Blockchain’s “Missing Link”

Following the Links to the Emerald City

When I first heard of Bitcoin, I was fascinated. It was like a tech toybox for me- cryptography, computers, global communication and money. Shiny. What’s not to like? As both a technology and finance geek, the advent of a purely digital currency seemed like the natural next step for money. I had to learn more.

As I researched Bitcoin, I found out that it was enabled by an underlying group of mature technologies collectively called “blockchain.” This platform could potentially be used for an unlimited number of distributed, synchronized applications. Suddenly we could have global, secure transactions at the speed of synchronization without intermediaries. Poof! No more lawyers and the potential for the masses to attain effective tax rates comparable to rich, major international corporations. “How does the story get better?” I asked myself.

But it did get better. I discovered the concept of a “Decentralized Autonomous Organization”(DAO). A new form of a corporation defined entirely by computer code running upon a blockchain. Each DAO’s organization, governance, behaviors and all of its business relationships are determined entirely within computer code shrewdly labeled as a “smart-contract.” Once initiated, a DAO is enabled to function as an ongoing entity requiring no human leadership, no enforcement, no political structures, no intervention or external laws to operate. DAOs hold the promise to eliminate escrow, settlements, and the need for trust others to carry out their contractual obligations or face the hassles and costs of enforcement. Just software acting with computer precision on clear rules that each party agreed upon.

I began to speculate beyond cost savings and regulatory solutions. Could we be witnessing the emergence of a new market form based upon a purely “Digital Political Economy?” Were we seeing the nascent form of an economy that was driven and enforced by contracts running on computers in an open, transparent, self-enforcing manner? One that could not be gamed, rigged, altered or devolve into cronyism? The prospects were stunning. Given the potential economic gains, I knew that sooner or later, there would be a test case to see whether blockchain contained the seeds of a new market structure.

The way of the DAO

Part 1: “To understand the limitation of things, desire them.” – Lao Tzu, the Dao de Jing

In May, 2016, I watched the formation of the “DAO” project closely. The DAO was a decentralized autonomous organization based upon a “smart-contract” running atop Ethereum blockchain technology. Because I don’t read Solidity (the code which the DAO was written in), I had no other choice but to rely upon those that wrote the DAO contract to explain it to me. As I understood, the DAO was to:

  1. Raise a fund of Ether (ETH) over a 28 day “creation period” commencing at April 30, 2016, 09:00 UTC and ending at May 28, 2016, 09:00 UTC.
  2. At the end of the creation period, the pool of ETH was to be used to fund Ethereum blockchain based projects.
  3. DAO funded projects were going to be owned by the DAO with any proceeds from their activities being distributed to DAO token holders on a percentage of ownership basis.
  4. Once initiated, apart from one exception, the DAO was to function solely on the basis of its smart-contract. While DAO members would vote upon projects submitted, there would not be any human intervention needed for it to continue in perpetuity. All interaction with humans, funding, closing, DAO token distribution, project voting & approval, project funding, and ETH distribution to DAO token holders were going to be conducted strictly by the DAO’s smart-contract. Effectively, the distributed computer was in total control.
  5. There was one human interaction permitted. A group of 12 individuals were designated as “curators” whose primary function was to guard the DAO from proposals that could be potential scams. They were to review proposals prior to submitting them to the DAO and designate them as “whitelisted” if they passed several identity and authenticity tests.

The DAO project was a high quality proof of concept for DAOs and especially for “smart-contract” agency. Those who designed and wrote the DAO’s contract were among the core developers of Ethereum blockchain technology and Solidity, a computer language created specifically for Ethereum “smart-contracts”. With a premier technology team, clear presentation and transparent process, all the elements were in place to test the efficacy of smart-contracts and a decentralized autonomous organization under the stress of real world conditions. Like all initial experiments, I knew that there would be surprises, but the DAO’s technologists were best able to eliminate or address potential problems that could derail the test. I was expecting to see if my hopes for a “Digital Political Economy” were merely the last vestiges of adolescent idealism, or the initial step into a bright, new economic era.

Part 2: “Success is as dangerous as failure.” – Lao Tzu, the Dao de Ching

The formation of the DAO exceeded all expectations. Interest was very high and ETH poured in rapidly. The only snag that the DAO encountered occurred one day prior to the end of the creation period. A blog post by several noted experts called for a moratorium on the DAO in order to address potential security problems. Nevertheless, at the end of the creation period on May 28th, there were about 12 million ETH contributed with a USD equivalence of about 150M$. In keeping with the terms of the smart-contract, the assets were fully committed upfront thus eliminating the need for capital calls.

As an investable pool of assets, the DAO sparked a virtual frenzy of activity. Proposals for projects were crafted and floated to the DAO which included a full spectrum from near fantasy to non-fiction. Speculators noted the fund’s success and the ETH price climbed from $8.85 USD/ETH on the day the DAO creation period started to its all-time high of greater than $20 two weeks after the creation period ended. Pundits weighed in from many sides, each talking their book; some declaring that the “end was near” and that the DAO was doomed to fail without human intermediaries and governance. And others, declaring that a new economic era was dawning and blockchain was on the cusp of fulfilling its economic destiny.

However there were others watching too. Others with very different ideas on what to do with the DAO funds valued at nearly $250M.

Part 3: “The further one goes, the less one knows.” – Lao Tzu, the Dao de Jing

One of the features written into the smart-contract of the DAO was the ability for participants to exit the DAO by “splitting” off from the DAO after a waiting period. If an owner of DAO tokens invoked this clause of the DAO contract, then it would trigger a waiting period during which others could join the splinter DAO and exit as a group. At the end of the waiting period, all participants in the splinter DAO would receive their proportional ownership stake at the time of the split. It was expected that splits would be a natural process as contributors’ interests changed.

However, among the first groups to exit, one of the participants understood that the DAO’s “smart-contract” was in fact only a “needs-improvement-contract”. By invoking the DAO’s “split” code in a specific manner, the number of ETH withdrawn from the DAO was not limited to their proportional ownership based upon the amount they originally contributed. This meant that the total number of ETH in the DAO itself could be drained upon exit – even if your initial contribution was 1 ETH.

In the early morning hours of June 17th the waiting period for a split was completed and during the split, an unknown person used this “smart-contract” flaw to begin draining the DAO of the more than 12M ETH collected. Once noticed, a frenetic effort began to understand and stop the exploit. It was soon recognized that the there was no “hacker exploit” involved. The loss did not circumvent the inherent blockchain security architecture, and the “smart-contract” had not been altered or tampered with.

The ironic realization set in that the failure was not security, but in translating the intent of the contract into computer code. The DAO was being drained simply by using its “smart-contract” in an unintended manner.

Since the DAO was written as a completely autonomous, distributed organization, complete agency for the fund was committed to the “smart-contract.” Consequently, there was no provision for human intervention, no “off switch”, no measure to modify the contract should an error be discovered. Furthermore, it was now fully (and publicly) understood that the DAO contract was fatally flawed, unalterable, and unstoppable. The DAO was in peril of losing all of its contributor’s funds within 3 weeks of starting operations.

Table 1: Timeline to “DAOsaster”

Date Event ETH Closing Price (USD) *DAO Market Cap (USD M)
2016-04-30 DAO Creation Period Starts $8.85  
2016-05-27 Call for Moratorium on the DAO (due to security concerns) $11.29  
2016-05-28 DAO Creation Period Ends

12.07M ETH Contributed

$11.56 $140
2016-06-09 Blog post by Peter Vessnes published: “More Ethereum Attacks: Race-to-Empty is the Real Deal” warning about the possibility to drain any DAO contract via balance accounting in smart-contracts. States that notices of potential problems sent to key developers on 2016-06-05. $14.45 $174
2016-06-12 Founder Publishes Blog Post Titled,

No DAO funds at risk following the Ethereum smart contract ‘recursive call’ bug discovery

$15.66 $189
2016-06-16 ETH reaches all time high > $20

77% return since DAO Creation Period ended

$20.48 $247
2016-06-17 DAO is drained of millions of ETH by individual exploiting recursive send exploit warned of by Vessnes. There is no way to stop the drain because the smart-contract code is not altered, hacked or otherwise tampered with. No stop switch, no way to prevent the smart-contract code from executing as it is written.

ETH community is urged to join together to conduct a DDOS attack against the draining of the DAO.

$15.35 undetermined



“The DAO Strikes back”

Recognizing there was no way to stop the entire DAO from being drained, an unnamed group conducts a “whitehat” counterattack against the DAO to secure 7.2M ETH into a wallet that cannot be drained.

Market cap decline of 60% from high

$13.39 $96
2016-19-22 Anonymous group claims to file online complaint to Securities Exchange Commission (SEC), European Securities Committee (ESC), and Monetary Authority of Singapore (MAS) regarding DAO hack.

TCR1466578092053 suggests that they used the SEC’s Whistleblower website.

$13.39 $96
2016-06-25 Voting commences on “Soft Fork” of Ethereum blockchain code. Designed to render the ETH appropriated by the “Dark Side of the DAO” as Null and void. However, researchers at Cornell (which called for original moratorium) discover DoS vulnerability in the “soft fork” code. $12.27 $88
2016-07-20 “Hard Fork” in Ethereum code applied, erasing the transaction that appropriated the ETH from other investors. Immutability shown to be an aspirational concept rather than a fact. $12.15 $87
2016-07-21 Refund Period – DAO effectively dissolved and all contributors are able to retrieve their ETH. $12.15 – $11.09 N/A

*There is currently no official tally of ETH at the various dates.

Source: Chris Montaño, CFA, various articles


Fortunately, for an inexplicable reason, the drain on the DAO stopped after more than ¼ of the ETH had been taken. What ensued after the initial loss was more suited to a hacker exploit movie rather than the staid realm of investing (see Table 1.) In addition to the initial failure, the subsequent activity included an anonymous group that conducted a “counter-hack” and drained the DAO of all remaining assets in order to protect the assets from additional losses.

Ultimately, the funds were recovered, but not before the Ethereum blockchain was altered by a controversial “roll back” of the transaction that took the funds. The concept of “immutability” was dispensed but everyone that contributed to the initial fund now has the option to retrieve their funds.

The DAO of the Fiduciary

“It is better to do one’s own duty, however defective it may be, than to follow the duty of another…”        – Lao Tzu, the Dao de Jing

There has been an abundance of analysis on the technological dimensions of the “smart-contract” failure. And there are rigorous efforts to address many of the tech challenges with the code used to create “smart-contracts.” All these are critical for contracts on blockchains to live up to the marketing hype of “smart-contracts” rather than buggy contracts running atop blockchains.

However, I was, and remain troubled there has been no mention of what I consider to be the primary and most basic issue in this entire debacle. The first principal of investing is that agents owe a fiduciary duty toward those whose assets they are entrusted with. In the case of the DAO, a “smart-contract” was given agency over close to $150M of assets and would have lost it all within 20 days but for some equally dubious intervention that would be illegal in a regulated market.

As we look at wildly optimistic market and technology research on the impending era of machine learning, artificial intelligence, and “smart-contracts” running on blockchains, I suggest that now is a time that we assert the primacy of duty and agency. Regardless of whether an agent is a person, an artificial intelligence or a “smart-contract” on a blockchain, once agency is accepted, fiduciary responsibility IS immutable (unlike blockchains).

As we face the prospect of a “brave, new, fintech world”, I know of no current technology that can pass two legal tests of a fiduciary:

  1. Duty in the exclusive interest of clients.
  2. Professional competency – the “prudent expert” standard.

Flashy, shiny, new tech is important to experiment with and test in incubation labs and innovation centers. But until the “fiduciary test” can be passed by a machine, entrusting governance of any sort to machines, will inevitably prove to be a fool’s errand, as in the case of the DAO.

For me, it has been a full-circle lesson regarding the most human and fundamental element of commerce itself- trust. There is an acknowledged trust gap the domain of finance and investments has unfortunately earned. And I do hold out optimism and hope that we will see significant reforms from wise use of technology in finance. However, if we mistake technological prowess for fiduciary duty, we risk replicating the same mistakes in the technology realm that we have made in the financial management domain.


Could Blockchain be Good for our Health?

Part I: If Blockchain is a hammer, my world is made of nails

From the moment I heard of Bitcoin I was fascinated. The concept of a digital currency struck me as the next logical step in humankind’s progress. When I discovered that Bitcoin is enabled by an underlying technology called “blockchain” which has potential applications everywhere- I was all in.

However, shiny, new tech is ultimately measured in providing enduring solutions to big problems.  And product competition shreds away idealism, leaving either the steel thread of a great product or a failed solution.  Electronic Health Records (EHR) stands out as a central, problematic element in modern health care. In spite of regulatory mandates and the medical community’s calls, EHR seems to resist all rational product efforts.

Looking at the world through my blockchain tinted glasses, EHR seemed the perfect test. So I asked myself, “Does blockchain offer a natural, problem-solution fit for medical records? Is there a solid argument for a EHR based upon blockchain?”

Surprisingly, in spite of my unbridled optimism, I discovered some compelling reasons that blockchain merits serious consideration for Electronic Health Records.

Electronic Health Records: Lingua Franca or Tower of Babel?

In an information based healthcare system, EHRs occupy a central role. Borrowing from the disciplines of ecology and biology, EHRs are analogous to what are known as a “keystone species”. The defining attribute of a keystone species is occupying a unique ecosystem niche that “holds it all together.”  Without the keystone species, the entire food web as well as the physical environment collapses.

Similarly, our individual EHRs role in the growing digital ecosystem of modern healthcare are focal points that all stakeholders rely upon. (see Figure 1.) Virtually all medical services utilize EHRs for services delivery, diagnosis, prescription, procedure assignment, billing and payment cycles, population and medical research, and compliance. Without data from EHRs, the system grinds to a halt.

Figure 1 Keystone.png

Figure 1. Electronic Health Records Occupy a Key Role in the Health Services Ecosystem

Source: Chris Montaño

However, there is deep dissatisfaction among physicians and hospital executives regarding EHRs. This has reached a point where the AMA is taking an active role in shaping EHRs by issuing a framework of 8 Usability Challenges that it called upon EHR stakeholders to address. (See Table 1.)

AMA Usability Challenges

Enhance physicians’ ability to provide high-quality patient care. Poor EHR design gets in the way of face-to-face interaction with patients. EHRs should be designed to enable physician-patient engagement.
Support team-based care. EHR systems instead should be designed to maximize each person’s productivity in accordance with state licensure laws and allow physicians to delegate tasks as appropriate.
Promote care coordination. EHR systems need to automatically track referrals, consultations, orders and labs so physicians easily can follow the patient’s progression throughout their care.
Offer product modularity and configurability. Few EHR systems are built to accommodate physicians’ practice patterns and work flows, which vary depending on size, specialty and setting.
Reduce cognitive work load. Many physicians say that the quality of the clinical narrative in paper charts is more succinct and reflective of the pertinent clinical information. EHRs need to support medical decision-making with concise, context-sensitive real-time data.
Promote interoperability and data exchange. The EHR should be a coherent longitudinal patient record that is built from various sources and can be accessed in real time.
Facilitate digital patient engagement. Most EHR systems are not designed to support digital patient engagement.
Expedite user input into product design and post-implementation feedback. The meaningful use program requires physicians to use certified EHR technology, but many of these products have performed poorly in real-world practice settings.

Table 1. Physicians “Must Haves” for EHRs (Edited)

Source: AMA , Chris Montaño

Another looming issue is patient safety. As our medical system has become more complicated, patient safety is a growing problem that cannot be ignored. A recent study published by Johns Hopkins in the BMJ finds that medical error has now become the 3rd leading cause of death (see Figure 2.) When originally conceived, EHRs were seen as a means of preventing errors. Unfortunately, the lack of interoperability of the fragmented EHR market combined with a confusing coding system implemented differently by vendors has devolved into a rising concern. The Center for Disease control recently issued a report calling on Laboratory Professionals to wade into the EHR interoperability issues in order to address patient safety concerns.


Figure 2. Medical Errors are now the 3rd Largest Cause of Death

Source: BMJ

What’s Ailing EHRs?

The vision of an interoperable, HIPPA compliant, elegantly permissioned, highly usable and complete health record remains aspirational. Data are ultimately models of reality. And the truth reflected by data within EHRs is that modern healthcare is complicated and messy at the services, economic and regulatory levels. Health data captured in an EHR is often subjective, not collected or recorded in any uniform manner, and reflecting idiosyncratic workflows of individual caregivers. Health care visits are episodic, non-uniform and baseline information is often recorded during health crises rather than periodically. Thus far, no broad effort to contain the “wildness” of unstructured health data into a standardized model has been successful.

The dynamics within the EHR competitive landscape don’t offer any hope that “EHR kumbaya” with break out anytime in the near future. The market is lucrative, growing, crowded, and hyper-competitive. It is a fierce scramble for market share in an informational franchise on each individual’s complete medical history. If personal information is the new digital currency, EHRs are potentially a “printing press” offering multigenerational wealth to the company that captures this information market. Given these stakes, there is zero economic incentive for vendors to work together on standardization or interoperability.

Lastly, the administrative and bureaucratic dimensions of administering health care among the various stakeholders is complex and in no danger in simplifying anytime soon. Billing codes, local and federal compliance requirements, various industries’ competing interests, medical service specialization, and lack of engagement among stakeholders and the medical IT industry have fostered the current state of confusion.

What about the patients?

Ironically, patients are the stakeholders paying the steepest price and the only ones experiencing existential consequences (see Figure 2.). The frenzy to appropriate EHRs and develop ecosystems with network effects that lock-in patient information behind corporate firewalls have serious implications hardly discussed. Individual patients are paying the price through degraded quality of treatment and having our privacy and dignity associated with our most personal information being trampled upon. Adding economic insult to potential injury or death, we’ve lost control of our digital health records and share none of the profit from intellectual property stemming from our own digital record.  Meanwhile, individuals face opaque medical pricing schemas that are impenetrable and appear to be without any accountability.

Faced with systemic complexity, a massive market opportunity, de facto lock in of an arbitrage model for information generation and ferocious competition, it seemed the perfect test for shiny tech. I thought to myself, “If blockchain EHRs can offer any modest product solution for this multi-headed hydra of problems, there just may be a product in there somewhere.”

Part II: Take a Blockchain and Call me in the Morning

Armed with a serious, large and growing problem set, a very large market opportunity and a host of unmet user and stakeholder needs, I sought to assess blockchain’s capabilities for EHRs versus current solutions. My goal was to answer some basic questions about blockchain technology.  “Is blockchain mature enough to be considered for product development in an intensely competitive market segment? Or is it a nascent technology needing years of development prior to implementation?”

From a product development perspective, blockchain is not a standalone solution for implementing an EHR. Rather, it is an architectural component that enables a total product solution. A large portion of current EHR problems are outside of the scope of blockchain such as user interface design, workflow customization, usability and a large portion of customer experience. In these cases, blockchain needs to enable solutions to important user needs. Customers don’t use (let alone purchase) any product based upon blockchain (or any other technology.) Customers use products that solve their problems and meet their needs. So I asked the question, does blockchain today enable important solutions to customer needs that significantly exceed current solutions?

Blockchain enables solutions to EHR problems today- and tomorrow

Applying blockchain’s current capabilities to EHR needs, I found a natural fit offering advantages stemming from blockchain’s fundamental properties. (see Table 2. Blockchain Enabled EHR versus Contemporary EHR.) Since it is a distributed, synchronized ledger, blockchain is very difficult to tamper with. This provides strong record integrity but does not satisfy rigorous privacy needs as it’s lacking native encryption.  Because it is distributed, it offers high availability and resilience given that there are a sufficient number of geographically distributed nodes. Blockchain has proven that it’s capable managing many parties accessing it simultaneously and is able to reconcile the various events and transactions in an orderly fashion in a reasonable period of time across the entire network of nodes.

Patients are empowered by having ownership, access and control over their health records for the first time. Blockchain enables individuals to give permissions and access to necessary care givers for updates as well as contribute information for population health studies if they so choose. Since patients have control over their health records via blockchain and they are accessed and updated by various care providers, completeness can be achieved for the first time. Regulatory privacy mandates and individual permissions govern copying and reuse of individual health information.

Caregivers receive the benefits of interoperability as well as completeness of records with a blockchain empowered EHR. As patients see various specialists or care providers, each can update the same record blockchain EHR. These are 2 needs repeatedly cited as impacting patient safety. While physicians consistently complain about lack of usability, I think many of the issues of poor usability have little to do with a blockchain ledger. They are a mix of regulatory complexity, insurer bureaucracy, poor user experience design, medical specialization, cargiver workflows variances and complicated procedures and the various ways that health information is collected and reported.



Current EHRs

Blockchain EHR

Patients Access Partially met Met need
Ownership/Control Unmet need Met need
Completeness Unmet need Met need
Privacy Partially met Met need
Availability Met need Met need
Integrated messaging Out of scope Future capability
Automated monitoring Out of scope Future capability
Care-Givers Usability Partially met Out of scope
Workflow Unmet need Future capability
Interoperability Unmet need Met need
Completeness Unmet need Met need
Patient Safety Partially met Future capability
Availability Met need Met need
Billing/Settlement Out of scope Future capability
Regulators Compliance Met need Met need
Privacy Partially met Met need
Security Partially met Met need
Payors Verification of services Partially met Met need
Verification of coverage Unmet need Future capability
Billing/Settlement Out of scope Future capability
Medical Research Access to population health data Partially met Met need

Table 2. Blockchain Enabled EHR versus Current EHR

Source: Chris Montaño

Blockchain’s tamper resistance combined with its complete historical record makes it an ideal system of record. Regulators can use this for auditing and verification of compliance with HIPPA on privacy and access. Privacy needs would have to be met with encryption for individual records during storage and prior to transmission among the various parties. (Details on encryption can be found in the proposed architecture section.) Also, access to patient health information for use in government population health studies are enabled by patients granting use of their information if they choose.

Payors and insurers benefit from being able to audit delivery of services prior to settlement. While fraud from misrepresentation of services delivered is outside of scope, blockchain would make fraud due to record tampering obsolete. Cycle time for data record review and verification would decrease as well as accuracy.

Blockchain EHR Roadmap Offers Compelling Opportunities

While many stakeholder needs are not met today, continued development of blockchain technology offers capabilities that current architectures will be hard pressed to deliver.

  1. Building automated, intelligent transactions into the ledger
  2. Global regulatory syncronization
  3. End of revenue extraction from information exclusivity
  4. End of wholesale medical record theft

The ability to build automated, intelligent transactions into the ledger (a.k.a. “smartcontracts”) offers potential solutions to some of healthcare’s most troubling problems. For example, the opaque, labyrinth of billing and reimbursement cycles. Patients struggle with pre-authorization that payors claim is non-binding. And physicians outsource billing and reimbursement to clearing houses because the pain of getting paid by insurers is so great they are willing to pay others to do it. For example, insurers and payors give pre-authorization for one coded service only to discover later that another code has been entered.

Building intelligent transactions into a blockchain enabled EHR could create an authorization, services, billing, verification and reimbursement cycle where each party’s needs can be met. There could be automated pre-authorization as insurers place policy coverages onto the blockchain. Insurers can receive real time, automated, verification of services matched against insurance coverages and settlement and payments could be handled in a compressed time frame measured in minutes rather than weeks or months.

Hypothetical architecture

There are currently 2 methods for implementing blockchain technology:

  1. “Free Range” Blockchain. This is how blockchain is used for the digital currency, Bitcoin. It is a fully distributed, and an entirely open source code implementation in which anyone can participate. Originally viewed as self-funding and requiring no centralized management, there is currently a foundation that oversees development of Bitcoin. The incentives to establish a full node of the distributed ledger and pay for the costs of running it are derived from the “mining” Bitcoins and additional transaction fees for those that conduct business or send Bitcoins or various alternate coins.
  2. Permissioned blockchain platform implementation in a private network. There are numerous product innovation labs, experimental groups and efforts to commercialize blockchain. The private sector has focused on blockchain solely as an enabling technology and isn’t seeking aspirational elements such as decentralized governance or pseudonymity. From a commercial perspective, ambiguous identity could pose legal and regulatory risk. The solution is to have a blockchain implementation where all participants in the network have strong identities suitable for contractual and regulatory requirements. The cost of creating and maintaining the blockchain distributed network is borne by the organization that creates the permissioned blockchain.

Either “free-range” or permissioned blockchain EHR are possible. However, a “free-range” EHR is better positioned to meet needs of interoperability and individual ownership. Challenges of an open source EHR include resources for development and maintenance of the client solutions. Also, implementation and consulting services would be a grassroots effort until a large base of installations could attract professional services support.

I have developed a hypothetical architecture for a blockchain EHR (See Figure 3. Hypothetical Blockchain-EHR Upload and Figure 4. Hypothetical Blockchain-EHR Update by Caregiver). The components of the system include:

  1. A Client application on the patient’s personal computer
  2. Client application(s) on the stakeholder system (doctors, hospitals, insurance, etc.,…)
  3. A Distributed Storage Network (DSN)
  4. A blockchain to store information necessary to manage individual patient records

The patient client acts as our personal control center for our health records. It allows us to perform a number of important tasks including viewing our health care records, managing permissions for caregivers and other stakeholders to access, view, or update our EHRs. Importantly, it manages the uploading of our health records in a secure manner to a Distributed Storage Network (DSN).

Future capabilities of the patient client might include dazzling features such as managing automated monitoring and updating of EHRs via personal health devices such as sports monitors, implanted insulin administration and dosing, pacemakers and other various devices that are being developed. An integrated messaging and alarming capability could be incorporated to manage communication among the broad array of caregivers and ensure a complete medical record. If the privacy and security needs could be met, there could be an entire ecosystem of healthcare applications that could link to the system focused not only on therapeutics but healthy lifestyles and wellness outcomes.



Figure 3. Hypothetical Blockchain-EHR Upload

Source: Chris Montaño

Since blockchain is not presently suited for large data storage, the expected large amount  of EHR data suggests we need an alternate storage system. There are a number of efforts underway to use blockchain technology within a “distributed storage network.” Included in these efforts are Sia, Maidsafe, Storj, and Ethereum-based efforts. I expect a host of DSN efforts in a rainbow of designs and flavors to percolate forth. The DSN I used in my architecture is based upon the Storj DSN which is currently in beta testing. It is a geographically distributed group of storage nodes available for use to anyone. However, in the case of a permissioned network, the DSN nodes would belong to the company that operates the DSN. The clients in the blockchain-EHR parse a patient EHR into a group of smaller blocks of uniform size. These parsed blocks are then each encrypted and the cyphertext blocks are then individually hashed and sent out onto the DNS. These hashed shards of an individual record are geographically distributed, each are stored at multiple locations such that no location has the information necessary to assemble a complete group of hashed shards of an EHR. The client interacts with the blockchain to record locations of the hashed shards, and is able to audit for tampering using hashes.  The use of blockchain in the DSN means that we can use its multi-signature capability to manage access to the records for various stakeholders.

Security and privacy compliance in the blockchain-EHR far exceeds that of any of today’s EHR systems. The client ensures that no health record information is transmitted in cleartext. And since each parsed block is hashed, auditing for tampering can be integrated into the system with minimal effort. The DSN, contains no clear text of any type and since the blocks are identical in size and hashed files of encrypted information, there is no way to infer content or identity by file size. Since the hashed shards are distributed such that they are replicated across the network with no node containing a complete set of shards of an individual EHR, then even if a node was compromised, the bounty would be a massive set of hashed, encrypted shards of incomplete EHRs- each with their own private key.  Replication ensures disaster proofing as well as high availability of EHRs.

BlockChain-EHR Record Update.png

Figure 4. Hypothetical Blockchain-EHR Update by Caregiver

Source: Chris Montaño

Updates to EHRs are initiated by caregiver client machines making an access request to a EHR owner. If the owner chooses to grant access, multisignature capability in the blockchain verifies and grants access. The caregiver client then receives the necessary information to retrieve the shards which it validates with hashes, then decrypts and reassembles the EHR for viewing and updating. Once the update is completed, the caregiver client uses the same upload process as the patient client and messages the patient that their record has been updated.


Overall, I was more than a little surprised that there was a natural fit and compelling potential roadmap for blockchain enabled EHRs. The one caveat being that the distributed storage networks are early in development and in beta rather than deployed for general availability. If this component proves problematic, then storage of the burgeoning health care data set presents a major design challenge.

The current EHR market confirms the conclusion of natural problem-solution fit. There are several efforts comprised mostly of partnerships between entrepreneurial startups and large IT specialists. And given the potential and extraordinary market size, there are efforts currently underway  with many more to follow.

B-EHR Participants Details
Philips Blockchain Labs Philips Health IT

Gem Health


Multiple announcements with several partners. None which are definitive other than there is a Blockchain Lab
MedRec MIT student effort Latest publication
IBM IBM Launched blockchain services targeted at healthcare and other applications.
Estonian e-Health Foundation Estonian e-Government Infrastructure


EHRs at about $10 per record to participate.

Table 3. Incomplete list of EHR Labs and Efforts using Blockchain

Source: Chris Monaño

Author’s note: There were no Merkle trees altered in the research, writing, and editing of this article.

The Audacity of Hope Part II

In my prior entry, The Audacity of Hope, I told the story of Vann Nath, one of the few survivors of the infamous S-21 death camp. While no one is certain, the latest figures that I read were that 14,000 went in, 7 came out. One of them was Mr. Vann Nath. He passed away a month ago on September 5th. The Economist printed an eloquent obituary that can be found at this link.

I wanted to remember Vann Nath and the brief role he played in my life. While I never met him, I did commission a painting that he did entitled, “Hope”. I detailed the entire story in my prior blog post. I encourage you to read it and reflect on this remarkable person and his passing.

Why is this important to me? I think because at my core, I am a hopeful person. And I am touched by those rare individuals that are thrust into seemingly hopeless circumstances and demonstrate the strength of spirit to bring forth hope amidst great darkness. There is no training or degree or education that prepares one to be a person of great soul. Mr. Vann Nath was such a person.

I am posting a picture of his painting, entitled, “Hope”. May his spirit of hope amidst insurmountable challenges strengthen us.

Rest well.

“Hope” by Vann Nath

History as Destiny

*Author’s note. I dusted off this piece of writing that was 7 years old. After the RSA confab, seemed like this still has some relevance. So unedited, here it is!

“What has been will be again, what has been done will be done again; there is nothing new under the sun.”


It is old news that the Internet delivers global reach to large and small companies with a few keystokes. But there is another primary beneficiary of the Internet’s globalization effects- hackers. As the communications industry embraces packet switched networking we are witnessing the convergence between the domains of computing and communications. These once disparate realms are merging into a (seemingly) transparent, global network. Hackers are overjoyed that so much capital investment would be made in extending their reach and enabling grander exploits.

Hackers have gone upscale as well. The image of pierced and tattooed cypherpunks laboring in equipment-strewn rooms lit only by the glow of CRTs has been replaced. They are now highly recruited, highly paid, pierced and tattooed cypherpunks with well negotiated contracts from international corporations (and other organizations.) CRTs are out and flat screens are in.

Even more interesting is that, in spite of the spectacular success of the World Wide Web, the Internet continues to evolve. While capital investment has poured into the links of the Internet in the form of broadband networks using wires, optical fiber and radio waves, the Internet’s underlying protocols are not static. The anticipated emergence of the “Semantic Web” whereby computers interact with computers using “machine understandable” protocols (XML, RDF, OIL), promises to open up even more powerful services and efficiencies- for both commerce and hacking alike.

While the Internet really is a profound innovation in technology and commerce, the fundamental nature of its users remains essentially unchanged. Regardless of complex ontologies of Digital Content and Network Security (DCNSec), the fundamental goals of security remain quite simple:

keep the “bad guys” out from where they shouldn’t be

stop the “bad guys” from stealing what belongs to others

prevent “bad guys” from harming innocent people

ensure that honest people can do business


Whether we are talking about “meatspace” or “cyberspace”, security needs stem from basic human nature and our consequent behavior. This is not a technological issue but behavioral. Only now the capabilities require sophisticated skills in technology, finance and law. As long as innovation is applied to countering the threat of hacking, innovation will be applied to subverting those defenses- it is human nature. We believe it has always been so and we expect it will always be so.



Investment Theses

The question is, “What’s not digital?”– Virtually every communications network and information system including television & radio broadcast, movie distribution, financial records, medical records and database in the world is migrating to (or likely already exists in) a digital electronic format. Additionally, our physical infrastructure (e.g. water systems, power grids, etc…) is increasingly incorporating Internetworked control systems. With “digital data” forming the fabric of commerce, communications and ingrained into the infrastructure of our society- security is no longer an option.

Digital content and networks are inherently open platforms – The transformation to digital content and networks creates the need to develop a baseline measure of security. Packet switched networking was not designed with security needs in mind. Unlike some kinds of information transmission schemes (e.g. CDMA) in which the modulation technique delivers unintended, marginal security, there is no native embedded security in most digital content. DCNSec must be tailored and engineered as an overlay to an installed Internet. The rigorous work of incorporating security as a design factor is nascent at best and we question if the Internet as we know it can ever be “secure.”

The transition to IP networks is a forgone conclusion and now forms the underlying fabric of the communications network(s) – Packet switched networking has arguably been the most rapidly adapted communications protocol in the history of modern communications. Regardless of the transmission media (glass, air, wires), IP networking means that digital bitstreams form the unifying communications protocol going forward. It is our opinion that the digitization of communications networks and content has created significant and permanent opportunities in the digital/network security sector.

Security is fundamentally an economic risk management proposition not a technology challenge – The cost of security and the friction it introduces into a system must be weighed against the risks assumed by the level of security chosen. There is no single technology that can fully satisfy an organization’s security needs. Security is ultimately, like all risk management issues, an executive level decision. Unfortunately, there are no widely employed standards, methods, and metrics used to measure exactly what “security” is and the risks associated in the systems deployed (or lack thereof.) While the financial world has developed sophisticated risk management methodologies and metrics, there are no known methods to measure a company’s “information Value at Risk” (iVAR.) We anticipate that as the digital content and network security industry matures, quantitative standards of risk management will increasingly be applied as decision-making tools.

We do not believe that there will be an “endpoint” to the security challenge – While all markets eventually reach maturity, we believe that the challenge of securing digital content and networks has only begun. As long as individuals and organizations continue applying innovation to subvert DCNSec, there will be a need to apply innovation to the security problem. There are multiple threat models to consider spanning a spectrum of resources and sophistication. Security challenges stem from relatively harmless “cyberpunks” to malicious “blackhats”, to industrial espionage, cyberterrorism, organized crime and state-sponsored cyberwarfare and espionage. These multiple threats lead us to conclude that we have only seen the initial “leg up” in DCNSec and a long growth period is now underway.

Growing network diversity, application complexity and pervasive connectivity exacerbates the security challenge – From an end-to-end perspective, network complexity is increasing. New technologies and software from the physical to the application layer are increasing the challenge of defining and implementing security. Software complexity in device OSs at the ends of the network (as measured by lines of code) has increased by nearly an order of magnitude in the last decade. Wireless networking in particular is a security challenge. The proliferation of wireless networks in the home, public, and workplace (e.g. 2G, 3G, 802.1x, homeRF, Bluetooth, UltraWideband) is moving toward a “network mesh” whereby devices move across multiple networks and technologies providing an always-on network connection. Additional technologies such as embedded operating systems, expanded address space in IPv6, cheaper processing, cheap RFID chips and multiple wireless network connections are driving a pervasive network and computing environment with an explosion of the number of internetworked devices. There is no current system or standard to authentic devices roaming from network to network.

Cheer up, it’s going to get a lot worse – The next step in the Internet’s evolution is likely to make the current security challenges look simple. Most use of the Internet today revolves around the World Wide Web. The WWW is a collection of protocols that allows for the transmission and presentation of data from computers to users through web browsers. While servers can move and display information, processing is limited. However, the Worldwide Web Consortium (W3C) is in the midst of developing standards for the rollout of the “Semantic Web.” In the semantic web, computers will be able to process data from other computers. Essentially, it will make the content on the web “understandable” to the servers that manage and control the data and endpoint computers that access the web. We believe that the Semantic Web will enable new generations of software agents and web services along with unprecedented levels of data mining. The prospect of software agents that can traverse the Internet reading and collecting and processing vast amounts of data has profound security and privacy implications. Considering that the slammer worm inflicted most of its damage within 10 minutes, imagine the extent of the problem when a significant amount of information collection and processing is built into future “semantic malicious code.”

The geopolitical outlook suggests increasing priority on security efforts – The terrorist attacks of 9/11/01 have brought security issues to the forefront. While primary concern remains on physical security, clearly, digital content and networks remain vulnerable to attack and consequently, require comprehensive security solutions. We do not foresee this risk to diminish significantly in the near future. In fact, we see emerging threat scenarios as we understand the linkage between vital infrastructure and digital content and networks.

“A Store of Value”

When I took the intro course on money and banking I still recall the paragraph related to the definition of what money is… especially the sentence that stated… “a store of value.”

That has stayed with me. What I have since been continuously surprised by are the “values” I see reflected in the manner we go about acquiring, storing and using money. It has also got our national financial statement into a very tenuous position and even impacted our national security. I would like to believe that things will change going forward in how the financial world conducts its business… but I am skeptical. So I am taking a fall back position that hoping that perhaps our government can constrain the excess practices without stifling innovation. However, I see the utter compromised position that many advisors and political actors have in current or prior financial relationships with the financial services community and I doubt that as well.  So it will have to be grass roots that change things. Rats. That is usually pretty slow, disorganized and uncoordinated. But if it sticks… then it can be the most effective, but in my estimation, the least probable.

Frank Rich says it so well in his article here in the NY Times. He is so well spoken here and in my view hopeful. Perhaps we will take some steps forward and reconnect with core, free market values that reward us based upon value creation rather than value capture. One thing is certain, we will see.