Security in the Wake of Increased Telehealth Use

The use of telehealth systems has become increasingly popular in the post-pandemic world. These systems facilitate the management of scarce healthcare resources and provide access to medical care for patients from home. This has been helpful as hospital systems and healthcare, in general, have been greatly affected by COVID-19.

Unfortunately, the same issues that plague in-person healthcare facilities are seen with telehealth. A lack of interoperability, security vulnerabilities, and access controls present significant challenges for healthcare institutions. With the added use of telehealth systems, providers find that many platforms do not meet HIPAA requirements to safeguard patients' privacy and data adequately, opening up the risks for both provider and patient.

Dragonchain can enhance telehealth and telemedicine services with a hybrid blockchain platform that offers unique capabilities to address these challenges while operating on a sustainable platform.

Privacy and Security

Transferring any type of unsecured data over the internet is vulnerable to being intercepted by bad actors. In 2020 the healthcare sector alone lost over $20 billion in revenue, lawsuits, and ransom payouts. Still, for most organizations, today security is an afterthought. With Dragonchain, privacy and security come first and lay the foundation of our architecture.

Hybrid architecture

Most of the telehealth systems in use today are private and centralized. The issue with these systems is that they have a central point of failure where a data breach is often the result of user error. Once access is gained to one part of the system it is easier to gain access to sensitive data throughout the system. Bad actors can use telehealth systems as a gateway to larger medical institutions.

Dragonchain offers many alternatives and advanced capabilities to counter security threats. We use a hybrid blockchain architecture as a security feature to mitigate risks associated with data breaches and nefarious actors. Unlike permissioned systems that make it hard to share data across networks or permissionless systems which can cause concerns for security exposure of sensitive information, our hybrid blockchain can seamlessly connect data between the two disparate systems allowing medical providers and patients to selectively share sensitive information with a public blockchain without risking exposure of private health data. This type of data segregation allows the system to be GDPR, CCPA compatible, and HIPAA compliant with safeguards for personally identifiable information (PII) from end to end.

Quantum Encryption

We offer quantum-safe encryption and signing capabilities integrated at the core of a hybrid blockchain architecture so that healthcare facilities can secure sensitive data at rest and in motion.

Ransomware and Disaster Recovery

Traditional disaster recovery systems offer no assurances of data accuracy or integrity and often fail when called upon. Dragonchain offers a customizable approach to disaster recovery protocols to ensure data is available when needed. The system is independently scalable so that healthcare facilities can mirror medical information without excessive storage fees. Every transaction is secured by leveraging Bitcoin and Ethereum for approximately $4 billion USD worth of immutable security and measurable proof every year. In the event that medical information would need to be retrieved like in a ransomware attack, providers can prove the state of data at any point in time to ensure data integrity.

HIPAA Compliant

HIPAA requires healthcare facilities and providers to adhere to strict guidelines to maintain patient privacy. The move to telehealth and telemedicine does not change these regulations.

The HIPAA guidelines on telemedicine make it clear that communicating electronic personal health information (ePHI) has to be HIPAA-compliant. Secure messaging solutions should include:

Only authorized users should have access to ePHI.
A system of secure communication should be implemented to protect the integrity of ePHI.
A system of monitoring communications containing ePHI should be implemented to prevent accidental or malicious breaches.

Opening more lines of communication between patient and provider will enhance healthcare workflows. To maintain compliance and offer proof to regulators, Dragonchain provides Enterprise NFT-based access controls to only allow authorized individuals access to ePHI as well as communication systems. These access controls can provide real-time auditing and measurable proof of compliance to regulators and patients of events during a telemedicine session.

Decentralized Identity Management

To maintain the privacy of its patients and employees, as well as ensure the security of Internet of Medical Things (IoMT) devices, healthcare systems, and providers can use Factor. Factor is a GDPR, CCPA, and HIPAA-capable decentralized identity management platform that increases security simplifies authentication, and reduces the risks associated with storing personally identifiable information (PII) storage. The system is interoperable with any other system as well as IoMT devices through a RESTful API integration.

Factor separates pieces of identifying information into granular elements to prove someone is who they claim they are without exposing unnecessary information. These granular elements called factors can be shared with interested parties individually or grouped together. The comprehensive system can be used to identify and protect against insider threats such as fraud.

Factor benefits the healthcare facility, providers, and patients. Factor puts patients in control of their own data to protect their identity and privacy while also limiting the liabilities to healthcare facilities and providers.

Dragonchain applies Factor to any IoMT smart device or sensor to prove the device trying to connect to the hospital system is in fact as claimed. Combined with access controls, Dragonchain can ensure the only one who has access to the device is the only one who should have access.

We can distribute access with Enterprise NFTs. These non-fungible tokens can be combined with Factor and programmed with specific rules and checks to ensure only individuals who are allowed to access information can do so. Retained in the NFT are immutable records to prove who accessed a particular data set and what actions were taken with that data. Unlike traditional physical badging, the bi-directional NFTs can be used in a mobile telehealth app to provide patient access to certain medical records, or a provider can use them to access prior health data from the patient. All information is stored on blockchain and provable.

Interoperability

A lack of interoperability amongst traditional hospital medical records systems, like Allscripts or Meditech, already presents communication challenges within the walls of a healthcare facility and telehealth systems are not immune.

Dragonchain’s patented interoperability technology connects disparate healthcare software systems through RESTful APIs. We use smart contracts to connect traditional systems that are otherwise not compatible. The smart contracts conduct all interactions between the two systems and could automate communications between disparate software, including EHR and IoMT devices.

Telehealth systems will rely heavily on interoperability. With Dragonchain, real-time data from at-home devices such as cardiac, glucose, or pulse oximeter monitors can be sent directly to hospital systems as well as healthcare providers to provide constant monitoring of health conditions.

Behavior Systems

Oftentimes it's the actions of employees and vendors that put data at risk and remote healthcare is no different. Dragonchain offers processes for healthcare systems to affect the behavior of its staff and offers providers ways to incentivize patients to follow prescribed healthcare initiatives. For employees, these behaviors can be anything from documenting the confirmation of patient identification before discussing sensitive information, to adhering to the facility's social media policy for confidentiality. For patients, it can be performing daily glucose or blood pressure checks. These incentives lead to decreased liabilities for the healthcare system as well as better patient outcomes.

Our behavior systems algorithms can be applied to address security and counter user fraud by incentivizing human behavior to adhere to best practices and improve system security.

Sustainability

The push for tracking an organization’s carbon footprint continues to be a top priority for leaders. However, since systems within the healthcare industry are inoperable, most institutions are unable to fully account for their carbon emissions. Blockchain is the obvious tool to track and account for climate-related data, however environmentally conscious leaders are concerned with the carbon footprint of the blockchains themselves.

Dragonchain’s interoperable and scalable platform is very energy efficient so that organizations can capture all their climate-related data in its entirety. Not only is our platform infrastructure (including managed nodes), by default, hosted in carbon-neutral facilities, but our verification platform, Dragon Net, operates at just 0.02 Watts of energy per transaction. More powerful than this minute amount of energy is the security it affords businesses. Dragonchain offers businesses verifiable proof of every business transaction that is secured with approximately $4 billion USD worth of network energy per year while using only 0.02 W per transaction. Businesses can use blockchain technology efficiently and responsibly while accurately recording and reporting their climate disclosures.

Telehealth systems can see many benefits from blockchain. Blockchain-based digital storage can accommodate the largest audio and video files associated with telemedicine visits. Smart contracts can also be used for managing revenue cycles, automating processes, and verifying data. Healthcare facilities and providers using telehealth systems can integrate with Dragonchain right now without any changes to their workflow process.