The Data-Powered Patient: Precision Medicine Enabled by Decentralized Identity and Blockchain

David Houlding

How Precision Medicine can bypass Silos and Lack of a Single Patient Identity

Figure 1: Drivers Empowering Patients with their Identity and Sensitive Data for a Decentralized Identity

Precision medicine involves the customization of healthcare including medical decisions, treatments, practices, medicines, and so forth being tailored to an individual patient. Over recent decades, vast quantities of sensitive patient data have been accumulated by the healthcare industry in digital formats. As ever more data become available, and the better the quality of that data, the better precision medicine can approach its full potential.

Concurrent with the rise of Consumer Health (e.g., direct-to-consumer businesses, home monitoring devices, wearables, etc.), patients are increasingly empowered with the ability to directly collect and control vast quantities of their healthcare data. Unfortunately, this data, acquired by the healthcare industry and as part of Consumer Health engagements, is spread out and locked inside countless silos stored under a vast array of different identities for the same patient. Having data associated with multiple identities for the same patient can lead to patient matching challenges, mismatches, corrupted or duplicate records, and so forth.

Take, for example, a case where the patient identity is not controlled by the patient, where an identity that was established through a social media platform is used to engage Consumer Health services. If that identity or platform goes away, the associated patient data may become inaccessible.

These challenges confound our ability to consolidate accurately all available healthcare data for a patient and to use these data effectively to provide the best possible quality of precision medicine, at the most affordable cost, and engage patients and healthcare professionals with the best experiences.

Drivers Empowering Patients with their Identity and Sensitive Data

Seven key drivers are increasingly empowering patients with their identities and sensitive data as depicted in Figure 1.

1. Privacy Firestorms: Affecting major social media companies, search engines, and many other types of organizations to date, these firestorms have brought to the forefront the importance of privacy.

2. Strong Privacy Regulations: GDPR, CCPA, and other regulations and data protection laws with strong privacy requirements increasingly empower patients, healthcare professionals, family caregivers, and other data-powered patients (DPPs, see note*) with their sensitive healthcare data.

3. Hacking and Breaches: Occurring on almost a weekly basis, hacking and major breaches increasingly erode trust in centralized stores of sensitive data.

4. Availability Attacks: Centralized systems and storage represent single points of failure, and are vulnerable to availability attacks, such as ransomware and DDoS (Distributed Denial of Service). Healthcare providers are particularly vulnerable to availability attacks as they can disrupt patient care, degrade the quality of care, or in a worst case, compromise patient safety.

5. Privacy Leadership: Fortunately, many large leading corporations and associations have taken a strong leadership stance in privacy and empowering DPPs with their identities and data.

6. Blockchain Enablement: Blockchain has matured greatly in recent years from its roots in cryptocurrencies, Initial Coin Offerings (ICOs) and fundraising, to where it is now in enterprise production use across consortia of healthcare organizations. Blockchain is inherently decentralized and paves the way for decentralized identities, and secure, targeted sharing of data under the control of DPPs.

7. New Use Cases: Compelling use cases have emerged for decentralized identity in healthcare including credentialing, claims and verification, authentication, and many more. The diagram in Figure 2 further elaborates on many healthcare use cases that decentralized identity could enable.

*For purposes of this paper, we use “data‑powered patient (DPP)” instead of “data subject.” Data Subject is a generic term used for any person whose personal data is being collected, held, or processed.

How Decentralized Identity Works

A decentralized identity is an identity the DPP controls that can be used to prove they are who they say they are in a secure way that helps keep their sensitive credentials and information private (see use cases in Figure 2 and related ecosystem in Figure 3). Further, it is possible for a DPP to use a single decentralized identity across the many healthcare services they engage, whether within the healthcare industry or consumer health services (or both). The steps below illustrate a use case for how a DPP can use a decentralized identity to authenticate with the healthcare service online. Refer also to Figure 3.

1. Provisioning of Decentralized Identity (DID)

  • DPP has an identity wallet app which securely stores a private key.
  • A Public key paired with a private key is stored on a public blockchain. This could be a public blockchain such as Sovrin, Ethereum, or other. This is a fundamental concept of decentralized identity. It is decentralized because it is stored on a decentralized public blockchain, and is under the control of a DPP, such as a patient, or healthcare professional, rather than any one organization.
  • Public blockchain returns a DID to patient , e.g., “did:1234”, derived from the public key stored on the shared ledger of the public blockchain in order to ensure uniqueness to the DPP and can subsequently be used to reference the DID stored on the public blockchain.
  • Users can be identity-proofed by entities such as healthcare organizations and other authorities, as is the case today, and their DID signed by one or more of these entities to attest the DPP is who they say they are. This enables the DPP to use this attestation going forward to assert their identity to others.

2. Using Decentralized Identity to Authenticate with a Healthcare Service Online for a Digital-Powered Patient

  • DPP visits website of healthcare service online
  • DPP asserts their identity to secure website via message containing their DID signed with private key from identity wallet app
  • Healthcare online service website can use this DID to lookup the public key on the public blockchain shared ledger where it was stored previously in step 1b above.

Healthcare online service can then use this public key to verify the signature of the secure message sent from the DPP, and then complete the authentication of the DPP.

The Potential of Decentralized Identities Goes Beyond Authentication

Figure 2: What is decentralized identity? Decentralized identity can replace identifiers, such as usernames, with IDs that are self-owned, independent, and use blockchain and distributed ledger technology to protect privacy and secure transactions. (From https://www.microsoft.com/en-us/security/business/identity/own-your-identity)

As shown in this use case, data can be associated with a DID, thereby enabling healthcare to interact with patients more intelligently, and avoid patients having to fill out endless forms with the same data, a process that is tedious, error prone, and degrades the quality of care. Data associated with the DID, and the sharing of this data, can be under the direct control of the DPP. Given patient consent, multiple data sets associated with the same DID can be easily consolidated, as needed for precision medicine.

Claims can be associated with a DID, such as “patient is over 18”, and these claims can be verified and signed by an entity such as a healthcare organization or other authority. This enables the DPP to then use the claim wherever required to prove they are over 18, and do so without repeatedly giving their full DoB (Date of Birth) each time, which is highly sensitive personal information and each time it is shared increases risk of breaches, identity theft, and other problems. The ability to use such claims is in alignment with a key principle in privacy of data minimization where only minimal, but sufficient, information required should be shared. In this example, if a DPP needs to prove they are over 18 they should be able to do that without actually sharing their full date of birth.

Using Blockchain for a Decentralized Record Location Service

Healthcare has been digitizing data for some time; vast quantities of healthcare data today are federated across many healthcare organizations, much of it siloed within those organizations. Blockchain can be used as a decentralized record location service where metadata about records for a given patient can be stored on the blockchain. This metadata can include information about the record itself, and its provenance, as well as a pointer to the source of the actual data, and a hash code that can be used to verify the integrity of the source data. This decentralized record location service, and the metadata records contained in its shared ledger, can subsequently searched, discovered, and requested by healthcare organizations treating the patient

Combining blockchain data with a decentralized identity, a patient can have their DID associated with these records and can be put in control of their federated records comprising their “longitudinal patient record” over their lifetime. If a healthcare organization uses the decentralized record location service on blockchain to search, discover, and subsequently request a given record for the patient from its source, then the patient can receive such a request and have the ability to grant or deny consent for the record to securely move from the source to the healthcare provider requesting the record at the point of care.

The potential of these massive untapped resources is waiting to be used to improve patient care by: 1) creating an efficient means for healthcare professionals to access patients longitudinal electronic health record; 2) reducing the cost of care through greater administrative efficiency; and 3) making the engagement between patients and HCPs more effective. In addition, by having elements of the longitudinal record available on demand as required for patient care, doctors can focus more on patients during offices visits.

Keep Data Federated: Move Only When Required and Authorized by the Data-Powered Patient

An important concept here is the notion of keeping the many, many records comprising the longitudinal patient record, federated and securely stored across the various source silos where they exist today, and not proactively moving them or aggregating all of these records within any specific organization. Such aggregations of records in one place, or centralization of healthcare data, put too much power and control in the hands of one organization, creates a single point of failure, and add risks of hacking and breaches, and such organizations abusing the data by mining, monetizing, or sharing the data in ways not acceptable to the patient. As a general principle, only minimal but sufficient healthcare data should be moved to avoid exposure to risk and only when the DPP authorizes it as required for their healthcare.

For example: When a specific record is requested by a healthcare provider to render high quality care to a patient they are treating, then the patient (and only the patient) can authorize this request so that the record can be securely transmitted to the healthcare provider at the present point of care.

We believe that medicine will become more precise. However, medicine today is generally based on a “one-size-fits-all” practice, and where targeted therapies are possible, it is impractical to scale. The goal of expanding precision medicine is to provide the right treatment at the right time for every patient. Tailoring treatment starts with a highly-specific diagnosis without unwarranted variation. Based on data integrated from existing sources, adding genomics and radiomics enables a holistic understanding of the individual. These unique characteristics steer the personalization of treatment. A precise understanding of a patient’s condition is the most effective approach to deliver outcomes favorable to all stakeholders.

Delegation of Power of Attorney

In some cases, a patient may not be able to control their identity or healthcare data but may need or want to delegate this power of attorney, for example to a family caregiver. Healthcare systems built on DID and blockchain solutions empowering patients must also provide capability to enable delegation of power of attorney to ensure this need is met.

Ethical Considerations

DID and blockchain show major potential to drive positive change for healthcare and precision medicine. As with any disruptive technologies, ethical considerations must be identified, discussed, and mitigated as we adopt and apply these technologies. Such efforts, conducted through a transparent and robust process, should maximize the positive benefits and minimize the negative side effects.

Own Your Data

For decades we have sought the ability for DPPs to own and control their healthcare data. Sadly, with massive proliferation of centralized database silos and the sensitive personal information they contain, we have fallen far short of DPPs having access to, let alone owning or controlling their data. DID and blockchain have the potential to enable DPPs to access their identities and data, review and amend them, see reports of who else has accessed data, give consent or opt-in / opt-out of data sharing, and even request they be forgotten and their information be deleted.

Monetize Your Data

Blockchain enables cryptocurrency. Think of blockchain as a platform, and a cryptocurrency as a particular application that can run on blockchain, along with many other applications such as those that can enable DPPs to control their data. Users can be rewarded with cryptocurrencies for opting in or giving consent to collaborate and share their data. For example, a patient may opt into participation in a clinical trial, and in so doing make their data available for research within that clinical trial. This capability has the potential to provide a direct value feedback loop whereby DPPs can monetize their data. This is a huge leap forward from today where DPPs give up their data free, in many cases unaware, and organizations collecting it make highly profitable businesses out of monetizing data with nary a cent going back to the DPP. However, in enabling DPPs to own, control, and monetize their data, guardrails must be put in place to ensure that DPPs are protected and fully informed – not just of monetization opportunities, but also how their identities and data will be used, any risks incurred, and their rights.

Disintermediation and Disruption

Figure 3: DID ecosystem infographic of users circled by user agent, W3C Decentralized Identifiers, Blockchain and Ledgers, DIF Universal Resolver and Identity Hub, and User Attestations connected to People, Apps, and Devices through DID Authentication. The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. (See https://didproject.azurewebsites.net/, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2DjfY)

Historically collaboration across a group of organizations has required a central trusted intermediary in a “hub and spoke” architecture where the intermediary is at the center and mediates all interactions across the network. One can see examples of this across many industries. In financial services we have banks and banking networks. In healthcare we have clearinghouses and health information exchanges. In most industries we have supply chains where distributors are the hub connecting manufacturers and suppliers with dispensaries and retailers. Unfortunately, many intermediaries have abused their role and introduced excessive costs, delays, and single points of failure where, if they are unavailable, collaboration across the whole network is halted.

To be clear, where physical goods flow, such as in supply chains, centralized hub and spoke architectures will endure. However, when it comes to the flow of digital goods, including any information, cryptocurrencies, crypto-tokens, or otherwise, blockchain has the potential to enable secure decentralized collaboration across a consortium of organizations in near real-time, and without the added cost, and delay of the intermediary. Since blockchain is decentralized, it eliminates the central single point of failure that makes hub and spoke architectures vulnerable to attacks on the availability of data or systems such as ransomware or DDoS (Distributed Denial of Service).

Hyper-Efficiency and Job Loss

Today, many common types data are maintained redundantly across silos. Think of the last time you changed your phone number or address and had to visit too many websites to update it. So many of your websites have data that are old, inaccurate …. did you visit them all? Probably not (who has time).

Consequently, the current redundancy in the system inherently results in massive collective cost and causes major inefficiencies. For example, the cost to maintain common data (in silos) is multiplied by the number of organizations that have copies and need to maintain it independently. Further, inconsistencies in this data cause friction and additional cost in the system, not to mention frustration. If your address is not updated mail goes to the wrong place, needs to be forwarded, or maybe you did not request forwarding and so you lose mail and absorb whatever the impact. If records are inconsistent across payers and providers, medical claims can bounce causing delays in payment, compromised quality of patient care, and so forth.

So blockchain having the potential to help solve this sounds good, right? Some assert that disintermediation and disruption will cause many workers to lose their jobs, e.g., the many people whose job today is to maintain redundant copies of information across these organizations and silos. In using DID and blockchain to pave the way for secure, and hyper-efficient maintenance of identities and common, shared data, we may inadvertently disrupt the jobs of those doing mundane, redundant data maintenance today.

Rather, we claim that these issues are minimized because blockchain maintains common data in one place (“un-siloed”); data are updated once as needed and shared in near real-time across the consortium of organizations that need it. In fact, we maintain that blockchain will create different roles for intermediaries for training, system integration, support, governance, consensus building across the consortium, and so forth. In effect, opportunities will evolve for intermediaries of today to be trained for work in the DID and blockchain healthcare economy, and even learn to leverage blockchain and their data to their benefit.

We assert that we should move forward with DID and blockchain to realize its benefits, but we should do so fully aware of the impacts and help those impacted proactively adjust, retrain and move onto more useful, interesting, and higher paying roles.

Environmental Impacts

Public blockchains such as Bitcoin span untrusted networks, with untrusted participants, and so must use conservative consensus algorithms such as PoW (Proof of Work) which require mining. To be competitive in mining one must invest in massive amounts of hardware that use massive amounts of electric power. This is a considerable environmental and ethical concern. For public blockchains to be feasible going forward we must find new ways of enabling blockchain consensus in ways that do not require massive amounts of hardware or electric power.

A key clarification: this challenge is associated with mining and public blockchains and the consensus algorithms they use, whereas private / consortium blockchains, which represent the vast majority of blockchains used in industries such as healthcare, don’t typically have mining, but rather validation of transactions and blocks which does not require any significant additional hardware or electricity. Therefore, while this is a challenge for public blockchain applications such as Bitcoin, it is not an issue for private / consortium blockchains. That said, DIDs may use a public blockchain, as described earlier, and adding a new DID to a public blockchain, depending on the actual blockchain and consensus algorithm, may require mining, and so may incur some of the associated environmental impact.

Anonymity, Cryptocurrencies, and Crime

Ransomware is enabled by anonymous payment methods such as Bitcoin. An attacker can infect your system, encrypt your data, and demand payment in Bitcoin, and you can pay them with nary an idea of who attacked you, nor the ability for you or law enforcement to identify them. While cryptocurrencies and cryptotokens have incredible potential for good, they are in this respect a double-edged sword since they also pave the way not only for ransomware attacks, but DDoS, and many other types of crime. On the other hand, DIDs and blockchain have incredible potential to help mitigate many types of fraud related crime so DID / blockchain and crime is a multi-faceted ethical consideration.

Conclusions

Precision medicine is critically dependent on healthcare data – lots of it, in near real-time, and of high quality. Privacy is a key requirement in our future healthcare where patients are engaged and empowered with their identities, healthcare history, and clinical laboratory and imaging data, and able to consent to the use of their data as required for expedient dealings with administrative requests, healthcare records, and precision medicine treatments. Conversely, privacy done poorly is a recipe for privacy storms, breaches, abuses, and other issues that erode trust, thereby leading to disengaged patients and decreased quality of care and patient health. Decentralized identity and blockchain enable fundamentally new approaches to empower DPPs with their identities and data, engage them in their healthcare, and enable their participation in precision medicine in new ways not possible before.

David Houlding MSc CISSP CIPP
Director of Healthcare Experiences
Microsoft

David Houlding is the Director of Healthcare Experiences at Microsoft Azure. David has more than 25 years of experience in healthcare spanning provider, payer, pharmaceutical, and life sciences segments worldwide, and has deep experience and expertise in blockchain, cloud computing, privacy, security, compliance, and AI / ML. David currently serves as Chair of the HIMSS Blockchain in Healthcare Task Force, a group of ~100 leaders from across healthcare worldwide, collaborating to advance blockchain in healthcare. David also currently serves as an advisor to both the British Blockchain Association and Lifeboat Foundation. David has led the successful creation and deployment of a wide range of solutions to help reduce the cost of healthcare, improve patient outcomes, experiences, and engagement. Prior to joining Microsoft in 2018 David served for over 10 years at Intel Health & Life Sciences where he was the Director of Healthcare Privacy & Security, responsible for enabling healthcare organizations worldwide to achieve compliance with regulations and data protection laws, and implement effective privacy and security programs. In his current role at Microsoft, David works with key healthcare partners to enable healthcare organizations make use of cloud computing and related technologies to reduce healthcare costs, and enable new transformative healthcare use cases to improve patient outcomes, leveraging strategic technologies such as such as AI / ML, blockchain, IoMT (Internet of Medical Things), and others. David has a proven track record for innovation with 5 patents granted by the USPTO. David currently holds the CISSP (Certified Information Systems Security Professional), and CIPP (Certified Information Privacy Professional) credentials, and has a Master of Applied Science in Data Compression and Digital Signal Processing from Simon Fraser University, Canada.

Definitions
1. W3C Decentralized Identifiers (DIDs) – IDs users create, own, and control independently of any organization or government. DIDs are globally unique identifiers linked to Decentralized Public Key Infrastructure (DPKI) metadata composed of JSON documents that contain public key material, authentication descriptors, and service endpoints. (JSON stands for ‘JavaScript Object Notation.’ JSON is an efficient way of representing data in a human readable format.)

2. Decentralized systems (for example, blockchains and ledgers) – DIDs are rooted in decentralized systems that provide the mechanism and features required for DPKI. Microsoft is participating in the development of standards and technologies that are being developed by the community to allow for a vibrant ecosystem of DID implementations that support a variety of blockchains and ledgers.

3. DID User Agents – applications that enable real people to use decentralized identities. User Agent apps aid in creating DIDs, managing data and permissions, and signing/validating DID-linked claims. Microsoft will offer a Wallet-like app that can act as a User Agent for managing DIDs and associated data.

4. DIF Universal Resolver – a server that utilizes a collection of DID Drivers to provide a standard means of lookup and resolution for DIDs across implementations and decentralized systems and that returns the DID Document Object (DDO) that encapsulates DPKI metadata associated with a DID.

5. DIF Identity Hubs – a replicated mesh of encrypted personal datastores, composed of cloud and edge instances (like mobile phones, PCs or smart speakers), that facilitate identity data storage and identity interactions.

6. DID Attestations – DID-signed attestations are based on standard formats and protocols. They enable identity owners to generate, present, and verify claims. This forms the basis of trust between users of the systems.

7. Decentralized apps and services – DIDs paired with Identity Hub personal datastores enable the creation of a new class of apps and services. They store data with the user’s Identity Hub and operate within the confines of the permissions they are granted. https://www.youtube.com/watch?v=r28GeXkxn0w&feature=youtu.be