[crypto]

Update: I misinterpreted the EHR Data company update.

A friend kindly pointed me to the video currently on the front of their website. At 18:00 the CTO explains they will store data on the BSV blockchain

https://ehrdata.com/ 

This raises even more questions 4 me... https://twitter.com/pd_myers/status/1302076647680741377

1) I can't see how @EHR_DataInc could ever operate this system in the EU, because once they've posted my personal medical data to the blockchain it is *undeletable*.

2) Like with so many things in "crypto", the actual benefits of using a blockchain are tiny to non-existent, while the problems are insane. Blockchain wasn't designed to store data—and even those who think it is need to contend with the huge problems it creates.

3) At 18:00 in the video, the CTO explains "Why blockchain?" The only real actual benefit a public blockchain brings is that there's an immutable public record.

But why do you need this for medical data? That makes no sense.

Who actually needs their medical data to be stored in a way that can be publicly proven to be immutable? I want my medical data stored:

—by someone I trust
—safely

As a British citizen, the NHS do that for me already.

So that's the only real positive of using a public ledger. Now for the -ves:

4) If all my data will be stored on a public blockchain, then I presume it will be stored in an encrypted format. But, what this means is, ANYONE can access the ENTIRE chain with EVERYONE's medical data in the encrypted files.

It just takes the encryption on the data to be broken, or for the encryption keys to be stolen or leaked from EHR Data, and then the ENTIRE MEDICAL HISTORY will be available to whoever steals those keys.

It makes data theft MUCH MUCH easier than it is now.

Let's compare to current "non-blockchain" solutions.

At the moment, if you are an Australian citizen, there is an opt-out system for the government to store all your medical data for you:

https://www.digitalhealth.gov.au/ 

They store all your data, encrypted, on their dedicated servers. If I were Australian, then to steal my data, you not only have to obtain the encryption keys, but also get at the encrypted data itself.

Cf. @EHR_DataInc who store your entire encrypted health data **publicly**...

...all someone needs to actually get into it is the encryption keys.

So, a student in his underpants in a bedsit in Moscow can instantly download all the encrypted data on the treatment for your Sexually Transmitted Disease.

But it's "encrypted" so I guess it's ok?

5) At 10:00 in the video the CTO says they will "have a complete genome in our database" so that clinicians can make specifically targeted medical decisions.

What does this mean? They want to sequence **my** genome, encrypt it, and put it on a public blockchain?

So, let's say that nobody steals the encryption keys. And my data is safe

But, what happens if in 10 years time quantum computing makes current encryption methods obsolete?

Companies who store your data privately simply update their encryption algorithms to stronger mathematics

BUT! This is NOT the case for my data stored with @EHR_DataInc who have published my data encrypted with the—now defunct—mathematics **publicly**

...on an *immutable* blockchain

So, now all my medical data—including my genome it seems??—is publicly available & now decryptable

6) I am a British citizen. Currently that means I'm also an EU citizen, but that will change soon. My wife is now a dual British/Irish citizen and my children will be dual citizens soon too.

Our EU citizenship gives us a right to have our private data *deleted*.

I may or may not retain that right as a British citizen post-Brexit, but my wife and children certainly will retain is as EU citizens.

That means that @EHR_DataInc cannot ever store any medical data of my wife or children in their public blockchain, because...

...precisely by the fact that it is *immutable* it cannot be deleted.

@EHR_DataInc are apparently HIPAA compliant according to their website. I can't see how this system would ever be approved in the EU.

(Phew! at least I hope not)

END) There are, in my view, loads of other technical/legal/ethical problems.

But, I stand corrected: EHR Data really are planning to put people's entire medical histories on a "public blockchain".

From their recent announcement, I thought wiser heads had prevailed. Sadly no.