This is an open-access article distributed under the terms of the Creative Commons Attribution License (https://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work, first published in the Interactive Journal of Medical Research, is properly cited. The complete bibliographic information, a link to the original publication on https://www.i-jmr.org/, as well as this copyright and license information must be included.
This study attempts to explain the development and progress of the technology used for sharing health information across health care organizations (such as hospitals and physicians’ offices). First, we describe the strengths and weaknesses of traditional sharing models, health information exchange (HIE), and blockchain-based HIE. Second, the potential use of nonfungible token (NFT) protocols in HIE models is proposed as the next possible move for information-sharing initiatives in health care. In addition to some potential opportunities and distinguishing features (eg, ownability, verifiability, and incentivization), we identify the uncertainty and risks associated with the application of NFTs, such as the lack of a dedicated regulatory framework for legal ownership of digital patient data. This paper is among the first to discuss the potential of NFTs in health care. The use of NFTs in HIE networks could generate a new stream of research for future studies. This study provides practical insights into how the technological foundations of information-sharing efforts in health care have developed and diversified from earlier forms.
People may need to visit different health care providers (such as specialists) in their lives because they may encounter various health issues. Providers need to access accurate and complete patients’ past medical records to make informed treatment decisions and increase the effectiveness and efficiency of care delivery. Accessing limited or incomplete information can cause duplication of health care services, such as laboratory tests and repetition of therapy. In addition, as physicians need to search for missing information, administrative costs increase, which could cause delays in providing care and slow down the providers’ workflow. Thus, it is essential for treating physicians to access, integrate, and share patients’ test results and medical procedure records conducted by various providers. However, health care organizations are not necessarily affiliated and may use different systems and standards for storing patient information (such as diverse electronic health records [EHRs]). Seamless sharing of personal health information (PHI) is a demanding project in a highly fragmented US health care system [
As no human participants were used, this study was exempted from obtaining approval from an institutional review board.
The first sharing method in health care was a paper-based exchange or mail transmission. Gradually, health care providers used other conventional methods (such as phone, fax, or information carried on CDs) to exchange patients’ records. Information flows among disparate health care institutions can still be managed through traditional methods such as fax, paper mailing, and phone calls. However, previous studies have reported serious issues associated with nonelectronic data exchange among providers, such as the inability to provide timely access to patients’ medical records and unnecessary tests [
The health care industry is currently transitioning from the offline sharing of patient health information to web-based sharing through electronic health information exchange (HIE). HIE allows for web-based transfer of medical data and patient records among health care providers and institutions, providing access to accurate and up-to-date health information across different health care settings. This enables clinicians to make more informed and effective health care decisions, ultimately improving patient outcomes [
In many developed countries, HIE programs are key policy areas aimed at improving care coordination by facilitating the sharing of accurate and comprehensive health information across health care providers and organizations. HIE databases can be used for various purposes, such as health care decision-making and clinical research. However, despite the potential benefits of HIE, such as improved coordination, reduced costs, and enhanced patient safety, insufficient participation of clinicians in data exchange networks can lead to incomplete HIE databases and reduce the overall value of HIE. In addition, the use of HIE mechanisms presents several challenges. Privacy concerns and the risk of data breaches are 2 important barriers to electronic data sharing in the United States. These factors must be addressed to ensure that HIE programs can achieve their objectives and realize their full potential for improving health care outcomes [
In addition, efforts should be made to increase patient awareness and education regarding the benefits of participating in data-sharing programs while ensuring that their privacy and security concerns are adequately addressed [
The primary challenges in implementing HIE systems are often attributed to organizational, governance, and technical barriers. These include limited interoperability between different health care information systems, a lack of standardized protocols and procedures for data sharing, and difficulties in coordinating and managing various health care entities and stakeholders involved in the HIE network. Addressing these barriers requires careful planning, collaboration, and investment to develop robust technical infrastructure, governance models, and organizational frameworks that support effective HIE implementation and operation. In addition, the ongoing evaluation and monitoring of HIE systems can help identify and address any ongoing barriers or challenges [
Furthermore, inadequate collaboration from EHR vendors, limited interorganizational partnerships with other health care entities, apprehensions about patient attrition due to HIE participation, and varying consent policies across different states are further challenges health care organizations may encounter when implementing HIE systems. The literature on HIE highlights that health care providers are worried about losing patients and their associated revenue when sharing data with competing organizations [
In the United States, financial incentives and mandates have been provided to encourage the participation of providers and clinicians in HIE projects [
In light of the literature review, the main issues with current exchange mechanisms can be categorized into 4 groups. The first challenge is that mainstream sharing models are mainly centralized and controlled by a health care organization, and they define a minor role for patients in the sharing process [
Previous studies suggested blockchain as an alternative to mainstream HIE systems [
One practical use of blockchain is to share health information [
Therefore, decentralized platforms that use encrypted databases are an effective alternative that enables independent stakeholders to supervise data contributions and access [
In the context of health care, there are 2 main types of blockchain networks: permissioned and federated [
Permissioned blockchain: a permissioned blockchain is a closed network in which access is restricted to a defined group of participants [
Federated blockchain: a federated blockchain is a network where multiple independent organizations come together to participate in a shared blockchain [
The key difference between permissioned and federated blockchains is the level of control over those who can participate in the network. In a permissioned blockchain, access is tightly controlled and only authorized users can participate. In a federated blockchain, there is more flexibility in terms of who can participate; however, the network is still designed to maintain some level of control over the participants to ensure security and data privacy. Both types of blockchains have their own advantages and disadvantages, and the choice of which one to use depends on the specific needs of the health care organization and the use case at hand. For example, a health care organization that is primarily concerned with data privacy and security may choose a permissioned blockchain, whereas an organization that wants to enable information sharing between multiple entities may opt for a federated blockchain.
Several private companies have already offered blockchain-based data-sharing platforms [
Blockchain-HIEs can use smart contracts, programmable computer protocols that verify and execute terms based on predetermined factors. A smart contract is a self-executing contract, with the terms of agreement between the buyer and seller being directly written into lines of code. The code and agreements contained therein exist on a blockchain network, and the contract is automatically executed when certain conditions are met [
In an HIE setting, smart contracts can be used to automate the sharing and exchange of health data between different entities in the health care ecosystem, such as hospitals, clinics, insurers, and patients. Some examples of how smart contracts can be applied in HIE settings are as follows:
Access control: smart contracts can be used to control those who have access to patient health data and under what conditions. For example, a smart contract could be programmed to only allow a patient’s primary care physician to access their medical records or only a researcher to access anonymized data for a specific research study.
Consent management: smart contracts can be used to manage patient consent for sharing and using their health data. For example, a smart contract could be programmed to automatically grant or revoke consent based on certain conditions, such as the completion of a clinical trial or expiration of a consent period.
Payment management: smart contracts can be used to automate the payment and reimbursement processes for health care services. For example, a smart contract can be programmed to automatically process insurance claims and reimburse health care providers, based on predefined rules and conditions.
Compliance monitoring: smart contracts can be used to monitor and enforce compliance with health care regulations and standards. For example, a smart contract could be programmed to automatically verify that a health care provider has met certain quality standards or that a patient’s health data has been handled in compliance with HIPAA regulations [
By using smart contracts in an HIE setting, it is possible to streamline and automate many of the processes involved in exchanging and using health data, while also improving data privacy, security, and transparency. Smart contracts can also reduce the administrative burden on health care providers and increase trust among patients and other stakeholders in the health care ecosystem.
In addition to mainstream information-sharing mechanisms, this study also suggests a new approach to HIE efforts. We believe that this new system can leverage the application of nonfungible tokens (NFTs) in HIE networks. Because the concept of NFT is still novel, some basic information is required before NFT-enabled HIE is explained. NFT is generally a new method of digital authentication, as this protocol can be the process or action of proving or showing something genuine or valid. So far, the primary use cases of NFT are in sports moments, collectibles, video games, digital art, music, virtual worlds, fashion, trading cards, and domain names [
When an artwork becomes an NFT, individuals are likely to acquire it because they want to claim ownership of a rare and unique piece of the original art. NFT protocols can also protect artists by enabling one-on-one relationships between them and fans. NFT can help artists sell their products (eg, music and painting) directly to buyers without the involvement of a middleman such as a record label company. There are several reasons why people are eager to accept NFTs instead of copying and pasting artwork. Previous studies have highlighted several reasons why people enjoy purchasing and collecting NFTs [
Speculation plays a major role in the financial aspect of NFTs. NFTs are unique digital assets that can represent the ownership of a particular item or piece of information, and the perceived rarity and demand of an asset often determine its value. As a result, NFTs have become popular assets for investors and collectors, leading to a surge in speculative buying and selling [
NFTs are a type of digital asset stored on a blockchain, such as Ethereum. NFTs are unique, meaning that each NFT has a distinct value and cannot be replicated or duplicated. However, it is important to note that NFTs themselves do not contain the data in question but rather a very small collection of metadata that provide information about the asset [
Copyright issues can arise with NFTs because they provide a way to monetize digital assets that may not have been possible previously. This has led to some controversy regarding NFTs and their impact on the art world and other creative industries. One issue is that NFTs do not necessarily confer ownership of the underlying asset but rather a unique identifier that is linked to the asset [
This section describes the potential application of NFTs to create digital proof of ownership in HIE. NFTs are recognized as a new way of creating value in various industries; however, they are still in their infancy and are challenged by speculation and inadequate regulations [
This section explains the type of blockchain that would be the best network for the proposed NFT-based HIE. Permission-less blockchains are open and decentralized. As no central entity can manage membership or ban illegitimate readers or writers, any individual can join and leave the network as a reader and writer at any time [
Moreover, to evaluate the best blockchain option for NFT-based HIE, we can use the following evaluation framework:
Security: the blockchain option should be secure, ensuring the privacy and confidentiality of health information.
Scalability: the blockchain option should be able to handle a large number of transactions without compromising performance.
Governance: the blockchain option should have a transparent and robust governance mechanism to ensure the integrity of the data stored on the blockchain.
Accessibility: the blockchain option should be accessible to all participants in the HIE network.
Interoperability: the blockchain option should be able to work seamlessly with other existing systems and technologies.
Permission-less blockchains (such as Bitcoin and Ethereum) have a high level of security because they use a distributed ledger system that is difficult to hack. However, they are unsuitable for HIE owing to their limited scalability and governance issues. Permission-less blockchains can handle only a limited number of transactions per second, which is insufficient for large-scale HIE networks. Permission-less blockchains are also unsuitable for handling sensitive health information because of their lack of privacy and confidentiality. In contrast, permissioned blockchains (such as Quorum and Ripple) offer better security and privacy than public blockchains and also provide a good balance between security and scalability. They are scalable and can handle a large number of transactions per second, making them suitable for HIE networks. Permissioned blockchains can provide the required level of governance for HIE networks, as they allow only authorized parties to participate in the network, maintaining the transparency and accessibility of the network. However, permissioned blockchains can be more expensive than public blockchains and may require more resources for maintenance.
On the basis of the evaluation framework, the best blockchain option for an NFT-based HIE is a permissioned blockchain owing to several factors. First, permissioned blockchains offer higher security than public blockchains, because they allow only authorized participants to join the network. This ensures that sensitive health information is protected from unauthorized access or tampering.
Second, permissioned blockchains are scalable and can handle many transactions per second, making them useful in HIE networks. This is particularly important for HIE networks because they require the ability to handle a large volume of transactions while maintaining the integrity of the data. Third, permissioned blockchains provide a transparent and robust governance mechanism that is essential for ensuring the integrity of the data stored in the blockchain. This allows for a higher level of accountability and trust among participants in the network. Fourth, permissioned blockchains offer accessibility to all participants in the HIE network, as they allow authorized users to join the network and access data. This ensures that all relevant stakeholders can access the information they need to make informed decisions. Finally, permissioned blockchains are interoperable, meaning they can work seamlessly with other existing systems and technologies. This is particularly important for HIE networks, as they must integrate various health care systems and technologies to ensure the smooth exchange of health information.
In summary, a permissioned blockchain is the best option for NFT-based HIE owing to its high level of security, scalability, governance, accessibility, and interoperability. By using a permissioned blockchain, stakeholders in the health care industry can ensure secure and efficient exchange of sensitive health information while maintaining transparency and accountability among all participants in the network.
The consensus mechanism is a critical aspect of blockchain technology because it enables all nodes in the network to agree on the state of the ledger and improve their fault tolerance [
In contrast, permissioned blockchains such as Hyperledger Fabric and Corda use PoS or other consensus mechanisms such as Practical Byzantine Fault Tolerance (PBFT) or Raft. In PoS, validators hold a stake in the network, and the probability of being chosen to verify transactions and add them to the blockchain is proportional to the size of their stake. PoS is more energy-efficient than PoW, making it a more suitable consensus mechanism for permissioned blockchains.
Furthermore, PoS consensus mechanisms are often faster and can handle more transactions per second than PoW, making them more suitable for permissioned blockchains that require a high transaction throughput. PBFT and Raft, by contrast, offer a faster consensus mechanism by allowing nodes to reach an agreement through direct communication rather than mining.
In summary, permission-less blockchains rely on PoW as their consensus mechanism, which is computationally intensive and energy-consuming. Permissioned blockchains, by contrast, use more efficient consensus mechanisms, such as PoS, PBFT, or Raft, which are faster, more energy-efficient, and more suitable for high transaction throughput. In a permissioned blockchain, the consensus mechanism is designed to be more efficient, scalable, and suitable for the specific use case of NFT-based HIE. One of the most commonly used consensus mechanisms in this permissioned blockchain could be PoS. In PoS, the validators are incentivized to behave honestly as they stand to lose their stake if they act maliciously. PoS is more energy-efficient than PoW, making it a more suitable consensus mechanism for NFT-based HIE. Because permissioned blockchains have a known set of validators, the consensus mechanism can be optimized for efficiency, throughput, and security. Another advantage of permissioned blockchains is the use of other consensus mechanisms such as PBFT or Raft. These consensus mechanisms use direct communication between nodes to reach a consensus, allowing for faster transaction times and higher transaction throughput.
In NFT-based HIE, permissioned blockchains can be designed to accommodate different types of participants, such as health care providers, insurance companies, and patients, each with their own set of permissions and access levels. This ensures that only authorized participants can access the sensitive health information stored on the blockchain. Thus, the consensus mechanism for permissioned blockchains, such as PoS, PBFT, or Raft, is designed to be more efficient, scalable, and suitable for NFT-based HIE. These consensus mechanisms provide a more energy-efficient and faster alternative to PoW and allow customized permission levels for participants in the network, ensuring that sensitive health information is accessible only to authorized parties.
NFTs enable patients to own their medical records. Thus, health care providers’ new entries (eg, test results) can be first encoded as NFTs and then added to the blockchain. Next, the ownership certification of ownership can be sent to the patient node. This authentication protocol can increase the transparency of medical data ownership and offer new ways to claim or enact ownership. All entities in the blockchain (eg, physicians and insurers) are notified of new data entry, but they cannot access, view, and share records because they do not own them. Another characteristic of NFTs is their verifiability, which is their ability to validate asset ownership. Verifiability proposes the protection of digital assets (such as PHI) against security attacks such as tampering, denial of service, spoofing, and repudiation [
In this system, patient data are represented by an NFT, which contains a small amount of metadata that describes the data and links them to the actual data stored in an external system. Thus, on-chain or off-chain modulation can be implemented. Some metadata on health data transfer (such as sender and recipient addresses and purpose of transfer) could be saved on-chain, and some sensitive data (such as medical records and care planning) could be stored in cloud servers, as cloud computing may play a role in the off-chain storage of health data. Off-chain blockchain systems imply computation or data structurally external to the blockchain network [
The NFT acts as a digital asset that the patient can own and control [
One challenge is that when a patient grants permission to a treating physician to access their data, there may be a need to re-encrypt the data for the physician. This requires a considerable amount of computational effort, bandwidth, and storage, depending on the size of the data and level of encryption used. One approach to address this challenge is to use a hybrid encryption scheme that combines symmetric and asymmetric encryption [
It should be noted that in a blockchain-based HIE system, the “patient node” refers to the part of the network that stores and manages the health data of individual patients. The assumption is not necessarily that patients themselves operate a blockchain node but rather that they have control over their own health data and can grant access to it to authorized parties. The patient node can be operated by various entities, such as health care providers, hospitals, or third-party vendors. In some cases, patients may also be able to operate their own nodes if they have the technical knowledge and resources to do so. However, even if patients do not directly operate a node, they can still benefit from the use of blockchain technology in HIE. For example, blockchain can provide patients with greater control over their health data and enable them to securely share it with health care providers and other stakeholders, as needed. Using a blockchain-based HIE system, patients can also have greater confidence that their data are being protected and used in accordance with their wishes.
In NFT-based HIE, patients can have their own nodes or wallets depending on the design of the blockchain network. However, it is important to note that the level of participation and access to the blockchain network for patients may be limited compared with other participants, such as health care providers or insurance companies. Patients can have their own nodes, which are essentially software clients that allow them to interact with a blockchain network. These nodes can be used to access their health information, verify transactions related to their health records, and grant permission to use their data in research or other applications. However, running a node requires technical expertise and resources, which may not be accessible to all patients. If patients have technical expertise and resources, running their own nodes can give them greater control over their health information and ability to participate more actively in the network. However, this option requires more technical knowledge and resources and may not be accessible to all patients.
An alternative option for patients is to use a wallet, which is a digital tool that allows them to store and manage their NFTs representing their health records. The wallet can be used to authorize access to health records and grant permission for their use in different applications. The use of a wallet is generally easier and more accessible to patients than running a node. Patient wallets are generally more accessible and user-friendly, requiring minimal technical expertise. This option provides patients with a more streamlined and convenient way to manage their health information on the blockchain network. In general, patient wallets may be a more suitable option for most patients with NFT-based HIE as they offer a balance between accessibility and control. Patients can use wallets to manage their health information and authorize access to their data, while retaining some level of control and ownership over their data.
Thus, patients can have their own nodes or wallets in NFT-based HIE, depending on various factors, such as the technical expertise of the patient, desired level of control and access to the network, and design of the blockchain network. Although running a node provides more control and access to the network, using a wallet is a more accessible option for patients who may not have technical expertise or resources to run a node. A well-designed NFT-based HIE should provide patients with a range of options for managing their health information on the blockchain network, ensuring that their data are secure, accessible, and under their control.
In a blockchain-based HIE system, the main challenge is motivating patients to share their medical records with other nodes. Blockchain technology has been suggested to eliminate the inefficiencies, costs, and risks associated with traditional data sharing in health care. Blockchain can also be used to authenticate genuine content [
The NFT assigned to a patient’s PHI is often shared with other physicians for health care reasons such as receiving professional advice, diagnosis, prescription, treatment options, and care planning. In this case, blockchain-based HIE can reward data owners (patients) using recognition points. Thus, blockchain technology can support building incentives for data owners to share their data in exchange for credits encoded in smart contracts [
In the second case, disease foundations and academic institutions may ask data owners (patients) to share the NFT assigned to their PHI for clinical research purposes. Blockchain-based HIE can incentivize patients with digital tokens to encourage them to assist in health discoveries and help drive medical innovation for the greater good of humanity. NFTs enable patients to receive royalties each time their PHI is transferred to a new research project. Thus, terms and conditions defined in smart contacts can calculate incentives and electronically reward data owners with cryptocurrencies to share the NFT of medical data for medical searches. For example, owners of NFTs who share their medical records, lifestyle data, and other health information with scientists through a secure platform are not the subjects of research, but are partners in discovering new treatments. In return, patients who share NFTs assigned to health data will receive coins, which can be exchanged with other cryptocurrencies (such as Bitcoin and Ethereum). As patients share NFTs in the network and the value of NFTs varies, incentives can be calculated based on a mix of recency, variety, and volume of medical data, as well as the frequency of sharing. One copy of NFTs exists in this decentralized platform, and patients can control their inclusion in the network and release their consent to how it is used in research. All health data are deidentified, accumulated, encrypted, and stored in the permissioned blockchain. If patients no longer want to contribute to health research, they can revoke permission and remove their NFT assigned to health data from the platform.
Incentivizing users to share data for financial gain in a decentralized and anonymous environment can create challenges related to data quality. When users are incentivized to share data for financial gain, there is a risk that malicious actors will fabricate data sets to take advantage of the incentives [
In addition, incentives could be designed to encourage users to share data relevant to specific research or commercial applications and discourage the sharing of data that are not relevant or of poor quality. Another approach for mitigating data quality issues in a decentralized and anonymous environment is to use data validation algorithms to detect and filter out fraudulent or low-quality data. These algorithms can be designed to analyze patterns and anomalies in data to identify potential sources of fraud or errors. Using these algorithms can reduce the risk of fraudulent data and maintain the overall quality of data sets. Overall, it is important to carefully consider the design of incentives and validation mechanisms when incentivizing users to share data in a decentralized and anonymous environment. Using a combination of trusted third-party validation and sophisticated data analysis techniques can incentivize users to share high-quality data while reducing the risk of fraudulent or low-quality data.
Ensuring safe custody of patient keys is a critical component of any blockchain-based HIE system. One approach to address this challenge is to use a key management system (KMS) designed to securely store and manage cryptographic keys, including private keys [
It is worth mentioning that there is still debate about patients always being the owners of their health data [
Another possible reason for a change in health data ownership is when a patient agrees to sell their health data to a third party, such as a pharmaceutical company or research organization. In this case, the patient transfers ownership of their health data to a third party in exchange for compensation. Any transfer of ownership of health data should be performed with informed consent from the patient and in compliance with applicable privacy laws and regulations. In addition, patients should be able to revoke their consent and regain ownership of their health data at any time. Even if we assume that patients own their health data, they can remain the owner but share more than one copy of a given health data set with health care researchers (in exchange for incentives) using the design principles of NFT. Thus, data ownership changes in the context of HIE can facilitate data sharing.
NFTs can be useful in tracking the ownership and provenance of digital health information, but they do not inherently provide privacy or secure access. In addition to ownership, access control is an essential aspect of the exchange of health information. Access control determines who has the permission to view, modify, or share health information. Although an NFT can indicate ownership of a piece of digital health information, it does not automatically provide access control. Access control mechanisms must be in place to ensure that only authorized individuals or entities can access information. Several access forms are needed in NFT-based HIE to ensure proper privacy and security of PHI. These access forms are as follows:
View access: this is the ability to view health information. View access is necessary for health care providers and patients to access their health records.
Modify access: this is the ability to modify or update health information. Access modification is necessary for health care providers to update patient records with new information, such as diagnoses, treatments, and medications.
Share access: the ability to share health information with other health care providers or entities. Share access is necessary for health care providers to share patient records with other providers involved in patient care, such as specialists or hospitals.
Revoke access: this ability to revoke access to health information. Revoke access is necessary for patients to control access to their health records and to prevent unauthorized access.
Audit access: this is the ability to audit access to health information. Audit access is necessary to track who has access to health records and monitor for unauthorized access.
These forms of access are crucial in ensuring that PHI is properly secured and only accessed by authorized individuals or entities. Although NFTs can be used to track the ownership of digital health information, access control mechanisms must be implemented to ensure the privacy and security of PHI so that only authorized individuals or entities can access it. Thus, NFT-based HIE with access control mechanisms can potentially help solve ownership issues related to health data. In traditional HIE, ownership of health data can be unclear, with different parties (such as health care providers, patients, and health systems) claiming ownership of different aspects of the data. Using NFTs to track ownership of health data can clarify who owns which pieces of data. NFTs with robust access control can be used to create a clear and transparent record of ownership, which can help prevent disputes over ownership of health data. This can potentially streamline the sharing of health information and make it easier for patients to access their own health records by ensuring the proper use and protection of PHI.
On the basis of on-chain or off-chain modulation, the data can be stored in or off the network. In the on-chain model, an NFT will only hold metadata for the health data, not the health data itself, because health information may be too big to be efficiently saved on chain or they could be very sensitive, which could raise privacy concerns. Blockchain technology, which underpins NFTs, has limitations in terms of scalability, and storing large amounts of data on a blockchain can be expensive and slow down the network. However, NFTs can still be useful for securely tracking and managing health data (such as data related to health data transfer between 2 health care organizations). In the off-chain model, an NFT can hold more sensitive data, such as the patient’s name, medical record number, date of birth, and other relevant health-related information. Thus, patient names and other identifiers are not included in the NFT core data because of privacy concerns. On the basis of this modularity, metadata can be used to link the NFT to the actual health data stored in an external system, such as a centralized database or decentralized storage network.
Therefore, the health data must be stored in an external system. For example, health data could be a centralized system, where a single entity or organization is responsible for operating the data storage, maintaining encryption, and standard techniques for securing sensitive data and bearing costs. The choice of encryption scheme would depend on the system’s specific requirements, such as the level of security required, size of the data, and system performance requirements. Some examples of encryption algorithms to secure health data stored in an external system can be advanced encryption standards, RSA encryption, elliptical curve cryptography, and blowfish [
The entity that operates the binary data storage depends on the specific implementation of the system. In a centralized system, a single entity or organization may be responsible for operating storage. By contrast, in a decentralized system, storage and cost may be distributed among multiple nodes in a blockchain network. In either case, it is essential to ensure that the entity operating the storage has proper security measures in place to prevent unauthorized access and protect data from cyber threats. Regarding the cost related to storing large binary data, the responsible party depends on the specific implementation of the system. In a centralized system, the entity operating the storage unit is typically responsible for bearing costs. In a decentralized system, the cost may be distributed among multiple nodes in the blockchain network. The nodes that store the data may be incentivized by rewards or other compensations. Ultimately, the responsible parties and the cost structure must be determined based on the specific use case and implementation.
Despite the mentioned flaws of traditional HIE systems, they have been tested and tried, and many adhere to strict regulatory requirements, which is not the case for the novel, blockchain-based HIE. Indeed, health care organizations often use different standards, making information sharing more complex [
NFTs are unique digital assets that represent ownership of a particular item or piece of information. In health care, NFTs can be used in HIE models to secure information exchange between different health care providers. The process of exchanging information using NFTs in HIE models typically involves the following steps:
Creation of NFTs: health care providers create NFTs that represent specific pieces of patient information, such as medical records, test results, or imaging studies.
Authentication of NFTs: before exchanging information, NFTs are authenticated to ensure that they represent valid and accurate information. This authentication process can include verifying the identity of the health care provider who created the NFT and checking the integrity of the data represented by the NFT.
Transfer of NFTs: once authenticated, NFTs are transferred securely between health care providers using blockchain technology. The blockchain ensures that the transfer of the NFT is immutable and tamper-proof, which helps maintain the privacy and security of patient information.
Verification of NFT ownership: when a health care provider receives an NFT, they verify the ownership of the NFT to ensure that they have the right to access the patient information represented by the NFT. This verification process involves checking the digital signature associated with the NFT or consulting a blockchain ledger to confirm ownership of the NFT.
Accessing patient information: once ownership of the NFT is verified, the health care provider can access the patient information represented by the NFT. This information can be used to inform patient care and treatment decisions.
Overall, using NFTs in HIE models can help ensure secure and efficient information exchange between health care providers, while protecting patient privacy and data security.
The NFT-based HIE mechanism consists of several key components:
Health care providers and patients: health care providers (such as doctors, hospitals, clinics, and pharmacies) create and access EHRs for their patients. Patients can also access their own EHRs and share them with health care providers.
EHRs: EHRs are electronic records that contain patient health information, including medical history, diagnoses, treatments, and medications. These records are stored in a secure and decentralized manner using the blockchain technology.
NFTs: NFTs are unique digital tokens used to represent ownership of digital assets. In the context of NFT-based HIE, NFTs are used to represent ownership of patient EHRs.
Smart contracts: smart contracts are self-executing programs that run on a blockchain. In the context of NFT-based HIE, smart contracts are used to automate the process of sharing patient EHRs. Smart contracts define the rules and conditions for sharing EHRs, and ensure that these rules are followed.
Data sharing: when a health care provider requests access to a patient’s EHR, the patient can grant permission by transferring ownership of the NFT representing their EHR to the health care provider’s wallet. The smart contract is then executed and the health care provider can access the patient’s EHR.
Audit trail: the blockchain maintains a transparent and immutable audit trail of all EHR transactions, providing a secure and reliable record of who accessed what information and when.
In the first schematic diagram (
The health care provider can then access the patient’s health records through the blockchain network using their own nodes. The insurance company can also verify transactions related to the health care claim and process the payment through its own node that is connected to the network. Thus, this network topology and mechanism enable secure and efficient health information sharing between different NFT-based HIE network participants, while ensuring data privacy, security, and ownership.
The second diagram (
Schematic diagram of relationships between entities in a nonfungible token (NFT)–based network. HIE: health information exchange.
Schematic diagram of how a nonfungible token (NFT)–based health information exchange network works.
The costs and data volumes can significantly affect the design and implementation of NFTs in blockchain-based HIE systems:
Costs: the cost of implementing NFTs in blockchain-based HIE systems can vary depending on the system’s complexity, blockchain technology used, and number of participants involved. As NFTs are unique digital assets, the cost of creating and storing them can be high, particularly for large volumes of data. The cost of creating and managing NFTs can also increase as the number of parties involved in the HIE system increases.
Data volumes: the amount of data being exchanged via NFTs in blockchain-based HIE systems can significantly affect system design and performance. As data volumes increase, the HIE system may need to be designed to handle increased traffic, potentially requiring additional computing power and storage capacity. In addition, as data volumes increase, the system’s security mechanisms must be scalable to ensure that the data are not compromised.
Several strategies can be used to address the challenges posed by costs and data volumes:.
Optimization of system design: system designers can optimize the design of blockchain-based HIE systems to reduce costs and improve performance. This can include designing the system to scale dynamically, using cost-efficient blockchain technologies, and minimizing the amount of data exchanged via NFTs.
Data compression and aggregation: to reduce costs associated with NFT creation and storage, data can be compressed and aggregated to reduce the size of the NFT. This can be done by extracting only essential data from patient records, which can help reduce the cost and complexity of creating and managing NFTs.
Collaborative models: by implementing a collaborative model for HIE, the cost and complexity of managing NFTs can be reduced. In a collaborative model, health care providers can share the costs associated with NFT creation and management, potentially leading to lower costs for all the parties involved.
Thus, cost and data volume considerations must be carefully considered in the design and implementation of NFT-based HIE systems to ensure that the system is efficient, secure, and scalable.
As with any emerging technology, there are criticisms and concerns surrounding the use of NFTs in HIE [
Limited scope: although NFTs can potentially transform HIE by providing a secure, decentralized mechanism for exchanging health information, their scope is limited. NFTs can only be used to exchange specific pieces of information, such as medical records or test results. They cannot be used to exchange real-time data, such as patient vitals, which are critical for health care decision-making.
Lack of interoperability: one of the key challenges in HIE is interoperability—the ability of different systems to exchange and use information. Although NFTs can provide a secure mechanism for exchanging information, they may not be interoperable with existing HIE systems. This can limit its usefulness and adoption.
Regulatory challenges: the use of NFTs in HIE raises regulatory challenges, including issues related to data privacy, security, and ownership [
Technical challenges: the technical challenges associated with designing and implementing NFT-based HIE systems can be noteworthy. These challenges include ensuring the scalability and performance of the system, managing the costs associated with NFT creation and management, and ensuring the security of the patient data.
Thus, although NFTs can potentially transform HIE, some challenges and limitations need to be addressed. To effectively integrate NFTs into HIE, careful consideration must be given to these challenges and potential solutions must be explored.
The concept of NFTs is suggested to address a long-standing problem related to the proof of ownership for PHI by offering a mechanism to validate who could own the medical data in the HIE networks. However, our study is among the first attempts to highlight this opportunity, and it is far from achieving this goal, with several questions remaining regarding the legal, financial, and user aspects. The first challenge regarding the application of NFTs in HIE projects can be viewed from the perspective of regulatory considerations. Topics related to NFTs are still novel; thus, a lack of regulation may facilitate fraudulent activities and increase uncertainty regarding the use of NFTs in health care. As the NFT sector is currently prone to fraud, such as phishing activity in the digital asset domain, new dedicated regulations are required to distinguish the application of NFTs in health care. For example, a new amendment to HIPAA is required to articulate how a blockchain-based HIE in which NFT protocols are embedded can be used nationwide.
Moreover, in the United States, different states have diverse rules and regulations regarding the ownership of medical data (ranging from no clear laws to stringent regulatory frameworks). Because of various regulatory strictness, some states will likely create favorable environments that try to adopt applications of NFTs in HIE networks; other states might ban the use of NFTs outright. It would be an interesting research area for future studies to shed more light on the concept of NFTs (especially in health care) from a regulatory perspective.
The second challenge is the cost of creating NFTs. A possible barrier is the additional cost of minting NFTs. In this case, how would this impact cost and convenience, and who will bear the cost of creating and minting associated NFTs? For instance, do care providers and patients jointly contribute to creating patients’ medical records, or is this responsibility for health care organizations? These questions can explain the complexity of adding NFTs to the blockchain HIE and the incremental benefit of this change. Thus, there is a lack of clarity on whether expanding NFTs’ functions in health care is a financially feasible project. Minting NFTs assigned to PHI on a permissioned blockchain requires a robust technological infrastructure with stringent security safeguards. Therefore, further research is required to examine the phenomenon of NFTs and their application in HIE from a financial perspective.
Third, NFTs in health care could be promising; however, their implementation remains challenging. Different stakeholders in the health care ecosystem and layers in the NFT-based HIEs architecture require robust protocols for stakeholder collaboration and interaction. For example, most patient visits are attributed to older patients (older than 50 years of age), who may not be technology proficient, may require extensive training to understand the technology, and may need to provide access to providers for their medical records. What would happen if certain medical records (older or generated through nonparticipating providers) cannot be converted to NFTs? What will happen if a patient is incapacitated (or not in the correct mental state) and cannot grant access to medical records for urgently needed care?
The fourth challenge refers to user perception, as little is known about whether potential users of information-sharing projects in health care will accept NFT-based HIE. As the NFT concept is still new and there is a lack of public awareness about this phenomenon, many questions remain unanswered regarding the perceived viability, utility, and value of NFTs. Thus, further studies are needed to investigate how users (such as physicians and patients) may adapt to NFT technology in health care settings. For instance, researchers can examine the value of NFT-based HIE from user perspectives, such as ease of use, usefulness, cost-effectiveness, error reduction, and productivity.
As the use of NFTs in blockchain-based HIE systems continues to evolve, further research is needed on the design and implementation of these systems. This research could entail the following areas:
Technical design considerations: there is a need for further research into the technical design considerations of integrating NFTs into blockchain-based HIE systems. This could include exploring optimal blockchain technology for HIE, designing smart contracts that govern NFT exchange and storage, and developing efficient authentication mechanisms.
Regulatory and legal considerations: there is a need for further research into the regulatory and legal considerations of NFTs in health care. This could include exploring the legal implications of exchanging health care information via NFTs, the potential impact on patient privacy, and the role of regulatory bodies in overseeing the use of NFTs in health care.
User acceptance and adoption: further research is needed to understand user acceptance and adoption of NFTs in health care. This could involve assessing the usability of NFT-based HIE systems, identifying barriers to adoption, and understanding the perspectives of health care providers and patients.
Data security and privacy: there is a need for further research into the data security and privacy implications of using NFTs in health care. This could involve exploring the potential vulnerabilities of NFT-based HIE systems, designing robust security mechanisms, and identifying potential threats to patient-data privacy.
Overall, future studies should provide insights into the design and implementation of NFT-based HIE systems that are secure, efficient, and user-friendly while also addressing regulatory and legal challenges and protecting patient data privacy.
Comparison between different information-sharing initiatives in health care.
Information-sharing initiatives | Type of technology | Example of sharing mechanisms | Challenges | Changes required |
Traditional models | Conventional models (paper-based or voice-based) | Fax, mail, CD, and phone calls |
The inability to provide timely access to patients’ medical records Performing unnecessary and repetitive medical tests Cannot integrate patient data into a central hub Chance of losing data Inconvenient for patients to carry nonelectronic records Space and costs of storing files Security and privacy risks Additional workload for physicians |
Digitalization of medical records Developing a central database to store patient data Facilitating interoperability across multiple health care entities Standards of data storage and transfer should be determined |
HIEa networks | Centralized platforms (databases + emails + patient portals) | Direct exchange, look-up, and patient-centered |
Implementation issues (organizational, financial, and governance barriers) Lack of certified EHRsb Interorganizational partnerships with unaffiliated health care organizations Trust-based networks Privacy concerns and risks of a data breach Various patient consent policies Lack of transparency on sharing procedures |
Developing decentralized networks so that multiple stakeholders can overlook data sharing More transparency in sharing patient data The threat of a single point of failure should be solved More stringent security measures should be applied Data ownership should be clear Better mechanisms for authentication and granting permission to access data should be used |
Blockchain-based HIE | Decentralized platforms | Permissioned blockchain, federated blockchain, and smart contracts |
Lack of awareness about blockchain applications in health care Lack of regulations and guidelines Little is known about the perceptions of potential users Lack of incentives for sharing medical records |
More organizational training and marketing strategies to promote blockchain applications in health care Need for federal and state-based regulations dedicated to the use of blockchain in health care projects Incentive mechanisms are required to encourage information sharing Patient medical data can be treated as a nonfungible asset |
NFTc-based HIE | Decentralized platforms | Permissioned blockchain, federated blockchain, smart contracts, and NFTs |
NFT technology is still novel Lack of dedicated regulations for NFTs Lack of research on the feasibility of NFT-based HIE Market traction |
More research is required on the practicality, viability, value, and utility of using NFT technology in health care Types of incentives should be studied New amendments, compliance, and dedicated regulatory framework for NFTs Implementation barriers to minting NFT in health care and required protocols for interactions with stakeholders should be addressed |
aHIE: health information exchange.
bEHR: electronic health record.
cNFT: nonfungible token.
This study sheds light on the characteristics of emerging technologies that support health information–sharing efforts. Rapid technological advancements are accompanied by higher security risks, such as authenticity. We evaluated the potential of NFTs as a novel technology that can be leveraged in new use cases such as health care to mainly solve ownership and authenticity problems. The use of NFTs in HIE systems has the potential to revolutionize the health care industry by enabling the secure and efficient sharing of patient health information. NFT-based HIE may perform existing information exchange functions differently. The benefits of using NFTs include enhanced data security and privacy, improved interoperability, and streamlined data exchanges. We believe NFT technology can be a good fit for HIE networks because, first, NFTs are noninterchangeable. Each NFT is linked to a digital PHI that specifies the medical record’s values, ownership, and sharing rights. Second, NFTs are immutable; thus, they cannot be altered, manipulated, or forged in the information-sharing process. Third, every NFT needs to have an owner, and this is a public record that is easy for anyone to verify. In the proposed NFT-based HIE, patients are the original owners of their PHI, and other entities (such as providers) may be granted the right to check, analyze, and share such medical records based on the terms and conditions defined in a smart contract. NFTs can provide secure records of ownership and authentication in HIE networks. However, several challenges must be addressed before the widespread adoption of NFTs in HIE systems. In addition to the distinguishing features of NFTs, this technology presently faces a lack of dedicated NFT regulation due to its novelty and weakly enforced markets. For example, developing a regulatory framework to control NFT activities could help reduce the high degree of uncertainty in NFTs by forcing creators to obey specific guidelines. The level of regulatory clarity regarding NFTs can encourage more entrepreneurs to invest in different use cases (such as in health care). These challenges include the need for technical standards and infrastructure, legal and regulatory issues, and concerns regarding scalability and sustainability. Overall, although challenges need to be addressed, the benefits of using NFTs in HIE systems outweigh their drawbacks and offer promising opportunities for improving health care outcomes. Further research and development are necessary to address these challenges and fully realize the potential of NFTs in HIE systems. This study suggests that adding NFTs to HIE frameworks could be promising; however, further research is required to validate the value of this change.
electronic health record
health information exchange
Health Insurance Portability and Accountability Act
key management system
nonfungible token
Practical Byzantine Fault Tolerance
personal health information
Proof of Stake
Proof of Work
All the data analyzed in this study are included in this published article.
None declared.