A Self Sovereign Technology of Stack HIE of ONE
A Self Sovereign Technology of Stack HIE of ONE
Convener: Adrian Gropper
Notes-taker(s): Scott Mace
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Interesting use case: Fax consent – safe harbor for MD
Adrian: Tech stack: DID, UMA/agent, mobile, me
The difference between these layers.
DID doc: public layer.
If I want to publish an endpoint for my agent or my mobile device or UMA auth server, all those things go into public layer. The other three layers are private. It maps into Sovrin quite well. Makes into the work being done in the Decentralized Identity Foundation. They call UMA auth server a hub or an identity container. HIE of One we call it a trustee.
Q: Do they differ in any meaningful way?
It is very much under discussion. Clearly mobile is a wallet. It has the biometric in it.
Q: Sometimes the wallets are virtual. It’s where your keys are.
Adrian: This is the Sovrin blurring. I define the hub as always having an online endpoint.
Q: The hub/trustee is always on. A hospital will need to talk to the cloud agent 24/7.
Adrian: Sovrin spreads the wallet between the mobile and the hub.
Q: Let’s get a paper out on this. I’ll dig it up.
Adrian: Have we covered the standards by what we mean by the self-sovereign technology stack.
Q: PII is where?
Adrian: These three layers (not the public layer). I think this is pretty clean. If you look at the broader healthcare marketplace, a lot of people try to put private data on blockchains, on distributed ledgers. Medrec out of MIT (being revived) is a little like Sovrin. A distributed consensus, but it’s a permissioned environment.
Q: What’s their motivation for putting PII on blockchain?
Adrian: The value of your garden hose goes up by a factor of three. Less cynical way of saying it.
Q: Sequence? If you want to show you’ve got all the credentials for all the people before you walk into the operating room. Or that certain procedures were performed before other procedures were performed.
Adrian: People invent permissioned blockchains.
Wendell: The public blockchain, is there ever a notion that one of those providers could fail outright?
Adrian: Absolutely. Rebooting Web of Trust, nobody assumes any of this is going to last more than 10 years. My definition of self-sovereign is it has certain characteristics. Open source, substitutable, standards-based. There’s no walled garden. Censorship resistant.
Q: Will the blockchain itself become unavailable? The idea is you have enough stewards that the blockchain is something that can never go away.
Wendell: I gave the example of a data center of records burned up. These things happen.
Q: I just got done discarding millions of records that were over 10 years old.
Adrian: Ownership definition in healthcare. If you can delete it, you own it. Lifelong ownership is a very key issue to how we design or apply this issue. I will tell you the HIE of One approach. We basically say that the UMA authorization server, all data stays at the place where it’s created. Data stays at the point of origin. Then as a result you can have either anonymous relationships or pseudonomous relationships. Then you copy the data elsewhere if there is a trust issue.
Where HIE of One stands. Hoping to implement a couple of pilots. One is called a Homeless Health Record. Community Health Record HIE addon. People have come to us, both physician nonprofits, that HIE of One can solve. Trying to keep abreast of these standards. If any of these things [in the tech stack] are unique to us we fail.
We have 3 things we need. One of them we’ve sort of solved. We have a handle on the directory function. We have code. We don’t have a handle on a utility token to deal with the network effect required to make this sustainable. Maybe a security token. We are not cryptographers and don’t intend to be cryptographers.
Wendell: Why can’t you buy all this stuff off the shelf?
Certainly adding crypto expertise to the team is unaffordable. I have a finance problem. I have to figure out how to fund it. $150B investment has gone into blockchain business models. I’m in good company but in healthcare I need to cross that bridge. But this isn’t necessarily about my problem. I need to show joint venture to fill in the gaps. And technologically speaking, being able to do anything related to HIE of One, disintermediating data brokers, hospital based, others, particularly hospital, you have to manage all the roles hospitals are serving. Reputation is a tricky one.
Homeless Health Record is probably the simplest use case. If independent of any particular institution, nobody wants those patients, they’re expensive and won’t stay in your walled garden, you’re losing money every time you treat them. No obvious owner. It’s the camel’s nose under the tent, the academic medical centers. They’re willing to look at it in the case of the homeless population. Explicitly they asked for a way for the individual homeless person to have a health record in the cloud somewhere and for a caregiver that has a mobile device and credentials on a mobile device, could be a first responder, present those credentials to an independent health record, would see first a picture of the person. Has to be a QR code or mobile phone number that cedes this link. It is self sovereign to that homeless person. Everything is open and transparent. The community health record is where the medical society fits in. The HIEs are not sustainable. Many state HIEs are closing like in Texas. People are looking for alternative models for governance and sustainable. One avenue started in Kansas. They created an HIE in the cloud, decided to market it through medical societies where the doctor is paying. This can get interesting. A lot of payers want to collaborate with providers and bypass the hospitals. There is the potential there to take health records away from the hospitals or traditional data brokers like Commonwell or CareQuality to monetize the data and fund the exchange. Anything that supports disintermediation of the mediators. We’re working on 300 doctors, 3.1 million patients in Austin, like a medical society.
Q: Are they assuming they are going to monetize the data?
The data is worth $3000 a year on average versus the cost of operating this technology. Paying for Uport, Sovrin, Microsoft Azure, somewhere between zero and $300 a year. Apple iOS 11.3 is $0. $300 is all the software in HIE of One provide white glove service. Might cover that.
Q: People need access.
In the U.S. we have a trillion dollars of waste and fraud. Divide by 300 million people, $3000 a year.
Q: Part of that is price fixing.
Q: Missed diagnosis.
Q: The hospital bill I got was $250,000. Kaiser negotiated it down to $80,000. You can call that fraud. It made more sense when Adrian called it price fixing. When we disintermediate that, where does that value go?
In terms of funding a business or making a solution, unless we can deal with the actual value of the data, what have we at HIE of One invented since the last IIW. I put a checkmark next to the directory. We’ve introduced a concept of distributed governance. If you have $3000 worth of data sitting in your aggregator, in your identity container, you want to monetize that in different ways. Not necessarily Google. Not the government. In Europe they’re willing to take that bet. And certainly don’t want Mass General to monetize that. So there isn’t any centralized way of apportioning how that $3000 of value is going to be split among these four – patients, doctors, biotech, payers. In the case of the payer, they’re basically worried about risk adjustment. Some patients will want to sell their data. The doctor also has an interest in monetizing this. Maybe it’s a way to have concierge medicine for all. Austin has raised taxes to improve maldistribution of healthcare.