Continuing our series of conversations following “Healthcare on the Blockchain” event a couple months ago (Day 1; Day 2) in Washington, DC, Medgadget had an opportunity to speak one-on-one with technology thought leader David Houlding. Both a moderator and panelist at the event, David was, at the time, Director of Healthcare Privacy and Security at Intel. Since then, David transitioned to a new role as Principal Healthcare Program Manager at Microsoft. In our conversation with David, we learned about his new role, Microsoft’s blockchain technology offerings, and dove a little deeper into the limitations, opportunities, and the current state of healthcare’s move towards blockchain-driven use cases and pilot programs.
Michael Batista, Medgadget: We originally connected at the “Healthcare on the Blockchain” event in DC last month where you were both an attendee and a speaker. What did you think of the event?
David Houlding: First off, thanks for taking the time for this follow up conversation. I thought “Healthcare on the Blockchain” was great and included both thoughtful conversations and opportunities for collaboration on ideas shared throughout the event.
Medgadget: At the event, you were with Intel as the Director of Healthcare Privacy and Security. Today, just a little while later, you’re with Microsoft! Can you tell us about that transition and your new role?
Houlding: Yes, you’re right, at the time of the event in DC, I was still with Intel in a role where I was completely focused on healthcare worldwide, and within that focus roughly 50% of my time was focused on privacy, security, and compliance while the other 50% of my time was focused on blockchain, artificial intelligence (AI), and machine learning (ML). I was at Intel, which is a great company, for 10 years but had an amazing opportunity with Microsoft in the cloud and enterprise group’s industry experiences team which is part of the Microsoft Azure segment of the business. In my new position, I am tasked with helping enterprise healthcare customers worldwide understand the tools available to help them achieve their business goals which can include things like improving patient outcomes. We understand that technology is only part of any solution and so our role is to help companies achieve their business goals and, as part of that, figure out what the best technology is to meet their needs.
Medgadget: When I think of Microsoft’s areas of interest, my mind does not immediately jump to healthcare. How does Microsoft see its position as a technology company supporting healthcare businesses?
Houlding: Microsoft has an extensive, worldwide field of healthcare account executives with longstanding relationships with a range of different healthcare organizations. Our relationship with healthcare is not only as an enterprise technology solution provider but also as an organization with a deep level of healthcare domain expertise, spanning the provider, payer, pharmaceutical, and life sciences healthcare segments. Many people think of the cloud as simply infrastructure as a service but in markets like healthcare, there’s actually a lot more software as a service and platform as a service, empowering healthcare to focus more on healthcare versus IT projects. Healthcare worldwide is also held to higher level requirements around things like privacy, security, compliance, and ensuring the availability of mission critical IT services. Microsoft Azure, as part of the spectrum of Microsoft as a whole, is our solution in the cloud space and also services many other industries including retail and consumer goods, manufacturing, insurance, and banking in addition to healthcare.
Medgadget: You mentioned that your team focuses on helping healthcare organizations find the right technology for their business needs. Let’s focus in a little on the context in which we connected: blockchain. How is Microsoft working with blockchains and helping healthcare businesses leverage this new technology?
Houlding: One of the most important things we do with specific technologies, like blockchain, is to help healthcare organizations understand what it can do and differentiate the reality of the technology’s capabilities and applications from the hype. With blockchain, we focus a lot on highlighting the technology’s prowess with integrity, availability, and enabling secure, targeted collaboration across a network of healthcare organizations. Following this guidance, Microsoft provides technologies to help healthcare organizations who have an interest in implementing blockchain-driven solutions take the next step.
One of these tools is the Azure Blockchain Workbench, a brand new rapid prototyping framework that enables any healthcare organization to quickly prototype a use case, spin up blockchain nodes, and deploy through the Microsoft Azure cloud avoiding the need for any in-house hardware. To be clear, the new tool is not a blockchain platform in and of itself, it is a framework that projects outputs into existing blockchains including Ethereum Enterprise, Hyperledger Fabric, and R3 Corda. As discussed during a couple sessions at the event in DC, the vast majority of healthcare use cases for blockchain are calling for private consortium blockchains, and in contrast very few healthcare use cases are targeting public blockchains. Azure Blockchain Workbench is focused on private consortium blockchains.
Medgadget: The Blockchain Workbench seems like an awesome opportunity for any type of organization to get their feet wet with blockchain technology. As a new offering from Microsoft, what are some of the short-term goals you hope to see come from the tool?
Houlding: A key goal of the Azure Blockchain Workbench is to empower organizations to quickly learn, rapidly prototype and deploy, test, and incrementally improve their understanding and application of blockchain technology. When it comes to blockchain technology implementations in healthcare, what we are missing are real proof points. We need pilots and other firsthand experiences by healthcare organizations that can then share success stories which the industry can digest, understand, and expand upon. We think the Azure Blockchain Workbench has the ability to facilitate these explorations and help organizations get to the point where they can say, “wow, this really makes sense and now, with more confidence and peace of mind that this technology can make an impact, let’s conceive more use cases that build upon early successes.”
Medgadget: How easy is it to get started with the Azure Blockchain Workbench? Is some technical skill required?
Houlding: The whole process is fairly streamlined, users create an account, specify rules based on a use case, and project the output into one of the three blockchain platforms. A software engineer working directly with any of the three target blockchain platforms would be developing at the file and console level. On the workbench, users operate at a much higher prototyping level of abstraction. While an understanding of technology at an architecture level is helpful, more important is the ability to define very crisp, clear use cases where blockchain technology makes sense. For example, a common misconception is that all healthcare data should live on the blockchain. An organization selecting their first blockchain use case should understand the concept of architecting their pilot in such a way as to use minimal and sufficient data to achieve their target use case and goals.
Medgadget: You mentioned that few healthcare applications are suitable for public blockchains. Why is that?
Houlding: Some use cases, like public health or projects such as from the Centers for Disease Control and Prevention, may lend themselves to the use of public blockchains such as Ethereum. However, most use cases lean towards needing a private blockchain deployed amongst a consortium of well-known and trusted entities prepared to share a ledger between them. One of the most important reasons for use of private consortium blockchains in healthcare is that organizations in this market transact data, and HIPAA limits how that information can be shared. Specifically, only authorized organizations and individuals should have access to PHI or Protected Healthcare Information. As a well-defined group of trusted entities who benefit from and are authorized to share patient data, healthcare networks can successfully utilize these private blockchains to solve many of their business goals while remaining compliant with applicable regulations and data protection laws.
Medgadget: You’ve mentioned “use cases” a few times. In finding a right use case, what might a healthcare organization need to consider?
Houlding: An important constraint with blockchains that many organizations do not initially realize is performance. If an organization wants to replace their large volume data storage or wants to use blockchains to handle a high volume of transactions taking place maybe millions of times per second, the performance limitation of blockchain makes these unsuitable use cases. Blockchains append new information to the ledger typically at a rate of hundreds or thousands of blocks per second on the high end but can go as low as less than ten blocks per second such as in the case of Bitcoin. This speed cannot manage millions of transactions per second and is therefore a limiting factor. We use this block throughput rate as a first sanity check when determining if blockchains might be a good fit for a given problem. Note that transactions can be batched into blocks so that each block on the ledger can contain say 100 transactions. This can boost the transaction throughput rate, but can introduce latency such that the time it takes for a transaction to get onto the blockchain depends on how long it takes to build a batch of the target size before appending it as a new block to the blockchain.
We talked already about the Azure Blockchain Workbench, another blockchain technology we’re developing at Microsoft is the Coco Framework. Coco, standing for confidential consortium, is also directed at private consortium blockchains. Unlike the workbench which uses third party blockchain platforms, Coco is a blockchain platform itself that is designed to address this performance limitation and facilitate higher throughput between entities or organizations who are highly trusted. Our approach to the framework uses a different consensus model assuming a higher degree of trust between nodes which enables Coco to streamline the consensus algorithm, or protocol the blockchain nodes use to communicate, to achieve block throughput rates on the higher end of what I mentioned, up to multiple thousands of blocks per second. In addition to improvements in performance, Coco is also stronger on the security side, and supports the notion of a secure enclave. This is basically armor provided from the hardware level that protects the confidentiality and integrity of core code and data running inside blockchain nodes, and makes it much harder for malware to compromise the blockchain system. If you look at breaches in the financial services space such as in Bitcoin, they haven’t occurred as a result of a compromised blockchain but rather due to breaches of endpoints like the blockchain nodes, wallets, and exchanges. We know breaches have been a problem in healthcare for several years. As we begin to think not only about mitigating risk of breaches of an individual healthcare organization but consortiums of organizations, use of blockchains ups the ante when a breach of one entity can impact all those across the blockchain network. As a result, proactive benchmarking and risk assessment for all healthcare organizations connecting to a blockchain will be necessary. A basic tenant of blockchain technology is trust and part of this trust is knowing that the information being sent on the blockchain and ultimately to other healthcare organizations collaborating via the blockchain is secure end-to-end.
Medgadget: That’s exciting to hear of another blockchain product coming from Microsoft. Just to be clear, these offerings achieve two separate goals.
Houlding: The overlap between the Azure Blockchain Workbench and the Coco Framework are that they both utilize blockchain technology but they are independent efforts. The workbench deploys into the three other blockchain platforms mentioned earlier while Coco is its own platform with a unique consensus algorithm to improve speed and security. To be clear, there are different flavors of the Coco Framework, one that works with Ethereum, another for Hyperledger Sawtooth, and others. The Framework is designed to ensure compatibility in the consensus between nodes.
Medgadget: Can you share some use cases or organizations using these Microsoft technologies?
Houlding: Both of these offerings are fairly new though large businesses outside of healthcare, such as 3M and Nestle, have already begun using the workbench. This year is all about piloting new healthcare use cases. The financial services sector is a bit ahead of healthcare but we think the next year or so is when the healthcare sector begins to catch up. Building networks and trust through successful use cases is the hardest part but once proven, we can finally push past calling it hype and see blockchain technology as something delivering real business value.
And it’s not just hope, we know there is a lot of energy and an appetite for appropriate blockchain use cases in the healthcare market. Before the workbench was even added to Azure, we’d already seen some initial healthcare use cases around clearinghouse, provider credentialing, provider directory, medical device track and trace, health information exchange, drug supply chain, and many others. Microsoft’s offerings empower any network of healthcare organizations to rapidly prototype their use cases, deploy to the cloud, pilot, evolve, and improve.
Medgadget: As businesses begin to pilot and experiment with blockchain technology, what should they keep in mind in terms of the regulatory landscape?
Houlding: Regulations and data protection laws do not preclude organizations from using blockchain, but they do shape it. Healthcare organizations should be confident that there are clear ways in which to utilize blockchains while remaining compliant with HIPAA. Any organization that is getting into blockchain technology needs to go in with eyes wide open understanding which data protection laws are application; and there are both short and long-term dimensions to that. Most pilots are geographically limited in terms of the organizations, nodes, and patients involved. However, a premise of a blockchain is that is it immutable. Therefore, the information you put on it Day 1 is there for the life of that blockchain. A program that begins local, grows nationally, and then expands across the globe will eventually cross over new regulatory data domains and trigger different requirements to comply with new associated regulations as it expands. As a result, there needs to be a conscious effort, achieved by engaging security, privacy, and compliances team from Day 1, to make sure that privacy and security of data is maintained, and compliance achieved throughout the lifetime of the blockchain, and across its geographical deployment scope.
At the conference in Washington, DC, I used the term “minimal but sufficient.” This concept should be used to evaluate any data stored on the blockchain in terms of its necessity to achieve the goals of the specific target use case. Personally Identifiable Information (PII) and Protected Health Information (PHI) should typically be stored off-chain in secure access-controlled systems and, more generally, in contrast we discourage organizations from putting all of their data on a blockchain up front and then figuring out how to use it later on.
Medgadget: Thank you so much for your time today David. Any last thoughts for healthcare organizations starting to or thinking about utilizing blockchain technology?
Houlding: Many healthcare organizations are pondering blockchains and have ideas about potential use cases, and business values they could achieve. My suggestion is to get started, pick a use case, build a prototype, deploy it, and begin getting hands on experience today, improve, and evolve. Ultimately those organizations that are early movers and start to gain hands on experience today will take the lead in moving the healthcare industry forward.