The promises of blockchain: The law behind crypto-health!

While the popularity of Bitcoin has gradually run out of steam, following the fall in its value, the general enthusiasm has now shifted to the technology that supported it: blockchain. The expectations fostered by this new way of transmitting information are such that blockchain is becoming an essential innovation theme in all sectors. Alcimed, a consulting company specializing in innovation and new businesses, examined the opportunities that this new technology offers to the healthcare sector, both in terms of promising perspectives and a changing legal framework.

Blockchain, a revolution of trust

Blockchain springs from the desire for information storage and transmission systems transparent enough to meet the requirements of perfect traceability while offering a sufficient degree of security to achieve true control over the circulating data. Behind the coexistence of these two apparently antagonistic qualities is a key concept: decentralization. Instead of relying on a central authority – a bank for example – to ensure the validity of the information exchanged, the role of a trusted third party is distributed among different actors in the blockchain. The choice of these actors allows to control the diffusion of the information, while the parallelization of the verification activity guarantees the security of the system: shared encryption.

While, in practice, the increase in confidence immediately translates into time and cost savings, in particular through the simplification of verification procedures, it also offers the possibility of embarking on innovative projects, requiring either perfect traceability or absolute certainty of the inviolability of the data used. This is enough to spike interest in all sectors and to establish itself as a major innovation driver.

The charms of crypto-health

As the healthcare sector is a universe largely based on trust, it is only natural that it should take an increasingly interested look at the horizons opened up by blockchain. The enthusiasm is palpable and can be seen in the strong actions taken, with Sanofi investing in Curisium, a US company involved in the exploitation of this technology, at the end of 2017. The numerous expectations seem to focus on three main areas: the fight against counterfeit medicines, improving transparency in medical research and securing medical data.

Sunny Lake, for instance, is leveraging blockchain by offering a digital ecosystem dedicated to clinical research, promoting data accessibility and transparency; Guardtime has used it (in association with the Estonian eHealth Foundation) to secure the medical records of over one million Estonian patients. Another company, Embleema, offers people the opportunity to regain control of their health data by providing them with a platform for centralizing and sharing their health records. The blockchain-based platform offers services ranging from data visualization to financial compensation for the use of data. However, these ambitious projects raise concerns which tend to materialize through new regulations.

On-going construction of the legal framework

On May 25^th, 2018 the General Data Protection Regulation, commonly referred to as the GDPR, entered into force in all countries of the European Union. While the very principle of blockchain technology is not explicitly affected by this new regulation, there are questions about the compatibility of some of its articles with the fundamental concepts of blockchain. In addition to the problems of transferring data outside the EU or establishing smart contracts, it is Article 17, concerning the “right to be forgotten”, which seems to be the most problematic in terms of the functioning of blockchain which in principle is irreversible. However, ways of resolving the issue seem to be emerging, with the CNIL recommending, for example, that the blocks not contain personal data in plain text, but in an encrypted form. The encryption keys, enabling the reading of this data, would be external to the blockchain and the possibility to destroy them at any time could be a guarantee of the thorny “right to be forgotten”.

Beyond their intrinsic value, such regulations reflect a global – or at least European – desire to build a legal framework that is in line with the social changes resulting from the development of new technologies. In this regard, a continuous readjustment of the regulations governing blockchain based on the leading practices is highly conceivable. There are therefore two areas of work ahead for companies: to succeed in adapting to the legislation in force while avoiding being at the origin of activities, which are legal today, but which will in the future risk being criticized.

“It is important that companies do not become obsessed with wanting to stick to a legal framework to the point of forgetting what really matters when developing this kind of unprecedented technology. It is a question of establishing ethical reflection and sustainable communication habits because it is ultimately people, not laws that must be convinced.” concludes Delphine Bertrem, Head of Alcimed’s Healthcare Business Unit in Paris.