Medication Plans on The Blockchain – Building a Decentralised Application in Healthcare

The theme of this post is easily generalised to other use cases and serves as an example of how blockchain technology can shift power and trust in a well-established system, in this case the one of health care.

TL;DR

Medical prescriptions should be unified and digitalised. They should be resilient and controlled by the real owner of the prescription (and thus of the personal data). This can be achieved by a blockchain-based solution. A system of smart contracts in Solidity is proposed which achieves this and furthermore is modular and update-able. Some general advice on designing a blockchain solution is given.

What’s the problem?

How many of you know what iatrogenic illness means? I confess that prior to writing my Master thesis upon which this post is based, I also had no idea. So, to not keep you waiting, here’s the definition from Merriam-Webster:

ioatrogenic: induced inadvertently by a physician or surgeon or by medical treatment or diagnostic procedures

from the Greek word for physician (iatros). Add an illness to that and you have an illness caused by a physician. Now, it sounds like an oxymoron, but it is in fact more common than we would of course like to be. You can divide the causes for iatrogenic illness into so-called Adverse Drug Events (ADE) and, to be completely MECE*, other reasons. Other reasons would include things such as rough examinations, surgical errors (there’s a reason they draw arrows on the limb to be amputated) and so on. ADE includes all injuries or complications caused be medication, be it the wrong medication, drugs interacting in unintended ways and so on. [1] ADE has shown to be the most common cause of injury to hospitalised patients, and furthermore, the most preventable one.

Where is the problem coming from?

In fact, computer-based prescribing systems have been shown to decrease medication errors by 55% to 80% in a study from 2004. [2] It does not, however guarantee that the most severe of those medication errors are prevented by the usage of an IT solution. Among ADE’s, the most common form of avoidable medication errors are prescribing errors (i.e. an error made somewhere in the process of getting a drug to a patient). There is a list of sixteen classes of these prescribing errors, but basically they boil down to:

  • Knowledge deficiencies – among doctors, patients or pharmacist about drugs, other parties, et c.
  • Mistakes or memory lapses – e.g. a patient forgets what medication he/she is already on
  • Name-related errors – complicated-sounding substance gets mistaken for other complicated-sounding substance
  • Transferring errors – information is missing or incorrect once the order arrives at the pharmacist
  • ID checks – patient, doctor or pharmacist ID isn’t properly verified
  • Illegible handwriting (!)
  • Wrong type of document filled out

These errors all illustrate why prescribing errors are so common, but also why they should, to a large extent, be avoidable. [3] The thing is that, considering the current rate of prescribing errors causing damage or danger to patients being relatively low (ca. 2% [2]), its importance is overshadowed by more clinical research in medicine and is thus being overlooked by the research community and public in general. One reason for this could be the wide-ranging competencies required to implement a system for decreasing the rate of prescribing errors to zero. To do such a thing, one would require technical expertise within security and privacy as well as all the various skills for application development, one would also require medical and pharmacological knowledge, and essentially, one would need to have experience within information systems management.

A step in the right (digital) direction

To combat prescribing errors, many public health systems require or recommend that patients with more than three different prescribed medications have a unified medication plan which should theoretically contain all prescriptions. The effectiveness and quality of medication plans was examined in 2015 by a group of German researchers. The results were scary. 6.5% of all medication plans examined did not contain discrepancies! Where discrepancies means differences in drug names, additional or missing drugs, deviations in dosage, et c. In spite of this, or perhaps to improve the quality of medication plans, a law was passed in Germany three months after the publication of the medication plan review, which makes it mandatory for all patients with three or more medications to have a medication plan. In order to cope with the slowness of technology adoption in healthcare, up until January 2018, there is no requirement that the medication plans should be digital. Thereafter they should be available on an electronic health card (eGK). [4]

Considering the different types of prescribing errors we’ve identified, it is not difficult to translate those into some type of requirements for a system to solve those errors. The resulting requirements happen to fit very well to a blockchain system with smart contracts, therefore we’ll propose a design of a system of smart contracts to function as medication plan. Let’s look at the errors one by one and explain which requirements fit to them:

Knowledge deficiencies

To resolve this error, data regarding patients and their medications needs to be unified, available and guaranteed correct. There shouldn’t be multiple versions with equal or uncertain amounts of validity. Additionally, there should be little chance of the data getting lost or not available when it is needed.

Mistakes or memory lapses

It is completely human and expectable that a patient taking many different medication can’t remember the details of complicated names of each substance. This can be solved, however, by the unification of medication plans and assurance that all prescriptions are correct and active.

Name-related errors

See point Knowledge deficiencies.

Transferring errors

Through the unification of the various systems available currently, the process of transferring prescriptions would be simplified.

ID checks

Through the digitalisation and implementation of a permissions management system patients would only need some type of identification (could be biometric) to collect their medication.

Illegible handwriting

Assuming the doctor enters the prescription into a digital system and doesn’t write with pen and paper, this problem is practically eliminated.

Wrong type of document filled out

Again, through the unification of the different possibilities to prescribe a medication, there would be no such things as the wrong type of document. At least not inside the system.

Design choices in the solution

So what are the technical details one needs to consider when designing a blockchain-based system for a medication plan? I’ll describe the three most important design choices in this blog post. The three questions are:

  • Who needs to participate in the network?

In this case, the only users are doctors, patients and pharmacies. So to not take on additional risk regarding data exposure, only those who are on-boarded and verified through some separate process should be allowed to participate in the network. There are however some negative aspects of choosing a private or permissioned blockchain, one point being that there might not be enough active nodes to keep the consensus building at an acceptable fault-tolerance level at all times. This can be solve by some type of incentive or requirement that for example doctors keep a running node at all times. Another risk of running a private blockchain is that, when the amount of nodes isn’t very large, and the users consists of a specific group of people (such as doctors in Germany), then the risk of collusion becomes considerable. To combat this, the consensus-making should be well-spread geographically and demographically.

  • What data and functions need to be on the blockchain and what should definitely not be there?

In the case of a medication plan, the data which is required to be on the blockchain consists of three parts; user IDs, prescriptions and doctor/pharmacy permissions to prescribe/sell medications. Naturally, we can’t have plaintext information about patients and their prescriptions, even if it is a private network. Therefore, IDs are formed from a public/private key-pair (similar to bitcoin or ethereum), which should be generated by the user, on a user device. Prescriptions are only ever published on the blockchain as hashes, because even though the users theoretically are anonymous, it has been shown that Bitcoin transactions can be traced back to a person. [5] The permissions of doctors and pharmacies also need to be stored on the blockchain, in a smart contract to ensure that they aren’t manipulated or somehow overruled. Including permissions and sensitive data in smart contract means that extreme caution needs to be taken when programming them, to ensure that no syntactic or logical mistakes are made. The functionality needed on the blockchain is basically complimentary to the data pieces, getters and setters. But additionally, permissions needs to be handled on-chain.

    • How should the smart contracts be written?

There are relatively few resources by experienced smart contracts developers on best practices for building smart contracts, but mostly the general advice for writing good code (failing loudly and as early as possible, commenting, etc.) should be followed. There is however, so much to say about specific smart contract programming that it will be more explained in another blog post. Here, I’ll just talk about architecture of the system of smart contracts briefly.

In order to be able to keep an overview of the smart contracts and functionality used in the application, they should be as small and simple as possible, thus facilitating analysis. Ok, so say that you have a fairly complicated (not in a computational way) functionality to begin with, then you separate it into multiple smart contracts and end up with maybe five to ten of them. How are you supposed to keep track of them and increase the modularity of you system? Enter the contract managing contract. [6] It is basically a contract to keep track of (and manage) the different contracts in your system, it logs the addresses and names of each separate contract and provides another contract, the endpoint of the user-facing application, with the possibility to access them.

Conclusion

Designing an application for managing sensitive personal information needs to be resistant to failure, privacy-preserving and provide accountability so that any changes to the information can be traced. A very relevant use case for such an application is a medication plan. A suitable system for building the application back-end, is a blockchain-based system of smart contracts. Smart contracts programming is a fairly new phenomenon and is based on decentralisation, therefore much thought should be given to how such a system should be designed. A possible solution was drafted above.

*MECE stands for Mutually Exclusive, Collectively Exhaustive

References

1. Tierney LM. Iatrogenic Illness. Western Journal of Medicine. 1989;151(5):536-541.
2. The Epidemiology of Prescribing Errors, The Potential Impact of Computerized Prescriber Order Entry. Anne Bobb; Kristine Gleason; Marla Husch; et al, Arch Intern Med. 2004;164(7):785-792. doi:10.1001/archinte.164.7.785
3. Prescription errors in the National Health Services, time to change practice,
Hamid, Harper and Cushley et al., Scottish Medical Journal. Vol 61, issue 1, pp. 1-6. 21.04.2016
4. Full legal text available at: http://www.bgbl.de/xaver/bgbl/start.xav?startbk=Bundesanzeiger_BGBl&jumpTo=bgbl115s2408.pdf
5. Deanonymisation of Clients in Bitcoin P2P Network. Alex Biryukov, Dmitry Khovratovic, Ivan Pustogarov. Proceeding
CCS ’14, Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Pages 15-29, November 03 – 07, 2014
6. Monax – Solidity tutorials, https://monax.io/docs/solidity/solidity_1_the_five_types_model/, Accessed on 15/05/2017.

Wearable app ‚explore‘ succedes in field trial

We have been trialing our app explore in the field since the beginning of December together with our partner Serviceplan Group. Employees of the different branches of Serviceplan tested explore regarding stability and usability. After four weeks testing we can happily announce: explore has passed the test with excellence. The app runs smoothly and stable and will be used in the wild from January on.

Main user locations explore app, December 2013 (Source: Datarella)

The app users have been mostly situated in Germany, but explore was in use also in London, in Poland, Thailand and at the US West Coast, as you can see on the figure above. In an impressive way the aggregated paths and whereabouts map the main routes of the local transit services within Munich, including the lines to the airport, and also the most frequented areas in Munich city, Schwabing, Isarvorstand, and Sendling, and the south west:

explore Nutzung in München

Main user locations within Greater Munich, explore app, December 2013 (Source: Datarella)

All explore participants have been keeping on using the GPS functionality over the full span of the trial – no one has chosen the option to switch off the tracking, which can be done in the settings of the app. This is an important result of the trial: the feature to opt-out was notified to the users, but no one has actively quit the tracking. For the Datarella team this indicates clearly that GPS-tracing is generally accepted by the user, at least if she recognizes, she would get something back from it.

Apart from being able to map the individual paths, the GPS-tracking was deployed to ask the users questions about the specific places they passed by and about the corresponding time. Thus we could learn why a user would stay at the train station and what she would have done there apart from getting on a train.

Additional to the location specific questionnaires, we issued up to three surveys per day, each with up to 10 questions. These surveys covered the different parts of life: the job of course (it was not at last a trial with employees of a company), but also regarding leisure and other topics like general well being, media consumption, environmental concerns, and much more. To find an optimal compromise between the app’s usability and the operational feasibility of the results was one of the main task of the trial.

BarometerHow are you?

Survey: „How are you?“, explore App, format: Smileys 1=very bad, 5=very good (Source: Datarella)

This figure gives the format of the survey (as shown within the explore app) and how the responses could be analyzed (in our backend), for the example „How are you?“ („Wie fühlst du dich?“) from December 3rd to 18th. This question is part of the „mood barometer“ survey which can be answered by the user on a scale of five smileys. In the analysis, the weeping face corresponds to a value of 1, the beaming smiley to 5. This survey is presentet repeatedly and thus makes the mood trend visible over time.

How are you?

Survey: „How are you?“, explore App, format: Smileys 1=very bad, 5=very good (Source: Datarella)

This shall give only a small excerpt of the results of the explore field trial. We find it just awesome that the results have been so positive and we now deploy the app with a much broader circle of users. This will be announced early in January with another blog post. If you want to participate, just contact us. The app can be downloaded from Google Play.

We want to thank all participants of the field trial and look forward to continue with an enlarged user base. To all our readers we wish a good start for 2014!