By Matthew Leising October 5, 2017
A major breakthrough in cryptography may have solved one of the biggest obstacles to using blockchain technology on Wall Street: keeping transaction data private.
Known as a “zero-knowledge proof,” the new code will be included in an Oct. 17 upgrade to the ethereum blockchain, adding a level of encryption that lets trades remain private. Previously, users were able to remain anonymous but transactions were verified by allowing everyone on the network to see them.
“Zero-knowledge proofs are one of the biggest inventions in the last two decades in cryptography,” said Emin Gun Sirer, an associate professor of computer science at Cornell University. It “will allow a slew of applications we can’t even imagine right now.”
An industry group called the Enterprise Ethereum Alliance — whose members include JPMorgan Chase & Co., Credit Suisse Group AG and BP Plc — is trying to leverage zero-knowledge proofs for the financial industry with its distributed ledger, known as Quorum.
This could be the moment Wall Street’s blockchain champions have been waiting for. Its ability to reshape vital financial market functions like clearing and settlement has always hinged on whether banks can keep customer and proprietary data secret. Zero-knowledge proofs, a theoretical possibility for decades, are now a reality, letting transactions be verified without the need to share any of the underlying data.
More at: ‘Mind-Boggling’ Math Could Make Blockchain Work for Wall Street – Bloomberg
A recent Black Book survey shows the majority of medical group managers and IT specialists believe healthcare blockchain will alleviate data privacy concerns.
By Elizabeth Snell October 3, 2017
Healthcare blockchain is increasingly being viewed as a potential solution to numerous IT problems, such as connectivity issues, data privacy concerns, and patient record sharing barriers, according to a recent Black Book survey.
The Black Book Q3 report interviewed 88 healthcare payers and 276 provider technology executives, managers, and IT specialists.
Nearly all payers that were surveyed – 98 percent – with more than 500,000 members said they were actively considering or were in the process of deploying blockchain solutions. Fourteen percent said they were involved in some form of trial deployments.
More at: Will Healthcare Blockchain Resolve Data Privacy Concerns? – HealthIT Security
In some respects, HIPAA has had a design problem from its inception. HIPAA is well known today as the federal law that requires protection of individually identifiable health information (and, though lesser-known, individual access to health information), but privacy and security were practically after-thoughts when HIPAA was enacted back in 1996. HIPAA (the Health Information Portability and Accountability Act) was originally described as an act:
“To amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”
The privacy of individually identifiable health information was one of those “other purposes” only peripherally included in the 1996 act. Privacy protection was to be a follow-up, a “to-do” checklist item for the future. HIPAA directed the Secretary of Health and Human Services to recommend privacy standards to specified congressional committees within a year of enactment, and, if Congress did not enact privacy legislation within 3 years of enactment, the Secretary was to proceed with the promulgation of privacy regulations. Security was a bit more urgent, at least in the context of electronic health transactions such as claims, enrollment, eligibility, payment, and coordination of benefits. HIPAA required the Secretary to adopt standards for the security of electronic health information systems within 18 months of enactment.
This historical context casts some light on why our 2017-era electronic health records (EHR) systems often lack interoperability and yet are vulnerable to security breaches. HIPAA may be partially to blame, since it was primarily designed to make health insurance more portable and to encourage health insurers and providers to conduct transactions electronically. Privacy and security were the “oh, yeah, that too” add-ons to be fully addressed once electronic health information transactions were underway and EHR systems needed to support them already up and running. Since 1996, EHRs have developed at a clunky provider-by-provider (or health system-by-health system) and patient encounter-by-patient encounter basis, not only making them less accurate and efficient, but vulnerable to privacy and security lapses. (Think of the vast quantity of patient information breached when a hospital’s EHR or a health plan’s claims data base is hacked.)
More at: Electronic Health Records And HIPAA Security: A Design Problem Fixable With Blockchain Technology? – LLP – JDSupra
An NHS hospital breached the Data Protection Act when it shared confidential data from 1.6 million patients with Google’s DeepMind division.
This is the ruling by the Information Commissioner’s Office (ICO), which found London’s Royal Free hospital did not properly inform patients about the use of their data.
The ruling is embarrassing for the hospital trust and DeepMind, but didn’t result in any confidential data being leaked.
Exposed in April by New Scientist, the agreement saw the hospital hand over personal data of 1.6 million patients to DeepMind, which uses artificial intelligence (AI) to improve the speed and accuracy of medical diagnoses.
The company’s Streams app aims to boost early intervention for acute kidney injury by providing doctors with alerts as soon as a patient’s health deteriorates.
The ICO was also not satisfied with the Trust’s belief that the clinical safety testing of the app amounted to direct care – only in this setting is there no need for patient consent.
More at: DeepMind access breached NHS data privacy rules – Pharmaphorum