Overall response for questions on FHIR Blockchain
An overview of the responses of questions is provided in Table 3. All participants have conducted research related to blockchain or FHIR and have at least 8 years of research experience in the field of medical informatics. The six key questions for identifying the feasibility of the minimally necessary on-chain information and deriving an appropriate FHIR blockchain architecture can be broadly divided into three areas: 1) storage and deletion issues, 2) legal or systematic impossibility issue for registration and 3) technical issues. Further discussions were conducted on the integration of FHIR Blockchain from all participants.
Table 3
Summary of the interviews for each question for deriving an appropriate FHIR blockchain architecture.
Category
|
Common opinion
|
Minor opinion
|
Storage and deletion issues
|
Baseline information to be stored on-chain
|
When a blockchain is used for the purpose of checking the integrity of data, the writer, hash, and timestamp are basically saved as baseline information.
|
The level of stored baseline information is a matter of legal or privacy issues patient rather than size or data type.
|
|
Data types that may be requested to be deleted
|
If information is stored in the blockchain, it cannot be deleted, so only the minimum amount of information must be uploaded.
Medical information, which is the patient's sensitive personal information, must be deleted when requested to be deleted.
|
It depends on what purpose the blockchain is used for, but in terms of verifying the integrity of the data, I think that the data uploaded on the blockchain cannot be requested to be deleted.
|
Legal or systematic impossibility issue for registration
|
Legally arguable data types
|
It is not appropriate to post information on the blockchain that can track diseases and treatments of specific patients.
|
All information can be stored except for personal identification numbers (e.g., social security numbers).
|
|
Data types impossible to be stored
|
Personal identifiable information should be excluded.
It is not suitable to register all data collected in the clinical field on the blockchain.
|
Without blockchain technical limitations, all data can store in blockchain.
|
Technical issues
|
Maximum size of a FHIR transaction (with appropriate performance)
|
Considering the purpose of combining the blockchain and FHIR (integrity and verification of information in transactions) and system cost efficiency, the maximum size is determined at a certain level.
|
Instead of discussion about the maximum size, we need to think about the direction in which transactions can be made with the smallest possible size.
|
|
What is required of real-time synchronization and what’s the case?
|
The identifier that verifies the integrity of the data must maintain real-time.
|
There are no cases where real-time synchronization is required (If real-time synchronization is needed, it can be sufficiently implemented with other methods such as DB or API).
|
Further discussion on the FHIR blockchain
|
Architecture and scenario
|
Blockchain is a technology, and it seems that there are various features depending on the applied domain or FHIR scenario. Detail architecture and scenario for FHIR blockchain is required.
|
There are cases in which the technology provided by the blockchain and legal provisions (for example, the right to be forgotten) conflict. Therefore, the blockchain FHIR architecture can be determined according to the selection of an appropriate medical area.
|
In the blockchain storage and deletion issue, all participants had the common opinion that writer, hash, and timestamp must be recorded as the baseline information to be stored on-chain. As a minor opinion, baseline information should be defined in terms of legal or privacy issues of the patient not technical issues of blockchain or FHIR. Among the items registered in the blockchain, there were two common opinions on items that could be requested to be deleted. First, because it cannot be deleted due to blockchain technology, the minimum information must be registered from the beginning. Secondly, sensitive personal information should be deleted upon request. As a minor opinion, if the purpose of using the blockchain is to verify the integrity of medical data (document or transaction), it should not be deleted even if there is a request for deletion.
In the impossibility issue for registration of blockchain, all participants agreed that it is legally and systematically difficult to register patient identifiable information on the blockchain. Or there was a minor opinion that only the minimum amount of information should be registered on FHIR Blockchain architecture as it is impossible to delete it after registration.
In the technical issues, when asked about the maximum size of transaction information that can be stored, the main opinion was that it should be calculated according to the purpose of use rather than the answer to the technical size. In the question of the type of data that should be guaranteed for real-time synchronization, most participants agreed with the identifier that supports connectivity with other data. Conversely, one participant argued that none of the data types in the blockchain require real-time synchronization due to the nature of the blockchain, which is a shared ledger.
In Further discussion on the FHIR blockchain, although all participants are positive about the architecture for integration of the blockchain and FHIR, they argued that the architecture should be configured differently depending on which medical domain will be used. For example, it can be applied in various domain such as EMR, cancer registration, and data exchange, but the functions or system configurations required for each area will be different. There was a minor opinion that the blockchain technology itself could conflict with the current legal provisions.
On-chain information in FHIR Blockchain
We categorized on-chain information in FHIR blockchain to the three levels: basic, advance, and ideal environments (Table 4). The basic level is literally a justification of “why use blockchain?”, as opposed to the ideal environment where “can do anything” based on the assumption that legal and technical constraint do not exist. Therefore, a real world FHIR-blockchain implementation may find an optimized level of on-chain information depending on its project purpose, restrictions, and trade-off amongst variables. All the interviewees agreed that the minimum information to identify a FHIR transaction should consists of hash which is the key identifier of all transactions, a writer who has the authority to record the blockchain, and a time stamp to record when the information is stored in blocks. The data types in the ideal environment may include several parts of the exchanged information, but even in that case it doesn’t necessarily have to store all the contents in the transactions, that will result in waste of bandwidth and blockchain performance.
Table 4
On-chain information type for storing the blockchain with FHIR transaction
Level
|
Data type
|
Feature
|
Basic information type for FHIR transaction
|
hash: a key identifier of transaction
Writer: an entity has right to write on blocks
Time stamp
|
Minimum set of information to identify a FHIR transaction
|
Advance information types for FHIR transaction with appropriate performance of blockchain
|
All of the above AND
Reference pointer (location to physical address of transaction data)
Message header (Request / Response)
Receiver’s signature
Receiver’s log of message read
|
Basic information of a FHIR transaction to verify and trace senders, receivers, and location of data
|
Ideally useful information type without appropriate performance of blockchain
|
All of the above AND
Metadata of transaction: FHIR resource ID, part of FHIR Resource instance, size of transaction / message, FHIR profile
|
Include part of FHIR message that can identify and reproduce transactions
|
Architectures for FHIR-blockchain integration
The qualitative content analysis revealed the four architectures of FHIR-blockchain integration shown as Figure 1. The architectures commonly assume existence of multiple EHRs that provide clinical data to transform to FHIR transactions and be consumed by client applications (e.g. mobile application, web site, etc.). Depending on the architecture, FHIR servers may or not be integrated with EHRs and employ its own data storage for FHIR message instances. In the middle of the figure describes potential on-chain data types from FHIR transactions. Details of the architectures and on-chain information are described in Table 5.
Table 5
Feature of FHIR-Blockchain architectures
Architecture
|
Feature
|
Use case
|
#1
|
A FHIR server runs on each EMR system, doesn’t have own data storage, and handles mapping and conversion of FHIR messages from EMR data.
|
A common architecture for implementing open FHIR APIs for healthcare information exchange and application development in hospitals
|
#2
|
A FHIR server runs on each EMR system, has its own data storage.
Data may be prepopulated and preprocessed inside the FHIR databases (i.e. caching)
Real-time processing of services to read/write EMR data
Data freshness is not guaranteed due to latency between EMR and FHIR databases
|
When need of certain preprocessing or conversion of data before transaction
Latency is allowed to some level (near real-time)
|
#3
|
A FHIR server functions as hub and performs mapping from multiple EMRs (may need a lot of bandwidth)
A FHIR server doesn’t employ a data storage and intermediates real time processing of services for read/write of EMR data
|
Real time services such as CDS (Clinical Decision Support) Hooks
In case storing data outside healthcare institute is legally infeasible
|
#4
|
A FHIR server functions as a hub and performs mapping data from multiple EMRs.
A FHIR server employs a storage and data may be prepopulated and preprocessed in the FHIR databases.
|
Service allowed of data latency (e.g. document retrieval service)
|