Summary

Sovrin can improve healthcare and make it less costly by providing an identity system that combines a secure means of exchanging verifiable claims and patient consent that is a structural component of the system.

An ambulance

Lately, I've been thinking a lot about use cases for self-sovereign identity. This is the second in a series of blog posts that discuss how Sovrin can be used in different industries. In this article I discuss Sovrin and healthcare.

Healthcare is broken and many look to information technology to help solve the problem. But that's not working out as well as we'd like. The root of the problem, like many, is identity. Self-sovereign identity is the solution.

Consent and Privacy

One of the fundamental tenants of healthcare is patient consent. Patients have the right to determine their care and treatment. And they have a right to privacy in their healthcare. But consent and privacy are not the strong suits of today's Web architectures. Consequently, they're a poor match for building online patient services and it shows. Take two examples, the patient portal and the health information exchange.

Patient Portals

If you've been to the doctor lately, you've probably been directed to their "patient portal." What a nightmare. The security is too good, forcing you through their generally awful user experience just to perform tasks like reading short, low-value messages. As Bruce Fryer notes, these portals don't link to each other and they use name and date of birth to probabilistically correlate patients across systems.

Health Information Exchanges

A health information exchange (HIE) is another new piece of healthcare software that "allows doctors, nurses, pharmacists, other health care providers and patients to appropriately access and securely share a patient's vital medical information electronically—improving the speed, quality, safety and cost of patient care." These are supposed to help with interoperability between patient portals, but without clear identifiers for each patient, it's hit and miss.

What's more, as Dr. Adrian Gropper points out, current HIEs store massive amounts of patient data with little accountability and don't properly allow patients to control access to data or grant consent for specific uses.

Adrian has rethought how a HIE could work to put the patient in the consent flow and has a wonderful concept he calls HIE of One. He's got numerous demos to illustrate different flows. Adrian's HIE of One solves the problem of exchanging information between healthcare professionals while allowing for patient consent and control by putting the patient in the flow. This is a huge step forward and shows that decentralized solutions can better solve consent problems than centralized solutions.

Self-sovereign identity systems plug right into the HIE of One to provide patient credentials, but that's just table stakes. Using a system like Sovrin, a patient-centric HIE would provide verifiable claims about patient data including test results, clinical findings, past treatment, and drug history. Insurance companies and other payers could also use claims to exchange critical information in a trustworthy, secure manner. Sovrin allows for disclosure and records consent. These claims would be anchored in the Sovrin ledger to ensure they can be validated.

The Role of Self-Sovereign Identity

The healthcare industry has reopened the universal patient identifier (UPI) debate as a potential solution to the problem of correlating patients across portals and exchanges, but there are several problems with this.

First, an UPI would be subject to all the same kinds of problems that the social security number (SSN) has been. Once there's a single identifier anyone can correlate patient activity wherever it shows up. This puts privacy at the mercy of agreements rather than providing structural mechanisms to support privacy.

Second, an UPI doesn't solve the integration problem because it's just an identifier, not an integration method. We still have to rely on multiple point-to-point integrations or a centralized hub to integrate the hundreds of organizations that are helping with a patient's health.

Third, an UPI doesn't help with consent (other than allowing consent agreements to be correlated). There's no built-in mechanism for helping healthcare providers, who want to do the right thing, manage patient consent in a world that's increasingly mediated by online systems.

A self-sovereign identity system like Sovrin helps with all of these:

  • Sovrin prevents unwanted correlations by creating and managing one-to-one identifiers for each relationship. Pairwise pseudonymous identifiers reduce opportunities for surveillance.
  • Sovrin supports trustworthy, patient-shared attributes using a built-in mechanism of verifiable claims. This avoids both myriad, costly point-to-point integrations as well as a centralized hubs
  • Sovrin provides consent receipts for memorializing promises made to patients about how their data will be used as well as recording patient consent for both procedures and data use.
  • Sovrin puts patients in a position of controlling claims made about them.

Trust and Intermediaries

One of the primary benefits of self-sovereign identity like that provided by Sovrin is removing the need for intermediaries as holders and conveyors of trust. Currently, hospitals and others provide electronic health records (EHR) as trusted intermediaries. Doctors, pharmacies, labs, and other healthcare providers trust the hospital as a centralized location where patient data is held. EHR providers sometimes abuse this practice by using a practice called data blocking to favor healthcare services they control. Moreover, patient privacy is at risk when EHRs are treated as the hospital's property rather than the patient's.

A self-sovereign identity system removes the need for trusted intermediaries by separating the trust mechanism from the service of holding the record. Patient health data can be held, as verifiable claims in a variety of places so long as it is accessible by the healthcare provider.

Trust in the data is established by technology as well as business and legal processes. Verifiable claims are signed by the provider of the claim. So, a physician writing to a health record would sign the entry using a digital signature that can be validated using the physician's well-known public key. Any other healthcare provider with whom that patient shares that entry could validate the signature and know that the data hadn't been changed. Further, they could use a hash written to the ledger to know with certainty when the entry was made.

But how do we know whether to trust the physician? Professionals can also create proofs from verifiable claims written about them to show that they have specific qualifications, certifications, or work at specific institutions. These claims are, in turn, verifiable in the same manner, creating a chain of trust.

By removing the need for the holder of the record to also be the conveyor of trust, we reduce the power of intermediaries to control data.

Being able to identify qualified professionals in a trustworthy manner has other benefits. In the US, hospitals are often the source institutional trust for healthcare professionals. As an intermediary, the hospital is put in a position of power that they often exploit. Significant money is spent in healthcare proving medical staff are correctly qualified. In the UK, £4bn is spent on short-term agency staff, of which the agencies themselves take 20-25% mainly for doing the ID proofing piece.

Sovrin's verifiable claims could allow a medical society or other credentialing body to issue claims about the healthcare professionals certifications and hospitals to validate they are getting a correctly qualified doctor, nurse, radiologist or other specialist. The impact would be much faster onboarding, lower costs, and better treatment from verified staff.

Moving Past Administrative Identity

Many of the problems with portable patient health records and patient consent are rooted in the administrative identity systems that have developed over the past 15 years. We don't have to create an uber administrative domain in the form of a Universal Patient Identifier to solve these problems. In fact, that will only make many of them worse. A self-sovereign identity can solve the problem of correlation and do it in a way that respects the time-tested principles of patient consent and privacy.

Healthcare-centric uses for Sovrin won't be built from scratch. There has already been important work on patient-centric solutions to electronic health records such as the Fast Healthcare Interoperability Resources (FHIR) standard and Health Relationship Trust (HEART). Sovrin is seeking to work with experts in healthcare to build healthcare-centric identity solutions on top of the Sovrin platform, join us in our governance efforts, and participate in the Sovrin identity network.

If you're interested in knowing more, you can find more information in the library, ask questions in the forum, or contact us.


  1. An agent is a piece of software that acts on Maria's behalf and in accordance with rules she has created.