Weighing the Risks and Benefits of Blockchain in the Pharmaceutical Supply Chain

July 24, 2019

By Dan Brettler, Managing Director, Life Science and Technology Co-Practice Leader

Blockchain has the potential to revolutionize supply chain management in businesses around the globe. The life science industry is no exception considering the need for accurate, protected and transparent information that is critical to every stage of the supply chain from a clinical trial through a drug’s delivery to a patient. But with any broad introduction of a new technology or process come inherent liabilities and cause for concern, particularly where valuable intellectual property and patients’ personally identifiable information are at stake.

While the potential benefits of blockchain are limitless, innovating companies must understand that implementing this new technology also brings new areas of vulnerability. This technology is making massive strides in protecting sensitive data, but information security is still a major concern. The consequences of a breakdown or breach could result in massive financial and reputational damage if information and sensitive data is altered or lost. As adoption grows, the new risks that come with it can be addressed with insurance coverage and risk management.

Before exploring these dynamics and how they may play out in the life science industry, it is helpful to first understand exactly what blockchain is and how it can be leveraged.

A distributed ledger

Blockchain, also known as distributed ledger technology (DLT), has many applications and can be used for any exchange, agreement, contract, tracking and, of course, payment. Blockchain enables proof of ownership and the transfer of ownership from one entity to another without using a bank. It works by recording transactions on a block and across multiple copies of the ledger that are then shared and distributed over many computers. It is therefore both highly transparent and secure since every block links to the one before it and after it. The value that is transferred can move through an extended supply chain while ensuring that what occurs at each point in the chain is chronologically recorded.

Unlike other ledgers, blockchain lacks a central authority and is extremely efficient and scalable. Entries are stored within a chain of blocks. At every stage, the participants to the network must agree on the latest sequential block of transactions. This happens based on majority consensus which eliminates the risk of duplicate entries. While it is unclear exactly who invented blockchain, it is widely believed that a person, or group of people, operating under the name Satoshi Nakamoto is responsible for the technology’s creation in 2008. As Satoshi Nakamoto put it, blockchain is a “peer-to-peer network using proof-of-work to record a public history of transactions.”[1] Thus, it cannot be altered once it is kicked off, assuring an accurate and transparent record which acts to help prevent fraudulent transactions.

Benefits to supply chain management

Blockchain is a potentially disruptive process that corporations can use “combined with artificial intelligence (AI) and the internet of things (IoT) according to some advocates[2]” to revolutionize supply chain management.

The life science industry’s current supply chain is somewhat complex and has limited transparency and thus is well positioned to potentially benefit from this technology. Blockchain can add transparency and efficiency to supply chains and has potential applications in warehousing, delivery, payment and everything in between. Blockchain gives users access to real-time, trusted data, and therefore more secure transactions. It can even protect against theft and reduce opportunities for fraud or counterfeit products.

Blockchain also has endless possibilities in the life science industry in pharmacovigilance, industry analytics and compliance, management of patients’ personally identifiable information and trial data. It is equally useful for both retail and wholesale transactions on virtual and global dimensions. That said, “just under a quarter (22%) of life science companies are already using or experimenting with blockchain [technology], but industry collaboration over security and storage standards is needed,” according to a June 2017 survey by industry nonprofit, Pistoia Alliance.[3]

When it comes to blockchain in pharmaceuticals and healthcare, Pistoia Alliance noted that a significant use of the technology can be applied in support of the supply chain by ensuring an auditable trail to safeguard drug provenance. The report noted that “more than two thirds (68%) of pharmaceutical and life science leaders believe blockchain will have the greatest impact in this area.[4]

According to the Alliance, other uses include using blockchain to store medical records, where 60% of respondents believe blockchain will have the greatest impact.[5] Another area where blockchain offers a competitive advantage is in the development and handling of genomic data. The Pistoia Alliance believes that “genomic data could be stored in ‘blocks’ on a blockchain, but standards for how it is stored and then shared securely will be essential” to an area where the Pistoia Alliance “sees great opportunity for collaboration.[6]

In short, for life science companies, using blockchain technology can minimize security breaches, reduce human error, act as a brake on clinical trial fraud, improve collection of data and subsequent transparency between sponsors and regulators and simplify or reduce the cost of doing business.

Cybersecurity advantages for the supply chain

Blockchain creates a tamper-resistant, cryptographically secure online ledger that can be used to verify transactions securely and directly on a peer-to-peer and decentralized basis without involving a bank or financial institution. In other words, since blockchain doesn’t have a centralized server location, it reduces the chances of malicious cyber-attacks. In addition, blockchain lets companies securely transmit documents to other organizations with approvals in place to help speed up the transaction and reduce errors. Because changes to blockchain are displayed in real time and no central user controls the record, blockchain is said to be much less susceptible to hacking than a traditional database transaction. An unauthorized change would require access to a specific block of data and all preceding and ensuing blocks in the blockchain across every ledger in the network simultaneously.

While blockchain technology may offer unparalleled security, it isn’t infallible as Bitcoin exchange Mt Gox found out in 2013 when a technical glitch resulting from the use of different versions of Bitcoin software caused Bitcoin to temporarily lose a quarter of its market value.[7] In 2015, Interpol identified an opening in blockchain used for cryptocurrencies that could be exploited to transfer malware to computers.[8] Even Blockchain has vulnerabilities and is only as secure as its entry points. Such access points may be vulnerable to attack which can undermine its security features.

Industry application and inherent risks

The practical applications of blockchain are attracting interest of a wide variety of companies across the industry spectrum, according to Keith Gregg, MBA, CLP and Ed McKenna, PhD, the Principal Partners of JRG Ventures, who have decades of experience helping life science and healthcare companies navigate new trends and technological developments. They have observed that while there is an increasing level of interest in the potential to integrate blockchain into life science supply chains, industry players are educating themselves rapidly and carefully weighing the pros and cons of introducing this relatively new technology into their highly sensitive and regulated processes which are, by definition, existential to their companies.

Although encouraged by the massive potential operational and financial benefits of a successful adoption, decision makers at pharmaceutical companies are being held back from quickly adopting blockchain by two key factors:

  1. Significant upfront costs: Implementing blockchain requires a large investment of time, resources and financial cost to get up and running. Pharmaceutical companies have been managing information across the supply chain the same way for years. Any changes to this process will ultimately disrupt existing processes, at least in the short term. Implementing blockchain will also require a meaningful upfront financial investment. Justifying this initial financial investment may present challenges considering most of the largest pharmaceutical companies leading the industry push toward blockchain are managed and evaluated on a short-term basis.
  2. Risk aversion: Blockchain will have massive implications on how information is managed across the pharmaceutical supply chain. Considering the sensitivity of this information as well as the potential fallout from order information being lost or compromised, some pharmaceutical companies are taking a wait and see approach to how the implementation of this new technology will play out.

As Gregg said, “no one just jumps in, but the promise of a better audit trail is very appealing to risk-averse industries like life sciences, medical devices and healthcare.”

In terms of uses, both Gregg and McKenna agreed that blockchain will have wide-ranging applications across the pharmaceutical supply chain. But each area carries its own unique risks and liabilities. For instance, Gregg and McKenna said drug track and trace capabilities are one area that can simplify processes and reduce costs in the early stages of a drug’s development. Drug wholesalers looking to reduce counterfeiting through serialization could also leverage blockchain, which could track and trace the passage of prescription drugs through the entire supply chain. But leveraging blockchain in these ways may open up firms’ intellectual property to risk of data breach if it is not adequately protected.

Blockchain could also impact a new form of “decentralized” clinical trial[9] that is rising in popularity. These decentralized trials are typically conducted without the use of a central site. Participants administer their own treatments from home, use wearable devices for monitoring the effects, and upload their own data to the cloud for researchers to analyze. Clearly, a distributed ledger that tracks and dates all information while logging any changes has the potential to simplify the process of organizing this data. However, this process opens up new entryways for cybercriminals to gain access to networks. If compromised, sensitive patient health records and sponsor intellectual property would be at risk.

Ultimately, blockchain adoption will vary by user, even in the same industry space. According to Gregg and McKenna, traditional risks and new risks will continually evolve as adoption grows. It is paramount that insurance and risk management be effectively coupled with comprehensive cyber protections to assure the security of the firm and its resources.

Insurance to transfer blockchain risks in the supply chain

It is important for life sciences companies to consider which risks they will transfer with insurance coverage and which risks they will retain and address with risk management practices and solutions. The first step in this process is a close look at insurance coverage options available in the market and how they will respond to exposures involving or created by blockchain technology.

It goes without saying that cyber coverage requires careful review. Likewise, other first and third-party exposures may manifest themselves as blockchain becomes more prevalent on commercial transactions and across the supply chain. Property damage, business income or transit losses, general liability, errors and omissions, malpractice, auto, crime and directors and officer’s coverage may all be impacted following manipulation or failure of a distributed ledger. For example:

  • General liability includes injuries to third parties at a company’s premises, personal or advertising injury or products and completed operations claims involving bodily injury or third-party property damage. Particularly in the case of patient visits or protection of personally-identifiable information or protected health information, it is important to assure that the policy does not limit or exclude injuries arising from blockchain transactions since cyber policies may not respond to such injuries or damage.
  • Property damage, business income or transit losses should be carefully considered. Property and business income insurance addresses first-party damages and ensuing business interruption. Transit losses involve theft or property damage during transit between business locations. In each case, reliance on blockchain may influence not only security controls but mechanical vulnerabilities, adequacy of inventory/supply and human factors on the manufacturing floor, in the warehouse and/or during transit. Since the coverage is based on physical damage resulting from a covered accident, a careful look at coverage and exclusions is a must.
  • Cyber insurance policies may be both first- and third-party covers. Many policies include data breach coverage that addresses the cost to respond to the event. System interruption, cyber extortion, data corruptions or lost digital assets may be other relevant coverage features.
  • Commercial crime insurance addresses loss via computer fraud or theft. Some policies offer solutions for social engineering losses caused by employees or third parties.
  • Errors and omissions policies protect against loss resulting from services provided (or the failure to provide them) that result in financial loss to a third party. The importance of your contracts with customers and regulatory requirements that may accompany your work may not be covered without amendment. As in the case of other policies, a thorough review of coverage, exclusions, definitions and conditions is necessary to ascertain whether the scope of coverage is adequate.
  • Directors and officers insurance addresses the liability of key executives or the liability at the board level for actions that diminish the value of assets held by stake holders. Transition and reliance on blockchain technology may necessitate changes in the directors and officers policy to ensure its response.

Asking the right coverage questions

Since many insurance policies are written with differing terms, it is important to review these policies to see if they include provisions that might limit coverage. For example, will the general liability policy respond if damage arises to a tenant in a building you own or manage that is caused by exploitation of blockchain technology used in the security of the premises? Will you be protected if damage to your property or a lengthy business interruption arises from a blockchain that malfunctions at your business?

Since blockchains are peer-to-peer networks which have no central administrator, would an insurance carrier argue that the “Who’s Insured” section (of many liability, cyber, or professional liability policies) doesn’t meet the test since blockchain isn’t owned by any person or organization? Even definitions can be problematic when cyber coverage is drafted to address failure or violation of the security of a computer system, the cloud or other hosted resources operated by a third-party provider.

If you rely on a commercial crime contract, will it respond to a loss involving the theft of digital assets? While such coverage is especially germane to the use of cryptocurrency, it should be noted that there is exposure to a commercial organization favoring cryptocurrency to handle inventory or complete transactions with suppliers or customers. In addition, it may be favored as an alternative to cash accounts or other receivables. Traditional commercial crime policies may not cover cryptocurrency transactions since policies are designed to address physical property such as cash, securities or precious metals. On the other hand, cyber policies may cover both first- and third-party actions like investigations, but won’t necessarily address the face value of cryptocurrency if it is lost as a result of a criminal act.

If you are implementing or servicing a firm’s blockchain and coding errors arise, would an errors and omissions policy respond to address ensuing financial loss to others? If a regulator were to impose fines or penalties in connection with lapses in security or failure to protect personal health information or other personally identifiable information, would your errors and omissions policy be sufficient?

As noted, directors and officers coverage addresses management or board members’ exposure to liability for either involvement or lack of involvement in implementing and overseeing the use of technologies such as blockchain. Will such insurance respond if a security incident occurs that impacts the value of the firm?

Regulators on the sidelines

Regulation of blockchain has been disjointed with a number of agencies involved depending on how blockchain is utilized and whether it is viewed as property, commodity or currency such as Bitcoin. The relative newness of the technology has resulted in regulators, including the FDA, taking a wait and see approach to the technology. While FDA Commissioner Ned Sharpless has briefly spoken about some of the benefits available, there has been little in terms of formal guidance from the administration about how to leverage it safely and effectively.

That same newness of the technology may be a stumbling block for those with existing insurance policies which pre-date blockchain or weren’t drafted with an understanding of blockchain and its risks. Many questions must be tackled if the life science and healthcare industries are to benefit from blockchain, including how patient data will be handled, whether or not compliance with HIPAA regulations will be necessary and how regulators such as the FDA will view the role of blockchain in product creation and safety.

Identifying areas of risk

Blockchain technology is a revolutionary way to manage the supply chains and many other functions. However, with such opportunity and promise come exposures to physical property, business reputation and a variety of financial and nonfinancial third-party damages. How to best mitigate such risks and the potential for lawsuits, regulatory scrutiny and reputational injury is a critical component that life science companies should prioritize and address. Otherwise, your organization could be exposed to the potential for significant enforcement actions, public and social media challenges, tort and criminal lawsuits that tie up resources and even  class actions.

It is important to retain an insurance broker that knows your industry and has deep expertise on the exposures blockchain can have on your business and its supply chain. Significant relationships with specializing underwriters that have specific expertise in the application of blockchain technologies in the life science industry with a strong claims-handling pedigree may save you heart ache and protect your directors, officers and critical company assets. Since the technology is evolving rapidly it is important to stay ahead of the curve, partnering with your broker to apply contractual, insurance and other financial tools essential to the well-being of your employees and your business.

Click here for a printable download.

[1] Blockchain: Tapping Its Potential and Insuring Against its Risks, Business Law Today, L.S.Masters, S.F.Oehninger, P.M McDermott.

[2] Blockchain: Tapping Its Potential and Insuring Against it’s Risks, Business Law Today, L.S.Masters, S.F.Oehninger, P.M McDermott.

[3] Pistoia Alliance Is there a role for blockchain in healthcare? Slides from A Pistoia Alliance Debates Webinar Moderated by Nick Lynch, June 20, 2017

[4] Pistoia Alliance Is there a role for blockchain in healthcare? Slides from A Pistoia Alliance Debates Webinar Moderated by Nick Lynch, June 20, 2017

[5] Pistoia Alliance Is there a role for blockchain in healthcare? Slides from A Pistoia Alliance Debates Webinar Moderated by Nick Lynch, June 20, 2017

[6] Pistoia Alliance Is there a role for blockchain in healthcare? Slides from A Pistoia Alliance Debates Webinar Moderated by Nick Lynch, June 20, 2017

[7] The Risks and Rewards of Blockchain Technology, K Heires, March 1, 2016

[8] The Risks and Rewards of Blockchain Technology, K Heires, March 1, 2016

[9] https://www.connerstrong.com/blog/insights-detail/hidden-cyber-security-risks-in-clinical-trials/

Read More
FILED UNDER:

Life Sciences