Chakib Jaber
Chief Technology Officer

Michael Peterson
Director Research & Innovation


The Health IT industry continues to evolve.  Information sharing has played a major role in helping improve the quality of care along with focuses on preventive care and population health. Blockchain technologies have the potential to play a role in supporting Health IT beyond electronic health records management. In this article, we continue to explore blockchain technology and how it can be used in support of health professionals’ credentials. Credentialing is the  process used to ensure that healthcare professionals have the right degrees, certifications and training needed to practice in a given state or hospital.

We had a discussion with one of our customers, who is an MD and lead technologist at DHA, on how blockchain can be leveraged to serve the medical community beyond the patient health record. During this discussion, the topic of credentialing doctors, nurses and other health professionals came up. After speaking with other doctors, in both the DHA and the commercial healthcare industry, they expressed the challenges they face in tracking and maintaining credentialing records. The lead times, planning and tracking that is needed when getting your credentials can take a large amount of time and effort, especially if you need to move between states.

As part of the business case development, we looked at the current process a provider, who is currently practicing in another state, must go through when looking to relocate to Virginia. The online PDF instructions for the Application to Practice Medicine in Virginia provides healthcare professionals with the steps they need to follow to be licensed to practice medicine in the state of Virginia.

Given the current timelines, a provider that is looking to practice medicine in Virginia should expect the process to take at a minimum three to four months and will need to plan accordingly. A provider who needs to support patients in multiple states will have to follow a similar process in each state they wish to practice in. One of the challenges that state accreditation boards face is that a wide range of documentation is needed from multiple sources to determine whether to issue a license.  The boards have no control over many of entities they depend upon.  It is the applicant’s responsibility to ensure that outside entities send the necessary documentation to the state accreditation board.

A summary of the documents that are needed from different entities are shown below:

  • Examination Scores - If you took all three steps of the USMLE examination or the FLEX examination, contact the Federation of State Medical Boards (FSMB)
  • Transcripts – Official medical school transcripts must be received by the Virginia Board of Medicine. Medical school transcripts must be official and bear the school seal. Transcripts will only be accepted if they come directly from the medical school to the Board or if sent to the Board by the applicant in the same unopened envelope in which they were received.
  • Employment Activity (Form B) Questionnaire - List all activities from the date of graduation from medical school including but not limited to internships, residencies, fellowships, employment, affiliations, private practice, periods of non-activity or unemployment.  Form B’s sent to the Virginia Board of Medicine by the applicant will not be accepted. A completed Form B Activity Questionnaire or a letter of recommendation must be received from all locations of service, places of practice or professional employment, observerships, professional research positions or professional volunteer service listed for the 2 years immediately preceding application. Internships, residencies and fellowships must have a Form B if the training was completed within the last 2 years. If the post-graduate training was completed less than 2 years ago or you are still in a residency or fellowship program, a Form B must be received and it must be signed by the program director.
  • Other state Licenses - Verification of medical licenses from all jurisdictions within the United States, its territories and possessions or Canada in which you have been issued a full license must be received by the Board. The applicant must contact the applicable jurisdiction where they have been issued a license to practice medicine to inquire about having documentation forwarded to the Virginia Board of Medicine.

Business Case Summary: How can we avoid the administrative burden and reduce the inefficiencies of today’s credentialing and verification process for healthcare professionals?

Building a Healthcare Professional Credentialing Blockchain

In looking at the business case, blockchain can be used for a more secure, reliable and faster credentialing process.  Blockchain can support programs across states.  It can also reduce the associated cost and improve efficiency for all parties involved.  This can be achieved by implementing the following:

  • Healthcare Professional Credentialing Asset Ledger:  We could have a common ledger with a secure access mechanism that could be restricted to the various entities in the accreditation process. It would establish a single source of truth across the accreditation network.
  • Replacement of Snail Mail: Today we have a reliance on copies of documents sent back and forth through certified mail. Every time the information is needed, the healthcare professionals have to re-request the information and go through the process again.
  • Verification of Data and Reduction of Fraud: Blockchain offers the security and flexibility of permissioned and secure chains. This allows for tracking and tracing. It also provides assurance of originality and supports governance and legal compliance when needed.
  • Historical Data Spanning the Career of a Healthcare Professional: Once a transaction is in the chain and its origin is certified and secured, the data is permanent and does not need to be requested time and time again.  For example, when a residency is completed, a record can be added to the chain with the right signing authority at that time and will be there for the career of the professional.
  • Public Key Cryptography: Techniques and mechanisms are available to support signed blocks that can control both access to the chain and can encrypt the data within the blocks.  

Technical Blockchain Approach: Leveraging Hyperledger

When addressing the technical approach of leveraging blockchain, we first decided on a platform and toolset:

Core Infrastructure:

  • Cloud-based – We developed our solution in our AWS based innovation lab.
  • BaaS – We deployed blockchain as a service.  This allows us to easily support the instantiation of multiple chains.  For our BaaS platform, we leveraged Hyperledger Cello.
  • Permissioned blockchain with controlled membership capabilities -We leveraged Hyperledger Fabric instances deployed via Hyperledger Cello. Hyperledger Fabric allows components, such as various consensus algorithms and membership services, to be plug-and-play.

Additional Tools Leveraged:

  • Hyperledger Composer – Hyperledger Composer is a collaboration tool for building blockchain business networks.  It accelerates the development of smart contracts and their deployment across a distributed ledger.
  • Hyperledger Explorer – Hyperledger Explorer can view, invoke and query blocks, transactions and associated data, network information, chain codes and transaction families stored in the ledger.

Prototype Planning and Development

Defining the Business Network

Based on our business case, we developed a permissioned blockchain approach and flow as shown in Figure 1. To summarize the process, a healthcare professional issues a request for documents throughout their career development. As the documents are written to the chain, the data remains in the ledger and can be shared in a secure manner.

The next step was to develop the business model utilizing the tools available from Hyperledger.  For the business modeling, we leveraged Hyperledger Composer. A key concept in Hyperledger Composer is the business network definition. It defines the data models, transaction logic and access control rules for your blockchain solution. For traditional business analysts, architects and developers, this leverages a very similar approach to what is leveraged when establishing use cases and developing the associated UML models. As part of the development of this demo, the first step that our team took was to start brainstorming and developing high-level use cases and transaction diagrams. Once those were developed, it was easily mapped to the Composer business network definition. In defining the business network, we focused on modeling assets, participants and transactions.  We then defined the security and access controls for those models.

Participants: Similar to actors in use case development, the participants for our model included: provider, volunteer organization, exam centers, medical schools, training schools, employer, certification agencies and state boards.  

Figure 2: Hyperledger Composer: Sample Participant Definition

Assets: Assets are documents and artifacts that are shared among the participants. In looking at the modeling of assets, questions arose amongst our team members regarding the storage of documents in the chain and techniques for sharing them among the participants.  It is important to understand that blockchain is a distributed ledger technology and is not ideal as a document management system. There are mechanisms and approaches that can be tailored in support of document sharing, but larger block sizes can have a negative impact on performance.  The key to defining and modeling the network was to define the fields and information needed for the assets in digital format. In our example some of the assets modeled included: a volunteer recommendation letter, MCAT scores, degrees, employer reviews (Form B) and state licenses.  Figure 2 provides an example of how we modeled the MCAT scores in Composer as an asset.

Figure 3: Hyperledger Composer: Asset Definition for MCAT Scores

Transactions: When establishing the transactions, we defined the ones that were needed as well as the events that are handled within the business network. Figure 4 provides a sample transaction that was defined as part of our business network. This prototype included transactions that the different participants leveraged as part of the overall business processes.

Figure 4: Hyperledger Composer: Transaction and Event Definition

Access Control:  Access control and authorization are supported through Composer by defining the permissions attributed to the participants of the blockchain. Hyperledger Composer allows you to control which resources or assets a participant is authorized to perform in a business network. Figure 5 provides a sample Access control definition.

Figure 5: Hyperledger Composer: Access Control Definition

Developing the Business and Transaction Logic

A Hyperledger Composer Business Network Definition is composed of a set of model files and associated scripts. The scripts contain transaction processing functions that implement the transactions defined in the Business Network Definition’s modelling files.  As part of our efforts, we developed a number of JavaScript libraries that integrate with and leverage the Composer APIs.  The Composer APIs allow for the development of and integration with the chain. Composer provides JavaScript APIs to query, create, update and delete resources and submit transactions from client applications.  The APIs also have the ability to perform chain-side validation and additional business logic when transactions are submitted.

Figure 6: Hyperledger Composer: Transaction and Event Definition

Integration with Enterprise Systems  

With Composer’s ability to quickly establish a RESTful service layer and query the data in the blockchain for advanced analytics and reporting, Hyperledger Fabric based blockchains can be easily integrated into an enterprise’s IT ecosystem. The RESTful services enable quick integration and data access in existing SOA-based environments. Figure 6 shows the swagger API documentation that was generated from our blockchain business network definition.

Figure 7: Hyperledger Composer: Swagger Rest API Documentation

As part of the prototype development, we highlighted the ease of integration and deployment of a blockchain within an enterprise organization’s existing technology stack . We were able to showcase how easily BaaS can be leveraged and integrated into our DoD grade services and security layers. Once we had integrated the blockchain service layer into our gateway, we had the capability to develop a wide range of user interface options that leverage the chains.  They include mobile apps, progressive web apps (PWAs), web-based apps and legacy system integration options.

Figure 8: Integration of Hyperledger technology into existing technology stack


Blockchain technology continues to evolve. We believe our investment in Hyperledger technologies is providing a roadmap that can provide secure, robust, enterprise-grade blockchain solutions.  These solutions will reduce costs, increase transparency, improve business processes and information sharing across divisions, agencies and organizations.

For teams looking into implementing blockchain technology-based solutions, we strongly advise that you take the same approach in terms of project management and development that you would follow to define and develop an enterprise system.  A key factor that will determine the success of the overall effort is the initial baseline definition and modeling of the business network. This coupled with a strong development process, such as leveraging CMMI Level III processes, can help deliver valuable solutions to an enterprise. By leveraging Hyperledger frameworks and tools, the solution development can be easily integrated into existing agile approaches.

As we continue to look at blockchain based solutions, we do see certain applications that are a good fit for the technology.  In our next blockchain article, we will explore leveraging blockchain in referral management solutions and techniques for ensuring the solutions support DoD security mechanisms.  They include DIACAP, RMF and FedRAMP certifications.