Blockchain based electronic health record (EHR) and health insurance

Hello,

A friend of mine and me have been thinking about pubblish this idea to the fund7 but at the end we didn’t feel so confortable (we didn’t want to “bite off more than we could chew”) so instead we decided to post it here and discuss it with the community!

So let’s start with a little bit of technical details:
An electronic health record (EHR) is a database which contains all records of a patients medical history, diagnoses, medications, treatment plans, immunization dates, allergies, radiology images, laboratory test results, and so on. As you can imagine it is a centralized database which may be hosted in an hospital, private clinic or, sometimes, it is mantained by the government (local or central). As every centralized database it may be subsceptible of hacking or manipulation of the data it contains.

The main issue with this kind of centralized database is that they aren’t interoperable. So the EHR which I use in my hospital (I am a medical doctor) can’t communicate with the EHR which the doctor are using in the hospital of the city from where you are reading this post (except if you are from Sicily in Italy, in that case say ciao!).
And this is real pain in the ass because if in the emergency room (ER) happens a patients which may be unable to speak due to his health conditions we simply don’t know absolutely nothing about him!

So, since Atala PRISM is (I think) getting near, what about creating a blockchain based electronic health record software which is really interoperable between countries and not-manipulable?

Also, note that the software for the EHR doesn’t need to be written, as client it could be used any kind of software, open source like the GNU Health or commercial. The integration should be focused on using a decentralized database on blockchain with existing programs

But let’s just think about all the possibility once this system will be in place. All your medical records would be easily accessible to you and to all the doctors you will see in your life, no matter if you have the papers with you or if you aren’t in your country.
It will not just end with this. We have all see the potentials of the decentralized finance. What if a project like them is launched not for the profit but for the health? I am talking about a health insurance which will cover all the cost of your wellness with a minimum investment. The treasury of this decentralized health insurance will not just cover your health care expenses, it may even fund researches, build hospitals. The possibility are endless.

Thoughts, considerations?

Also the various communication between various medical entities could use NFTs to provide access to necessary portions of patient records by transferring access rights. Eg. When you write a referral to another Dr or when you write a script for a patient that the Pharmacist needs to process. Each of these communications need to provide access to parts of your medical record but not necessarily all record details.

NFTs could represent fine grained access rights and be transferred by the patient to the Specialist or Pharmacist at the point of service. The NFT could encode a duration for the access rights and these rights could be withdrawn by the patient at any time through a mechanism built in the smart contract.

The current systems are a mish-mash of separately siloed data storage with very poor security and privacy. Data is lost all the time and poorly accessible by the various disconnected systems. Sadly, we are still living in the pre-digital era with a lot of this.

It is an absolutely massive problem and won’t be easy to solve.

I would suggest starting with an easy target first: Prescriptions could be represented by NFTs. Prescriptions need to be authorised by a registered Dr and delivered to a registered pharmacist. These don’t require any additional access to medical record data. After this, referral letters could be a next target.

But you will need to negotiate with governments because they regulate the Drs and the Pharmacists and detail the legal requirements regarding prescriptions and referrals.

As always: Why blockchain? If blockchain, why the blockchain of a cryptocurrency?

It’s obvious that whatever solution there should be for a digitalisation of the health sector, it needs to have the support of the authorities and it needs to be implemented by all the health care providers in the given region. So, an analogue to “Be your own bank!” makes no sense in this space.

But if it is partly centralised, anyway, (registering who is a real doctor, who is an accredited pharmacy, … cannot be done decentralised, there needs to be an authority granting those registrations), we do not need blockchain voodoo, anymore. We can just do a classical public-key infrastructure as it is known for decades.

Blockchain does not have any advantages, here.

Because we are talking about self sovereign identity and your right to control to your own private data.

Oh yes it does.

These are just some advantages I can think of quickly:

• Mechanisms to produce an immutable audit trail
• Facilitate trust through verifiable immutability
• Allow fine grained control to partial records
• Provide mechanisms for automatic compensation (Eg. when “emergency access” is subsequently proven to have been inappropriate - this could be implemented using smart contract bonds)
• Provide mechanisms for use of data in a verifiably secure and privacy preserving manner for research purposes

Many people opt out of medical health record systems because they don’t trust the management of their data. Many people would prefer their data not be stored at all even though this could pose risks for them in an emergency.

Consider the example of a prospective employer or an insurance company asking for a copy of your health record. If you opt in to the Govt controlled health record then you get no fine grained control and have to trust the Govt to control appropriate access. It becomes an all or nothing thing and access allows the prospective employer/insurer to go on a “fishing expedition” to see what interesting things they can see.

With a blockchain health record, the employer/insurer could ask specific questions and you could prove the answers using zero knowledge proofs for only what you deem is necessary and reasonable for them to know.

Blockchain shifts the control and removes the requirement of trust. Blockchain hands individuals the power to control their own private data. Non-blockchain systems hand the control to a fallible human governed entity and force people to place trust in them.

Imagine how much more research could be enabled by blockchain if people could choose to provide their private medical data in a verifiably anonymous manner. It would even be quicker, easier and more reliable for the researchers. Imagine the data mining that could be done for public good if people could be certain about how their private data would be used. Imagine the benefits if researchers could notify specific individuals with particular conditions without exposing their identity.

Zero knowledge proofs and blockchain are an absolute game changer for accessing private data for medical research.

Which is very loosely connected to blockchain if at all:
https://academy.affinidi.com/do-you-need-blockchain-for-enabling-ssi-452d62b34890:
“To conclude, blockchain can be used for enabling SSI, but it is not the only way to implement SSI. The choice depends on the company/developer who is implementing it.“

Also, the W3C standards related to SSI, https://www.w3.org/TR/did-core/ and https://www.w3.org/TR/vc-data-model/, mention a lot of other possibilities for “verifiable data registries” – decentralised file systems, databases of any kind, peer-to-peer networks, …

Blockchains are not essential for the self-sovereignty. They just provide a fancy way of publishing the identifiers.

On the one hand, I like that, but I don’t need a blockchain, let alone Cardano or another cryptocurrency for it. I just need them to give me signed data that I can have in my custody and decide whom to give to.

On the other hand, Molly White has a point in https://blog.mollywhite.net/is-acceptably-non-dystopian-self-sovereign-identity-even-possible/#data-custody-and-security:

It’s bad enough when a person bungles their crypto wallet security practices and oops, all their apes gone. I am not optimistic about a world where someone bungles their security practices and oops, now an attacker has access to every piece of information about them, from the address of the property they’re currently living in, to their social security number, to their medical history, to their criminal record. I’m also not optimistic about a world where average people are expected to self-custody this kind of data, acting as the source of truth rather than their doctor or the town hall. I’m a software engineer and computer nerd, and I don’t trust myself to self-custody this data.

The rest of the piece is also a good read on what strange pipe dreams are connected with SSI in connection with web3, especially the “Soulbound token” idea.

Immutability is the only feature of blockchains, but why is it strictly needed here?
Why isn’t it enough, when the physician signs the documents with a usual key pair?
Do we sell people a wrong kind of “trust” there?
“It is on a blockchain! It is trustworthy!!!” – “Oh, really? Anybody can mint Hoskies and Stripper Coins on that blockchain. …”

That would, in fact, be a use case, where the connection with a cryptocurrency makes half sense.
Although, I do not know if monetary compensation is my main worry in that case.
And: What kind of wonder machine should serve as an oracle to the smart contract to decide what use is inappropriate enough that I am allowed to drain the funds of my health care provider? Sounds like one of the many things that cannot be decided by a simplistic: “Code is law!“

And, finally, those two have nothing to do with blockchain technology at all. They can be realised by zero-knowledge proofs or simply – very low-tech – by giving me a collection of signed documents with different levels of detail, so that I can decide, which one to give to employers, insurances, …

False dichotomy. Even real plans for real government systems have envisioned fine-grained control for quite some time and not “all or nothing”. Yep, they often do not plan for self-custody, unfortunately.

Not blockchain, but self-custody would minimise, but not remove the requirement of trust.

You will always have to trust some entity to ascertain that the physician is really a physician, that the pharmacist is really a pharmacist, that all involved parties delete data they once got access to, …

On the other hand, your sketched “NFTs encode access rights.” system would also need trust in the data storage. You cannot ensure “Only the holder of this NFT can access this data from [date] till [date].” cryptographically. So, the service giving access to the records would have to do that verification, while having unencrypted access to them.

@HeptaSean I agree that blockchain does not solve everything and it will be difficult to build trusted information systems.

However, it comes back to what you want as the “root of trust”. Are you going to trust in human managed institutions or are you going to trust in the mathematics of cryptology and blockchain. What are you going to use as your “root of trust” to build upon?

Blockchain has only become an option recently. Previously we have always had to trust in people based institutions and have built checks and balances decided by people.

We will still need people, and governments, and institutions. But, we can replace many human based checks and balances with technology that always reveals the truth and always does what it is commissioned to do.

It will be interesting, and somewhat scary, to see how things pan out over time, particularly in places like China. Will the Chinese people continue to “trust” the CCP and its institutions to maintain their records and verify their truth? Particularly as people become more aware of alternatives, and as the power of technology increases, making it harder to block?

The mathematics and blockchains don’t get you very far.

They work for cryptocurrencies, because all the truths about them are within the blockchain. So, you can be perfectly sure of the ADA and native token transactions (within the boundaries of possibilities like block battles, forks, 51% attacks, …).

Already for the value of native tokens, you have to trust people – and their half-assed “white papers” – again. There’s a reason, why “DYOR!” is one of those stereotypical catch phrases putting the blame of failures in crypto on the individuals.

To let smart contracts interact with something outside the chain, even something relatively closely related like ADA/USD exchange rates, you need to trust in oracles, in the people creating and operating them. Maybe, they publish their sources, but you still have to trust that the published source is the one really running, that the keys are kept safe, …

For things like land ownership, proof of humanity, education certificates, health data, … it becomes a total chimera that the blockchain replaces any meaningful part of the trust that you have to have by some mathematical, cryptographical wonders.

What the blockchain can ascertain – that someone having access to some private key has signed a transaction at a given point in time – is totally secondary in these applications. The important thing is that someone with a certain authority – often but not necessarily always granted through a chain of indirections by nation states – has ascertained a statement.

That a land deed is really valid in the jurisdiction that the land is located in, that an education certificate is from a legitimate institution, that a prescription or attestation was done by a medical professional, are all truths that cannot be ascertained by the fact that some John Doe has written them on a blockchain. You have to have some real-world accreditation. You have to trust the people and institutions doing that and their processes.

But if you already have to trust such an entity, anyway, the blockchain becomes something between optional and superfluous. They can just publish that on a boringly normal web service with quite the same effect.

@HeptaSean you are tying yourself in knots here. No one said it is going to be easy and no one said that we can do everything using only a blockchain.

Yes, I agree. But then you can record these attestations, or rather the proof of them, using blockchain technology so that they cannot be altered or deleted in the future. Consider what IOHK is doing in Ethiopia by using blockchain technology to record education results.

I do believe that this will be beneficial for Ethiopian students for not only building, but also preserving, a reputation. Then if a new dictator takes over and blows up the university records the blockchain proofs will still represent the period of time that the university and its renowned professors existed.

As for trust, I trust that the blockchain proof of a university degree, signed by the renowned university professor’s key on the correct date, buried deep in the Cardano ledger, will be much harder to forge than a piece of paper with a handwritten signature and an official looking stamp. It will also be much easier to verify the blockchain proof from the other side of the world.

We will still need people, processes and institutions. But reputations can be built from a strong and immutable “root of trust”.

various communication between various medical entities could use NFTs to provide access to necessary portions of patient records by transferring access rights

Nice idea about the NFT for the transfer of information!

@HeptaSean has a point. It seems that the blockchain isn’t the best solution for this.

No. The blockchain should not be the database itself. But the blockchain can be the root of trust used to control access to the database information.

I still don’t see, what makes the blockchain an adequate “root of trust”.

If I know the public key of the “renowned professor”, I can check the signature on a diploma without any blockchain in between.
If I don’t know their public key, I cannot distinguish between a diploma signed by them and a diploma signed by some random John Doe, even if it is recorded on the blockchain.

The point I wanted to make is elaborated a bit better by this blog post:

Regarding Ethiopia, they seem to have settled for another digital identity solution (apparently without any blockchain shenanigans) on a national scale: https://id.gov.et/ (Cardano/Atala/IOG not found among the partners: https://id.gov.et/international/)

There is very little to be found if they continue to pursue the Atala Prism solution in the education sector in parallel. Would only make sense if it is somehow interoperable.

If it is good to sell Prism in developing countries, given that – by what is publicly available – it still more looks like vapourware than a production-ready solution, is at least questionable. Questions on more detailed technical specs, open-sourced parts of the software, etc. pp. have been posed here for months, actually at least almost two years:

By the way: Even if the Ethiopian government does continue to pursue Atala Prism, they probably won’t boost Cardano in the process: “Ethiopia’s central bank warns against trading in digital currencies” https://www.africanews.com/2022/06/06/ethiopia-s-central-bank-warns-against-trading-in-digital-currencies/
(Due to the lack of information above, the relationship between Prism and Cardano is also quite unclear, might well be that it is – like Catalyst voting – just another permissioned blockchain running inside of IOG, having very little if anything to do with us.)

What if, a patient holds access control to their data and as a new innovation model, the patient must authorise any and all access to their data on Blockchain. Fees could be reimbursed like medical aids do for procedures. This would allow complete control of a person’s details and medical records. Every time an entity would require access a patient or signatory will be notified of the attempt and must authorise and/or sign transaction before it may be visible to entities and/or practitioners

Now this gets very interesting when one introduces ways in which data is signed for once off at a given location and when a person is again at this location with their device records will be available instantly as long as patient is at location. Once patient exists location the data is no longer available until device login at specific location point. I’ve got the theory down perfectly and logic is sorted out along with all that this would need code wise etc. very little if any infrastructure additions needed for this.