Vous êtes sur la page 1sur 9

CHEAT SHEET

Speaking your language. In the


 Privacy is primary. Privacy and security
 Healthcare uses. Blockchain applications
 Fraudulent violation. There are two


healthcare industry, blockchain has are essential to the success of promote efficiencies by reducing blockchain characteristics that may
three applications: 1) it employs blockchain. Make sure to stay abreast administrative costs and delay in the lead to allegations of fraud: (1) the
cryptography to immutably record of changing privacy and data security contractual promise. With regard to use of the crypt-currency such as
transactions and ensure integrity; 2) laws to ensure that using blockchain payment models in the healthcare Bitcoin, and (2) the potential for having
it is a distributed platform that keeps does not lead to infringement. industry, blockchain can be used to blockchain technology control referrals.
many copies of the transactional create a common platform to administer
ledger; and 3) it enables transactional payments and adjudicate claims.
automation via smart contracts.
Blockchain
Meets
Healthcare:
Understanding the
Business Model and
Implementing Initiatives
By Les Wilkinson, Jason I. Epstein, and Roy Wyman The way we think of healthcare IT (HIT) is
undergoing a radical shift. HIT resources currently revolve around central hubs
and intermediaries for data and transactions. Hospitals, payors, electronic health
record (EHR) vendors, supply chain management companies, and others serve
these roles at great cost in time and money. The entire healthcare industry, like
many others, is considering blockchain technologies to deliver more efficient
ways to share and use data and transact business in secure environments.

ACC DOCKET SEPTEMBER 2017 57


BLOCKCHAIN MEETS HEALTHCARE: UNDERSTANDING THE BUSINESS MODEL AND IMPLEMENTING INITIATIVES

A recent survey from IBM indi- A shared ledger between a set of entities that decentralized and distributed net-
cates that 16 percent of healthcare faithfully records a series of transactions, works. Blockchain is often referred to
entities may already be working with without needing trust and a smart contract as a distributed ledger technology
blockchain in 2017. Often businesses platform, for embedding scripts that run (DLT). Instead of using a clearing-
interested in blockchain may not fully across the network and can add new entries house or EHR to provide centralized
understand how the process works or to that ledger. Some systems are permis- functions, a blockchain technology
applies to them. This article provides sioned (where entities are named/known), application could be managed by the
a summary of blockchain, identifies and others are unpermissioned (where network of participants in effect,
legal issues, and discusses some of the anyone can participate, even anonymously). computers that validate transactions
exciting possibilities and challenges by consensus (or, at least portions of
to execution. As lawyers, our goal Blockchain has exciting applica- the job of these intermediaries could
should be to understand blockchain tions in healthcare because it, among be made more efficient and less costly).
business models and use cases, other things: The evidence of any transaction in
avoid the hype, and help our clients
Employs cryptography to the blockchain is in a shared ledger
determine if and how to implement immutably record transactions, and that is on every computer participat-
blockchain initiatives. thus ensure transactional integrity; ing in the network. Because of the

Is a distributed platform that algorithms coded into the protocol
Origin of blockchain technology automatically keeps many copies layer, network participants operate
The origins of blockchain lie in the of the transactional ledger in within systems of carrots and sticks
advent of Bitcoin, the decentral- consensus, which ensures integrity that reward participants for correctly
ized virtual currency. Bitcoin can be in transactions among many validating transactions and penalize
thought of as three layers of tech- enterprises; and, them for attempts to game the system,
nology: On top is the actual digital
Enables transaction automation thereby creating a trustless system. The
currency that bears its name; in the via smart contracts, allowing even practical effect of this is that there is
middle is the protocol layer, which greater transactional efficiency and no trusted intermediary required to
enables and provides utility to the savings. verify a transaction (and expecting to
currency; and at the bottom is the collect a service fee). All of the ledgers
Bitcoin blockchain that forms a Here is a graphic representation of and transactions are encrypted using
trusted or perhaps better stated the difference between the traditional, cryptography, so any unauthorized
trustless record of all Bitcoin transac- centralized network and a distributed changes would be recognized im-
tions that have ever been executed. blockchain network: mediately. Because of the algorithms
The blocks in blockchain are the One of the defining attributes involved, unauthorized changes are
ordered, time-stamped, and digitally of blockchains is that they are highly unlikely.
encrypted records or transactions
connected to the immediately preced-
ing block. The blocks are connected  Les Wilkinson is general counsel and chief development officer at Nashville, Tennessee-based
through cryptographic algorithms or company Hashed Health, a leading consortium of healthcare companies focused on accelerating
hashes. The chain of blocks is thus meaningful innovation using blockchain and distributed ledger technologies. He manages
called a blockchain. strategic partnerships and corporate development. lwilkinson@hashedhealth.com

The language of blockchain Jason I. Epstein is a partner and co-leader of the Technology and Procurement Group at Nelson
Industries are coming together to form Mullins in Nashville, Tenn. He also is an adjunct professor at the Vanderbilt University Law
consortia such as R3 for financial ser- School, where he teaches Law of Cyberspace. Epstein has experience in blockchain, AI,
vices and most recently HashedHealth cognitive computing, Internet of Things, electronic signatures, cloud computing, privacy and
in the healthcare space. Projects security, and open source code, as well as many other technology issues facing healthcare and other companies.
like Ethereum and Hyperledger are jason.epstein@nelsonmullins.com
working to collaboratively build an
open-source, cross-industry protocol Roy Wyman is a partner and member of the Healthcare Regulatory and Transactional Team at Nelson
blockchain platform for use beyond Mullins in Nashville, Tenn. He previously served as chief privacy officer and associate general counsel
cryptocurrency. There is no single defi- for a leading hospital staffing firm. Prior to that, he was senior legal counsel for CVS. In his practice,
nition of blockchain, but Hyperledger he counsels healthcare companies on the regulatory and transactional aspects of day-to-day
provides a pretty good one: business matters, including the integration of technology into their operations. roy.wyman@nelsonmullins.com

58 ASSOCIATION OF CORPORATE COUNSEL


Permissioned blockchains are simple as a patient granting access to Despite the hype, many of the legal
networks with known participants. her healthcare record to her doctor issues related to blockchain are not
Unpermissioned blockchains are through computer programming. Also, new and can be found in technology
open networks where participants are personal health information can live practices generally. These include
not known. Some blockchain applica- behind a smart contract that requires issues found with open source
tions have both types of participants. proof of an executed business associ- initiatives, intellectual property and
Depending on the industry, knowing ate agreement, which could also be patents (including the defensive use
who is on the network may not only be confirmed through programming. of patents), privacy and security,
desired but legally required. In health- As discussed more fully below, many electronic signatures, and contracts.
care, for example, it will be important times it is the application used in con- Likewise, the regulatory issues that
to control which providers and other junction with the blockchain that pro- arise in a healthcare setting largely
entities have the ability to access and vides the greatest value in healthcare. remain the same: Federal Trade
control patient data managed by block- The convergence of blockchain and Commission requirements regard-
chain applications. Another example is artificial intelligence (AI), for example, ing privacy and other statements;
in the financial world, where know- is giving rise to what some refer to as Health Insurance Portability and
your-customer and anti-money-laun- cognitive contracts, which are smart Accountability Act (HIPAA); Family
dering statutes require identification contracts that have auto-executing Educational Rights and Privacy Act
of customers. As mentioned below, contract features on the DLT, with an limits; and European Union Data
sometimes those regulations can be AI component. In such cases, the AI Protection Directive requirements.
addressed by combining blockchain learns over time to help with more per- In addition, having an understand-
technology for transactional efficiency sonalized medicine decisions based on ing of the small but potentially grow-
with applications on or off the chain personal habits, family history, review ing number of laws specific to block-
which use blockchain but then and analysis of massive amounts of chain often is required. As with any
reconnect identities. research data, and other unstructured new technology, addressing those is-
Another attribute of blockchain data points. sues may require new approaches, but
technologies is the concept of a smart we believe that they can be conquered
contract, which is a computer pro- Legal issues in blockchain with sufficient creativity.
gram that sits on top of the blockchain. As with other technologies, practic- A threshold question for clients
It facilitates and completes a transac- ing law in the blockchain space re- using or developing blockchain ap-
tion automatically and often is referred quires the application of pre-existing plications is the view toward open
to as self-executing. In the healthcare legal constructs with an eye toward source. Open source technology is well
context, a smart contract could be as new issues. established and, like blockchain, comes

ACC DOCKET SEPTEMBER 2017 59


BLOCKCHAIN MEETS HEALTHCARE: UNDERSTANDING THE BUSINESS MODEL AND IMPLEMENTING INITIATIVES

Privacy and security are a primary


Executive summary issue for technologies, and blockchain
is no exception. One of the biggest
When most people hear about blockchain, they think of Bitcoin, the virtual attractions to blockchain is that it is
currency. But blockchain is a lot bigger than Bitcoin. In the years to come, secure and immutable. Blockchain uses
blockchain could enable magnitudes of efficiency in many business sectors,
cryptography to encrypt each block in
with special implications in intellectual property, financial services, mergers
the chain, making it extremely difficult
and acquisitions, insurance, and anything involving the security and exchange
of data. It is this last sector data and security that will make it attractive to hack. Each transaction and record,
to healthcare, an industry built on layers and layers of medical, patient, and for the same reason, is also immu-
reimbursement data in which security is mandated and regulated. table. If any transaction or record is
tampered with, it will be recognized
Blockchain is a distributed ledger of transactions that is validated and by the other ledgers on the chain and
maintained by all the computers in its network. Every user has a real-time copy rejected. Hashing and encryption are
of the ledger, and for a transaction to be validated, the other computers on the familiar concepts in the world of elec-
network must authenticate the integrity of each past transaction contained tronic signatures and contracts. Digital
in linear blocks of data to give permission for a new transaction. There signatures and records are similarly
is no central server to hack into, and all users are authenticating one another
encrypted and provide very reliable
before a new block of data can be added to the chain of data.
evidence if needed as proof.
The promise for healthcare is a secure system for improving audit and
Electronic signature and contract
compliance processes, financial and contract management, resource tracking laws also apply to smart contracts
and verification, and overall data liquidity at a cost that is a fraction of todays generally. The Electronic Signatures
centralized databases. in Global and National Commerce
Act and the Uniform Electronic
Blockchain has the potential to revolutionize how we think about and use Transaction Act (UETA), for example,
data, but we are in the early days. The promise of blockchain is too much for are the primary laws establishing that
business to ignore, and networks are forming to build and test early-use cases. no signature or transaction will be
Look for financial services to lead the way as an early adapter, and health care denied legal effect merely because it
shouldnt be far behind. is in electronic form. The definitions
of electronic signatures and elec-
tronic records already include smart
with its own emotions and confusions. was licensed under a copyleft license, contracts, but a potential gap could
Open source purists, for example, the GPL-3. To be compatible, all of be the scope of those laws. The scope
require that a contributor release its the contributors to the Etherium code of both laws relates specifically to
own source code along with the code would need to agree, in effect, to reli- transactions in the business, includ-
received under the open source license cense it for use under the Apache 2.0 ing commercial (including consumer)
(often referred to as copyleft, recip- license. This effort failed, and so did and governmental spaces. While
rocal, or viral licenses). Others view the collaboration. Again, open source most smart contracts would still fall
open source in a broader sense in that is not new, but a knowledge of it is re- within those parameters, in health-
it can include copyleft licenses but is quired to assist clients in navigating the care, for example, there could be a gap
now required to do so. open source landscape in blockchain. where a patient merely wants to share
This is a key issue to address repre- Obtaining and using patents for protected health information with a
senting blockchain consortia or the de- offensive and defensive use is also professional. While that sharing of
cision to participate in an open source not new, and it has been an issue in information may not qualify under
project. In fact, this led to the incompat- open source licensing. Apache 2.0, the scope of the laws, the related shar-
ibility of two of the major blockchain for example, includes a patent license ing of insurance, payment, and other
entities: Hyperledger and Ethereum. that grants the licensee any licenses transactions clearly would qualify.
The Hyperledger Project uses an necessary to use the code with- Vermont took the opportunity be
open source license, Apache 2.0, that out infringement. The license goes a first mover in blockchain, recently
does not require releasing any modifi- even further, stating that any patent passing a blockchain-enabling law
cations to the software received under licenses issued to the user under the that creates a rebuttable presumption
it. Hyperledger wanted to collaborate license terminate if the user initiates a of authenticity from an evidentiary
and connect Etheriums code, which patent lawsuit. standpoint. The report to the Vermont

60 ASSOCIATION OF CORPORATE COUNSEL


legislature, Blockchain Technology: suggest different definitions? Clearly, organizations). A blockchain-supported,
Opportunities and Risks, gives insight there are some gaps to fill, especially in coordinated, decentralized framework
into Vermonts desire to create more specific circumstances, but perhaps it is for tracking and reporting these pay-
certainty and foster an environment time to consider the creation of uniform ments would address these issues.
of acceptance around blockchain. The state or federal laws. Only time will tell, Blockchain applications promote
report briefly discusses the potential but these issues illustrate that lawyers efficiencies by reducing administrative
issues with UETA and is careful to note must provide input into the debate costs and delay in multiparty contrac-
that the states law will not affect UETA. around emerging blockchain laws. tual processes. There is tremendous
This concept is not new in the interna- promise in the potential for blockchain-
tional community. Digital signatures, Healthcare use cases enabled technologies to support innova-
known as qualified electronic signatures Healthcare is dominated by closed, tive payment models. The use of block-
in the European Union, are digitally controlled operating systems with a chain to create a common platform to
encrypted and are given a presumption lack of interoperability between data administer payments and adjudicate
of validity under the new EU regula- silos. These operating systems are con- claims would address the roadblocks of
tion eIDAS. An interesting question, trolled by market competitors with a trust and payment administration costs
however, is whether we will begin to see highly complex and overlapping regu- currently inhibiting those efforts.
a patchwork of different laws with dif- latory framework. At a high level, use Furthermore, such a system could
ferent definitions and standards. cases for blockchain can be thought of bind an individuals benefits to the
Arizona took a different tack by in the following general areas audit payment mechanism itself. The idea
recently passing a law that amended and compliance, financial and contract of programmable payments opens the
the Arizona version of UETA, the management, Internet of Things (IoT), door to new payment models and new,
Arizona Electronic Transactions and data liquidity with identity value-based market concepts.
Act (AETA). AETA was amended to management and security, privacy, and Additionally, a distributed platform
state that a signature that is secured confidentiality applications that span could become an enabler of self-orga-
through blockchain technology is those core areas. nizing care teams that take clinical and
considered to be in electronic form Blockchain offers the promise of an financial responsibility for the man-
and is an electronic signature. Further, immutable, single source of truth from agement of conditions and delivering
a smart contract transaction may not multiple enterprise sources. Physician care. Payments could be tied to quality
be denied legal effect solely because Payment Sunshine Act compliance gates. Such payment models are not
it contains a smart contract term. provides a good example. The Sunshine limited to our current concept of bun-
Arizona provides its own definitions Act was passed as part of the Affordable dles, and they can serve to support the
of smart contacts and blockchain that Care Act to shed light on financial physician-focused models emerging as
are different from Vermonts. relationships between drug and medical a priority of the new administration.
As this article is written, Nevada is device manufacturers and doctors in A common legacy IoT use case lies
in the process of amending its elec- order to control costs and help patients in securing high-value assets in the
tronic transactions law to define block- make more informed decisions when supply chain. In many cases, health-
chain and include it in the definition choosing healthcare professionals and care providers, manufacturers, and
of electronic records. It also forbids treatments. The law requires manufac- suppliers still suffer from a wasteful,
boards of county commissioners or turers of pharmaceuticals, biologics, and inefficient supply chain. IoT solutions
city councils from imposing taxes or medical devices to collect and track data are being deployed to help solve these
fees on the use of blockchain. regarding payments and other transfers problems, but current systems have
UETA and eSIGN are decidedly of value that they make to physicians their shortcomings caused by data
technology-neutral laws. They do not and teaching hospitals, including physi- centralization, which results in system
assume or discuss any particular type of cian ownership and investment interests, inefficiencies and security risks.
technology platform. The rise of certain and electronically submit such data to For example, current methods can
state laws are designed to address or cre- the Centers for Medicare & Medicaid track when a shipment arrives but re-
ate certainty around blockchain technol- Services. This creates a daunting admin- quire an invoice, internal ticket, account
ogy. Does the fact that Arizona amended istrative challenge and risk of duplica- payable review, and disbursement.
its electronic signature law mean smart tive reporting when there are multiple Blockchain solves these issues by decen-
contracts were not already covered, entities making payments on behalf of tralizing the control of registration, veri-
or was it merely for clarification? Are a manufacturer (e.g., clinical research fication, and ownership, chronologically
various state and federal laws going to organizations and group purchasing tracking activities from each device.

ACC DOCKET SEPTEMBER 2017 61


BLOCKCHAIN MEETS HEALTHCARE: UNDERSTANDING THE BUSINESS MODEL AND IMPLEMENTING INITIATIVES

Filtered device data can be translated to Perhaps the most heralded use cases operates the HIE. Examples include
blockchain application program inter- for blockchain in healthcare stem from the Nationwide Health Information
faces and business rules established by the idea of universal data interoper- Network (NHIN), a program estab-
participating peers that can then trigger ability. Most of us are familiar with the lished by the federal government that
real-time workflows, alerts, invoicing, troubles caused by data silos. The upside uses a common set of agreements
or payment. Current tracking methods, to interoperability includes facilitating among participants. Other gover-
if tied to a blockchain in the future, more effective patient-reported out- nance approaches have been adopted
could register delivery of a product come measures, data management, and in California, and in several, such as
and automatically trigger requests for self-sovereign consumer health data ag- Manifest MedEx, a separate entity has
payment. Device wallets could enable gregation. Credentialing provides a good been created that serves as a central
machine-to-machine transactions that use case. Providers must be credentialed control structure.
are not possible in todays centralized and approved to treat patients, write Before HIEs were popular, manage-
systems. The result would be improved prescriptions, and receive payment. Yet, ment services organizations, integrated
trust, accountability, transparency, and oftentimes, more than 20 percent of physician associations, physician-hos-
automation between devices. the data in a payors directory that lists pital organizations, and numerous oth-
Recently, the Illinois Department credentialed providers is incorrect. The er types of arrangements were used to
of Innovation & Technology an- current process of confirming provider integrate diverse entities. Again, these
nounced new blockchain use case credentials, granting privileges, and arrangements often lacked a single,
projects that it seeks to develop with enrolling physicians in payor networks central entity to control governance,
industry partners, with each project is managed in many different systems, and decision-making was pushed to
utilizing light-touch regulation, making it difficult to keep it current. The the edge of the entity, with a mixture of
community building through educa- credentialing and enrollment processes collaboration through committees and
tion and outreach, and the integration are lengthy and cumbersome, rife with dispersed control where each entity
of the technology through use cases. inconsistent data formats and workflows. controlled its own, limited sphere.
While still in its early stages of devel- A blockchain-enabled, decentralized, Theoretically, blockchain should
opment, one use case would reconcile transactional layer that allows providers, permit the epitome of decentralized
healthcare provider data from the health systems, and health plans to share governance. The structure itself has no
Centers for Medicare and Medicaid updates and corrections of provider data central control, and the rules govern-
Services, the Drug Enforcement files in real time will address these issues. ing transactions are written directly
Agency, state licensing boards and into the code that sits atop the DLT.
insurance providers and act as a single Healthcare blockchain legal concerns Stated starkly, by using the software
source of licensing information for Healthcare has a long history of ad- resting on the distributed ledger,
providers and payers. One can easily dressing novel and complex models. some would argue that the individual
envision such a use case creating far This history, at a minimum, provides is agreeing that the software code
more efficient and accurate creden- hope for resolution and perhaps some is, itself, the law. In at least one case,
tialing practices and protecting both guidance on specific answers from a however, the code for a smart contract
providers and the public. legal standpoint. on blockchain technology itself was
Connected devices of the future can exploited. In that case, cryptocurrency
enforce contracts, enable new collat- Governance software had a bug that permitted a
eralized finance models, and execute Many of the issues relating to gov- single user to divert approximately
payments. Digital certificates can prove ernance will, to those familiar with US$50 million, a significant portion of
authority, origin, and compliance. healthcare arrangements, sound the total value in the currency.
Transfers of ownership of pharmaceuti- familiar. Recent trends toward edge Such diversion, however, complied
cal, medical equipment, and all other computing, for example, are nothing with the networks rules and, apparent-
assets become properly structured and new to HIT, where the rise of health ly, the relevant law. In such a situation,
auditable. IoT data can be monetized information exchanges (HIEs) more does the network simply accept the
in new ways that empower patients. than 10-years ago created dispersed outcome as an unfair windfall? Is the
Connected devices will help shift more networks, often without the need for a blockchain network permitted to split
services out of expensive hospitals to central repository. Governance of these the chain called a hard fork and
the home or an alternative site where networks took many forms, from com- fix the software?
patients can access services at a lower mon agreements executed by all parties As is often the case with technology,
cost and risk. to creation of a centralized entity that the issue does not arise in the context

62 ASSOCIATION OF CORPORATE COUNSEL


of a purely technological environment, associate agreement (BAA), allowing or may not be acting on behalf of such
or a purely human context, but rather it to access such records. We believe an entity. If one assumes that the nature
in the rough patches where human that this fear misunderstands both the of health records will remain fixed in
and code interactions take place. If the nature of a distributed ledger and the amber, regardless of technological ad-
community were comfortable allowing nature of HIPAA. vances, and that EHRs will remain the
software to control all outcomes, then With regard to the ledger, each same, except resting on top of a distrib-
there would be no governance issue. If block within a blockchain will hold a uted ledger, then a business associate
the network relied solely on tradition- relatively small amount of information. agreement between the relevant covered
al, dumb contracts, the legal system As such, space within the blockchain entity, such as a hospital, and the party
would address the question. per se is cramped, and there would holding the PHI would make sense.
But our expectations of justice tend never be sufficient room to hold all of For numerous reasons, however, we
to bump up against the hard-and-fast the records for every individual within doubt that a blockchain-dependent
realities of living in a world controlled a good-sized EHR. To get around this, EHR would necessarily be operated by
by software. Ultimately, how these the blockchain uses data pointers to a traditional healthcare provider. One
issues are resolved whether by ac- non-blockchain storage where data is of the great advantages of the technol-
ceptance of all outcomes, invocation kept. The pointers are encrypted so ogy is its ability to give individuals
of traditional legal structures, or some that security is retained while not over- control over data. If an individual
hybrid likely will evolve, much like stuffing the blocks. As such, to say that patient is able to access, distribute, and
the technology itself. In the interim, each computer in the network would control his or her own data, why would
communities supporting a blockchain need a BAA because each maintains a hospital need, or even want, to main-
often will act after the fact to coordi- protected health information is incor- tain the data for nonclinical purposes?
nate a response to these situations. rect only the location of the actual Instead, when an individual visits a care
Other communities, seeing these protected health information (PHI), provider, a smart contract could auto-
risks, will create structures to discuss pointed to by the blockchain, would matically transfer relevant information
and coordinate. The hope that a sort of maintain such PHI. regarding the details of the visit to the
governance meta-software sitting on One might assume, then, that a relevant payor or could simply confirm
top of the distributed ledger could be single BAA with the entity maintaining the nature of the visit and automatically
drafted to resolve these issues, at this the actual PHI would be required and credit the providers account with the
stage, seems overly optimistic, given the sufficient. HIPAA, however, is not so relevant amount of money.
vagaries and incredible creativity of hu- straightforward. Rather, a BAA is only Patients are not covered entities
man beings in creating new problems. sufficient when a business associate, under HIPAA. Because the patients
such as a vendor, is acting on behalf of information is controlled and main-
Privacy and security a covered entity such as a healthcare tained solely by the patient and/or an
Privacy and security concerns are areas provider, payor, or clearinghouse or on entity acting on behalf of the patient,
where one might argue that current behalf of another business associate. In no covered entities are implicated and
laws make DLT difficult, if not impos- this case, the party holding the data may HIPAA becomes irrelevant. We believe
sible, to implement in certain circum-
stances. Certainly, the structure of laws
and regulations like the administrative Estonia and Dubai are blockchain innovators
simplification rules of HIPAA assume
a world that involves centralized con- In the United States, there is great hope that blockchain can help us curb
trol over records and did not envision our addiction to inefficient, high-cost healthcare. But perhaps the most
exciting opportunities for distributed ledger solutions exist in the global
blockchain technologies. Nonetheless,
public health arena. Leading examples are Estonia and Dubai, which are
we believe that well-designed block-
implementing electronic medical records on blockchain to enable the use
chain structures can avoid many of of secure and reliable health records, create efficiencies, and allow patients
the pitfalls found in state and federal to take control over their own records. Further, public health problems
privacy and security laws. related to medical record portability, medical identity, siloed disease
For example, some have assumed registries, provider access, and immature health supply chains are more
that for electronic medical record pronounced in some of the developing world. Many other locales have the
software to set on top of a blockchain, potential to leapfrog legacy infrastructure and regulatory concerns that, in
every person in the blockchain net- many ways, have become a limiting factor for progress in some markets.
work would need to execute a business

ACC DOCKET SEPTEMBER 2017 63


WANT MORE ARTICLES LIKE THIS? VISIT US ONLINE AT WWW.ACCDOCKET.COM.

a third error in the naysayers concerns Nonetheless, there are two block- other words, the rules contained in the
is the assumption that HIPAA and chain characteristics that may make Stark Law, anti-kickback statutes, and
other laws will also remain encased in these issues relevant. other statutes could be contained in a
amber. While the law can be slow to First, the most famous (or infamous) smart contract, reducing the likelihood
respond, respond it eventually does. use case for blockchain is in cryptocur- of fraud and the ever-present risk of
The speed with which Arizona and rency and, specifically, Bitcoin. While inadvertent violations of these complex
Vermont have implemented changes such a use case has great value in prov- statutes and regulations. Of course,
in law specific to blockchain suggest ing the ability to create and maintain many of the regulations addressed in
that, even if the technology outpaces value in a currency without a central- this section are incredibly complex and
legal structure for a time, fixes to such ized bank or intermediary, Bitcoin in open to interpretation, making them
shortcomings can and will be imple- particular has gained notoriety as the difficult to fit within a software pro-
mented to promote the ends of those go-to currency of illicit trade. We see gram. Our, perhaps nave, hope is that
laws increased security and privacy no reason why those wishing to illegally smart contracts and other technologies
of personal information. reward referrals would not similarly use would encourage legislators and regula-
Likewise, clinical records could be such currency. This concern, however, is tors to draft straightforward rules that
controlled by both the provider and far from unique to healthcare. are code ready such that they could be
patient, and a smart contract could set Second, and of greater interest per- enforced automatically via software.
rules for how data would be accessed and haps, is the potential for having block-
shared. The provider, its agent, or an un- chain technology control referrals and This transformative
related third party could house the data. payments that limit the ability to game technology will take time
payors such as Medicare. The ability to Blockchain has the potential to be a
Fraud and abuse automatically pay verified claims could transformative technology in health-
Another area that healthcare counsel limit greatly the opportunity to make care, and, as with any new technology
must address regularly relates to improp- false claims. platform, adoption will take time. But
er payments and bills, including statutes Likewise, when a provider deter- make no mistake, blockchain will affect
such as federal and state anti-kickback mines that a patient needs a referral healthcare in a very meaningful way,
statutes, physician self-referral statutes to a specialist or for a service, soft- and industry, government, and consor-
such as the Stark Law, and actions under ware setting on the blockchain could tia will do their best to accelerate its use.
federal and state False Claims Acts. automatically generate the needed Our job is to make sure we understand
These regulatory constructs are referral and control the ability of a the business models and then help
not likely to be implicated by typical physician or other provider to refer the clients break through the hype with
blockchain use cases per se. We eagerly individual to an entity with which the answers, or at least help identify issues
anticipate the first article on whether provider has a financial relationship. that need to be tackled and, if possible,
participation in a blockchain provider It also would prevent a provider from provide some action plans. Staying on
community would be deemed a refer- billing for services or viewing records top of emerging legal issues, and figur-
ral by each member of the network. of an individual not referred to the ing out what is new and not new, should
Our short answer is no. provider or approved by the patient. In help us do our part. ACC

ACC EXTRAS ON Blockchain

ACC Docket The Future of Contracts: Explanation, Regulation, ACC HAS MORE MATERIAL
The Rise of Fintech: An Impact Automation, Blockchain, and And Litigation of Virtual ON THIS SUBJECT ON OUR
WEBSITE. VISIT WWW.ACC.COM,
Analysis and Blockchain Case Smart Contracts (Dec. 2016). Currencies (Oct. 2015).
WHERE YOU CAN BROWSE OUR
Study (April 2017). www. www.acc.com/legalresources/ www.acc.com/legalresources/
RESOURCES BY PRACTICE AREA
accdocket.com/articles/the-rise- resource.cfm?show=1454306 resource.cfm?show=1414841 OR SEARCH BY KEYWORD.
of-fintech.cfm
Program Material Top Ten
Technology and the Power of the Smart Contracts (Oct. 2016). Top Ten Tech Tips for
Easily Overlooked (April 2017). www.acc.com/legalresources/ Corporate Lawyers (May 2016).
www.acc.com/legalresources/ resource.cfm?show=1445248 www.acc.com/legalresources/
resource.cfm?show=1455651 publications/topten/top-10-tech-
tips-for-corporate-lawyers.cfm

64 ASSOCIATION OF CORPORATE COUNSEL