That is a good question. The answer is that you don't put the data in the blockchain, you just keep the log of who is interacting with the patient and who needs access to the records. ;)
Even which doctor someone visited is confidential data one ideally would not preserve when not needed anymore (and "ideally" might very well be law). Health data is messy, and I have trouble imagining a solution that puts it on a blockchain but allows only private access to everything and has a chance of fixing instances of leaked credentials while still getting value from the fact that there is a blockchain. (If there is prior work on this that actually goes into detail I'd be happy about pointers - sadly a lot of this stuff seems to end at the stage of whitepapers when it comes to public information)
>Even which doctor someone visited is confidential data one ideally would not preserve when not needed anymore.
Indeed, for example "John Smith went to see a HIV specialist on Monday" is protected information and would be a HIPAA violation if leaked. Its much simpler to throw it in a relational database and only let the HIV specialist and staff see the appointment.
https://brave.com/themis/ should be a good pointer about how to get an advertisement network that can avoid fraud and report views accurately while preserving privacy. The same principles could be applied to a permissioned blockchain that could be used by physicians and healthcare providers.
A public immutable and distributed log saying somebody sees various psychology specialists, or disease specialists over the course of a few years... this metadata is almost as personal as the raw data in many cases.
I am almost surprised that companies don't get into more trouble over location tracking. Your smartphone knows exactly when and how often you see a doctor.
All the doctors websites around here, including for specialists, use google fonts and google maps etc. I assume there is some metadata involved there too
I guess HN's pedantism will make me write a whole paper about what was supposed to be a simple example...
Anyway, both the example of advertisement and health care data need to also provide privacy. In both cases the data should be considered sensitive and not public. In both cases, the data can be protected through blind signatures.
