
schemes around tracking payments between a group of entities\.

Grahame

---

## Post #47 by @system

Can you explain why?

Bitcoin, f\.e\. is about billions of dollars without central authority, that is one of the reasons the Chinese government prohibited the creation \(although they do not admit this real reason\)

Bert

---

## Post #48 by @Philippe_AMELINE

Agreed, but a third party that would just be in charge of making certain that the blockchain is unaltered has nothing to do with the business involved. It is a technical trusted party, and there is no true reason it should be expensive (for example, it could publish the hash of the blockchain at every growing stages, so that anybody can check if currently published blockchain is trustable).

It has nothing in common with a Ministry of Health or any other "bag of technocrats" (just kidding, of course).

Philippe

---

## Post #49 by @grahamegrieve

bitcoin doesn't use a reduced proof of work. That's the costly feature of it, and why it's genuinely distributed.

Grahame

---

## Post #50 by @grahamegrieve

>
> Agreed, but a third party that would just be in charge of making certain
> that the blockchain is unaltered has nothing to do with the business
> involved\. It is a technical trusted party, and there is no true reason it
> should be expensive \(for example, it could publish the hash of the
> blockchain at every growing stages, so that anybody can check if currently
> published blockchain is trustable\)\.
>
> It has nothing in common with a Ministry of Health or any other &quot;bag of
> technocrats&quot; \(just kidding, of course\)\.
>
Doesn&#39;t it? I suspect that might be true in a theoretical technical sense,
but I expect that it will prove not to be correct in the real world

Grahame

---

## Post #51 by @system

One problem with blockchain is that people think every blockchain is secure, anonymous and decentralized – but that really depends on the specific implementation\.

You can probably still create a proof of something\-that\-is\-not\-work\-or\-space that is reasonably decentralized, given you have enough independent parties who can authorize blocks, a mechanism to decide how to trust new authorizing parties and a good tamper\-proof protocol including for example strict rate limiting\.

But the very nature of storing healthcare related data in a public blockchain seems very tricky to me anyway – almost any implementation would need to be able to handle attacks where you link multiple pieces of data to the same person or party without having explicit permission to do so\.
Regards,

Pieter Bos

---

## Post #52 by @system

In other words:

What is BlockChain solving?
My answer: it solves non-repuduation without a third trusted party.

Correct?

GF

Gerard Freriks
+31 620347088
[gfrer@luna.nl](mailto:gfrer@luna.nl)

Kattensingel 20
2801 CA Gouda
the Netherlands

---

## Post #53 by @system

It also allows to chain events

---

## Post #54 by @system

well if the physician included in his/her notes a mention of the original event, or better, it was included in a FEEDER_AUDIT, the versioning in the openEHR system will make sure there is medico-legal protection. It is very unlikely that a physician would record a decision (e.g. to prescribe some drug) without mentioning why. So unless you are talking about the openEHR system being actively hacked, I don't think this is a real use case. If we are talking about the openEHR versioning being hacked, then a) they had to hack RAID 10 storage, DB persistence mirroring, daily backups, b) the data centre has singificant security, c) some security analysis will have been made in advance (it will, won't it?!), and depending on the perceived threat, there may be e.g. hashing + notary, or signed hashes + notary, which requires the hackers to be of a superior variety. It's a fair bit of work to invisibly hack a properly implemented versioned DB implementation within a secure facility, which is what is needed for a medico-legal claim based on data to fail. ok, now that's privacy, so we are talking data theft, not integrity or non-repudiation of authorship. these are I agree, important questions, and we've tried to cover some of it with openEHR e.g. via , URI datatype, and more recently some thinking in a being considered for the RM (I've added a note to this to cover the requirement to safely refer to / ?copy content from external systems). We need to consider these kind of reference questions more carefully and provide more comprehensive solutions for sure. - thomas

---

## Post #55 by @system

No one ever hacks a RAID-system, they hack the software. The RAID system is to the software like a single disk, if you remove data from software, then the RAID system will remove it too, it follows the software. The DB persistence mirroring is the same story. Daily backups are never rolled back (only in disaster scenario), because you will lose all newly entered data. A friend, a journalist was taking track of all illegal data-leaks in medical context, he has done that for over ten years. It must have been millions of patients whose data are leaked, stolen notebooks with copies of databases, lost USB-sticks, hacked accounts, every day there is something. It happens in the best secured organizations like the army. A container full with paper-patient-dossiers was standing on the street in a big city. Harddisks are not always cleaned up when sold to second hand computer-shops. I once got (so was said) a brand new server-hard-disk from HP-reseller, it wasn't new, there were data on it. Mostly this news is from the USA because there they is the obligation to report data leaks to the public. In the Netherlands this is not so, and guess who is against such a law? Yes, that is, and maybe it is just paranoia, everybody has the right to be paranoid. Special in small communities data can leak very easy. Social hacking, you can call that. Happens all the time. But that kind of leaking cannot always be avoided with blockchain, unless the leaking GP is looking at someone else his system over a secured logging communication-network. Then it should be that the looking into data will be in a transaction, because it is interchanging medical data, which must guaranteed to be complete, unaltered and logged at receiver and sender. It is a very complicated subject, and I did not expect any action taken on my initial question, yesterday morning. But there was discussion, I also learned from it. Huge ICT companies are implementing blockchain-applications, and the medical world will for sure be one of the targets. They are ready to implement and sell it. They will convince governments that it is needed. In the Netherlands, Nictiz is on their side. Nictiz is the only information-source for the government. My question is, can this be transparent, (like RAID 10 is to a system), or is there an architectural change needed on the logical layers? Or is there an architectural layer desirable? Do medical software architects want to influence decisions? Then they need to take positions. It is not something for today or tomorrow, or the day after tomorrow. But next year? In two years? IBM is selling blockchain-technology: Today I was reading about Mastercard going to use blockchain, they patented an own implementation (sorry, in Dutch) The patent Best regards Bert

---

## Post #56 by @system

Hi,

A **blockchain**<sup>[[1]](https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1)</sup><sup>[[2]](https://en.wikipedia.org/wiki/Blockchain#cite_note-fortune20160515-2)</sup><sup>[[3]](https://en.wikipedia.org/wiki/Blockchain#cite_note-nyt20160521-3)</sup> – originally **block chain**<sup>[[4]](https://en.wikipedia.org/wiki/Blockchain#cite_note-primer-4)</sup><sup>[[5]](https://en.wikipedia.org/wiki/Blockchain#cite_note-obmh-5)</sup> – is a continuously growing list of [records](https://en.wikipedia.org/wiki/Record_(computer_science)), called *blocks*, which are linked and secured using [cryptography](https://en.wikipedia.org/wiki/Cryptography).<sup>[[1]](https://en.wikipedia.org/wiki/Blockchain#cite_note-te20151031-1)</sup><sup>[[6]](https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6)</sup> Each block typically contains a [hash](https://en.wikipedia.org/wiki/Cryptographic_hash_function) pointer as a link to a previous block,<sup>[[6]](https://en.wikipedia.org/wiki/Blockchain#cite_note-cryptocurrencytech-6)</sup> a [timestamp](https://en.wikipedia.org/wiki/Trusted_timestamping) and transaction data.<sup>[[7]](https://en.wikipedia.org/wiki/Blockchain#cite_note-IPblockchain-7)</sup> By design, blockchains are inherently resistant to modification of the data. A blockchain can serve as "an open, [distributed ledger](https://en.wikipedia.org/wiki/Distributed_ledger) that can record transactions between two parties efficiently and in a verifiable and permanent way."<sup>[[8]](https://en.wikipedia.org/wiki/Blockchain#cite_note-hbr201701-8)</sup><sup>[*[not in citation given](https://en.wikipedia.org/wiki/Wikipedia:Verifiability) ([See discussion.](https://en.wikipedia.org/wiki/Talk:Blockchain#Edit_misrepresenting_cited_sources))*]</sup> For use as a distributed ledger, a blockchain is typically managed by a [peer-to-peer](https://en.wikipedia.org/wiki/Peer-to-peer) network collectively adhering to a protocol for validating new blocks. Once recorded, the data in any given block cannot be altered retroactively without the alteration of all subsequent blocks, which requires collusion of the network majority.

[https://en.wikipedia.org/wiki/Blockchain](https://en.wikipedia.org/wiki/Blockchain)

What is Blockchain offering?
Bringing data from a to b?
Storing data?
Securing data?
Preventing privacy incidents?
Taking care of non-repudiation?
Taking care of data integrity?
Play a role in logging?
Will it prevent hacking of PC’s, Servers?
and other attacks such social hacking, pasword sniffing, etc.?

At best it serves a role in: non-repudiation, data integrity and logging (access control lists) without the need of a trusted third party service.
But one has to rely on safe/secure IT-systems that make use of it.
It takes care of a non-health related issue; it takes care of a generic legal issue.

Bye the way.
**NICTIZ**’ opinion is:
- Certainly it (blockchain) can not be deployed and replace in healthcare the present “proven technology"
Het kan zeker nog niet worden ingezet voor vervanging van de huidige “proven technology” in de zorg
- It is in the hype-phase.
- Many of the potential advantages will have to be proven.

Gerard Freriks
+31 620347088
[gfrer@luna.nl](mailto:gfrer@luna.nl)

Kattensingel 20
2801 CA Gouda
the Netherlands

---

## Post #57 by @system

A EJRC document about Blockchain in education: [http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education(1).pdf](http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108255/jrc108255_blockchain_in_education(1).pdf)

Gerard Freriks
+31 620347088
[gfrer@luna.nl](mailto:gfrer@luna.nl)

Kattensingel 20
2801 CA Gouda
the Netherlands

---

## Post #58 by @system

Dear Gerard, Nictiz published hundreds of pages about blockchain. So if it is a hype (which it is), then Nictiz is playing an important role in that.

You cannot summarize those hundreds of pages to a few words and then state that that reflects the opinion of Nictiz. Blockchain is a comprehensive subject.

Please read this document, which is an nuanced inventory of their positions regarding this:
[https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_zorg.pdf](https://www.nictiz.nl/SiteCollectionDocuments/Whitepapers/Blockchain_in_de_zorg.pdf)

In paragraph 2.1 is mentioned an advisoryboard from the ministry of health (VWS) about blockchain, and it is said that smart contracts and also other applications of blockchain are possible and maybe desirable. Please read also page 13 which has an summarized overview of arguments pro and contra blockchain in specific applications.

Again, I don't know on which of level the logical architecture blockchain will become important, but if it does, it is very likely that it will be, like Thomas Beale also writes, in the part of Feeder-Audit, where information transactions between systems are worked out.

I mentioned yesterday that it was also possible to secure chains of events in the Statemachine, or the extended counterpart which Thomas described shrt time ago, especially if more healthcare institutions are involved in those serie of events, which is very often the case.

A lot may have to do with the costs of the implementation and if there are cheaper variants possible. High volume expert Mastercard thinks that this is indeed possible.

Best regards
Bert Verhees

---

## Post #59 by @system

Bert,

I’m very sorry.
What I wrote I found it at their summary (page 8) of the NICTIZ document.
Of course it is my selection from that text.

Gerard Freriks
+31 620347088
[gfrer@luna.nl](mailto:gfrer@luna.nl)

---

## Post #60 by @system

That is okay, Gerard, no need to be very sorry. It is just a discussion. Exchanging opinions.

What do you think about the passages I mentioned in the same document on page 12 and 13

---

## Post #61 by @system

Thomas, I shouldn't have written my previous reply, I try again.
I stuck on elaborating on unsafe systems.

What I wanted to say is that systems are not safe and never will be safe.

Safety must come from the data, every event must be in an unbreakable chain, this chain must also include a digital signing to be able to prove altering of data.
Looking at data is also an event which needs to be in the chain.

And the chain must facilitate the right from the patient to be forgotten and the right from the patient for correction. That seems contradictory but maybe it is not.

And the chains must be cheap.

What we need now is crypto analysts which can work this out.

That is what I wanted to say.

Best regards
Bert Verhees

---

## Post #62 by @system

IMHO,

1. BC is not under the scope of the openEHR specs, if it's useful, can be implemented by companies/developers over any system, including openEHR compliant systems. I don't think we need to make any statements about BC from the foundation. If we follow that path, we might need to release statements about any technology that might be applied for health information systems and I think we shouldn't. Since we are few and this community is small, we should focus on the scope, try to improve the specs, and try to play nice with other specs and technologies.

2. If someone is interested in BC, might write an ITS document relating openEHR and BC at the implementation technology level, I don't see any links between BC as a technology and openEHR as a specification.

My 2C.

---

## Post #63 by @system

Hi Pablo,
You are answering my initial question from last Monday.

But the discussion went in the way, also by me, if we need blockchain at all.
The initial question is the most important, and I think you are right in your answer.

Bert

---

## Post #64 by @system

In January, IBM Watson Health established a partnership with the FDA to define a secure, efficient and scalable exchange of health data using blockchain technology, with an initial focus on oncology\-related data\. IBM and the FDA are exploring the exchange of owner\-mediated data from several sources, such as electronic medical records, clinical trials, genomic data and health data from mobile devices, wearables and the Internet of Things \(IoT\)\.

https://distributed.com/news/ibm-partners-cdc-bring-blockchains-public-health

---

## Post #65 by @Philippe_AMELINE

Hi to all,

Just discovered a decision tree about using Blockchain that pretty well
sums up our discussion:
http://philippe.ameline.free.fr/wordpress/?p=1979

Best,

Philippe

---

## Post #66 by @system

How do you explain that mayor players in government and healthcare-ict industry do not agree with this?

Which mistake do they make?

---

## Post #67 by @Philippe_AMELINE

I was just trying to add some level of humor; sorry if it appeared ironic.

However, if you are asking me what mistake major players and governments make, I have an easy answer: they all consider addressing continuity of care through a "record of records" when the only reasonable way (IMHO) is to enable multidisciplinary group work in the patient's "bio-psycho-social bubble".

It is a very painful process to see, years after years, the same wrong idea being expensively tested again and again with more and more powerful (and/or exotic) techniques.
As goes a French saying from the ancient TV comics "Les Shadoks": "They pumped and pumped and nothing happened... but they kept on pumping for fear that something worse could happen".

Best,

Philippe

PS: I can provide (for free) a demonstration (with reasonably simple concepts from knowledge management) of the reason why a "record of record" is a wrong idea.
But I know it is useless since, in France, our technocrats have been trying to do it with the "DMP" for 13 years... and going... since, these days, there is a new attempt... and they are very optimistic since, after carefully listening to the MDs, they built a user interface with less clicks.

---

## Post #68 by @system

Phillippe, in the image on your blog, you make the same mistake as many make\. You confuse crypto\-currency with blockchain\.
It is the same as confusing asphalt with a parking spot before the bank\.  An asphalted road, however can lead you somewhere \(if you have a car or a bike, of course\)\.

Blockchain, in a special way, facilitates crypto\-currency, but there are more ways of blockchain, and completely other things which can be facilitated by it\.

Best regards,
Bert

---

## Post #69 by @Philippe_AMELINE

Bert,

I just found this image on Twitter and it made me remember this trend where you tried to argue in favor of the blockchain in front of naysayers.
[https://twitter.com/MalwareTechBlog/status/932649133256597505](https://twitter.com/MalwareTechBlog/status/932649133256597505)
[https://twitter.com/MalwareTechBlog/stat](https://twitter.com/MalwareTechBlog/stat)[https://twitter.com/MalwareTechBlog/status/932649133256597505](https://twitter.com/MalwareTechBlog/status/932649133256597505)us/932649133256597505

[https://twitter.com/MalwareTechBlog/status/932649133256597505](https://twitter.com/MalwareTechBlog/status/932649133256597505)

Besides, it doesn't confuse anything. It plainly states "if you don't build a crypto-currency, then don't use a blockchain, and if you do, then please stop".
Summed up, it means something as "never use a blockchain", but it is simply a humorous picture.

Best,

Philippe

---

## Post #70 by @system

My reply was also meant to be humorous, but sometimes I am the only person who laughs at my jokes, but I don't mind. Strictly spoken, you are right, it does not confuse anything, but it states that the only useful thing you can do with blockchain is creating cryptocurrency (which you should not do, it doesn't explain why) But still, it is what many people know about blockchain: the purpose of blockchain is creating crypto-currency. That is, as you also know, not true, there are as many purposes as your imagination goes. Not all good, or all bad, but some deserve a closer look at. Have a good evening Bert

---


**Canonical:** https://discourse.openehr.org/t/blockchain/14384
**Original content:** https://discourse.openehr.org/t/blockchain/14384