The potential for healthcare industry applications of blockchain and distributed systems is vast. Approaching the topic broadly, a number of themes emerge, highlighting the unique features of distributed ledgers: immutability, integrity and transparency. In this first of a three-part series, starting with auditability, we will explore these themes through the lens of practical use cases for blockchain technology in the healthcare industry.
Some argue that auditability is the key defining feature of blockchain healthcare. It is also an area of considerable administrative burden and expense in healthcare operations, and for this reason has been an immediate target for POC development.
A core function of any blockchain healthcare solution is to immutably record entries into a time-stamped and persistent replicated ledger. As stated in a recent Bitfury white paper, “The term ‘blockchain’ is derived from a hash-based linking among transactions, the main purposes of which are:
• Make blockchain revisions and equivocation detectable and costly (i.e., ensure accountability of block producers)
• Enable audits by computationally and space-constrained lightweight clients” (1)
Accountability is achieved by recording the base transaction data, transactional authorization data, identity and time-stamp information stored in the distributed ledger. Further, immutability of past recorded transactions enables blockchains to function as trusted repositories.
In this fashion, blockchain-generated transaction logs provide an essential foundation for continuous data assurance and further continuous controls monitoring. This foundation allows for the integration of a manager’s responsibility for performance of controls, with internal audit’s responsibility for assurance regarding those controls. Increasing coordination between management and internal audit minimizes duplicative and otherwise wasteful efforts. That value increases in use cases where those same or similar controls are required inside a partner institution.
Blockchain-enabled audit logs have further benefits. Continual transactional block generation also permits more complete auditing activities, going beyond random sampling to represent 100 percent of transactions. In addition, these immutable logs essentially function as “black box logs” without the need for a trusted third party to protect against auditor and/or management manipulation of the baseline transactional data. And in situations in requiring auditability between multiple parties, blockchain generated logs obviate the need for encrypted email, data feeds or other secure transmission methods.
This foundation makes blockchains ideal for auditing and compliance applications in healthcare including logging access to PHI, duplicate payment auditing, regulatory billing and payment compliance, excluded provider screenings, three-day payment window analysis, “sunshine law” reporting and MACRA (MIPS) and Meaningful Use attestation and compliance.
A brief example of a blockchain-enabled MU attestation auditing demonstrates significant cost-savings and efficiency gains. The EHR Incentive Program (MU) requires reporting of 15 measures for physicians and 9 measures for eligible hospitals in addition to accompanying cost reports and clinical quality measures (CQM). Documentation retention policies require providers to keep the underlying attestation documentation for at least a period of six years. Providers are at risk for years after attestation periods.
Such requirements impose significant cost and effort on participating healthcare providers. These costs are beyond the extremely substantial cost of selecting and implementing EHR platforms themselves. Compliance and audit activities also include stakeholder management, workflow and change management, risk assessment and governance and project management.
Meaningful Use attestation is tied to significant federal and state (Medicaid) incentive funding in addition to avoiding payment scaling payment penalties. To date, more than $23.8 billion in Medicare EHR Incentive Program payments have been made since May 2011. From state programs, more than $11.2 billion payments have been made since January 2011, when the first set of states launched their programs. (2)
Contrasting with the financial benefits of MU incentive payments, financial and legal risks are considerable. Under CMS audits, the documentation will be used to validate that the hospital accurately attested and submitted CQMs, as well as to verify that the incentive payment was accurate. Documentation to support payment calculations (such as cost report data) will continue to follow the current CMS documentation retention processes. Further, false attestations can trigger liability under the federal False Claims Act or related state laws. Additional expense associated with audit contractors, similar to the RAC audit program, is also significant. (3)
Hashed Health’s consortium members see auditing and compliance as a viable short or medium-term use case. Entrepreneurs, corporations and regulators interested in these or related use cases are encouraged to get involved as a way of becoming familiar with the technology and its horizon.
COO, Hashed Health
2. https://www.cms.gov/Regulations-and- guidance/legislation/EHRIncentivePrograms/DataAndReports.html