The development of Digital Identification Documents (DIDs) under WHO SMART Guidelines are quietly ushering in a sea change for how Electronic Medical Records (EMRs) are stored and accessed. Building upon HL7’s Fast Healthcare Interoperability Resources (FHIR), Google and WHO have been working with international development teams, including PathCheck Foundation, to put EMRs in the hands of patients. Instead of having data siloed by legacy EMR players like Epic and Cerner, DIDs and FHIR can put the EMR on a smartphone for the user to grant access to anyone. State agencies, hospitals and healthcare providers can be approved validators as part of a global trust registry, so patients can have assurance that access is granted to and from the correct entity. What I have just described is not a pie-in-the-sky, it is already happening with over 4,000 issuers enlisted in the global trust registry, including state agencies, hospitals and healthcare providers.
In 2014, I was in a Techstars cohort along with the founders of a startup called Prime. Prime’s founders had built an app that was similar in its mission to what WHO, Google and PathCheck Foundation are doing now – to put medical records in the hands of patients. They accomplished this by gaining access to a user’s patient portal and then scraped the data to compile a new health record that resided within their app. It was a clever workaround until the EMR companies sent cease and desist letters to Prime’s founders. As a result, Prime – like so many others who have attempted to innovate in the EMR space – was shut down.
The new collaborative, decentralized framework of putting EMRs in the hands of patients doesn’t end with simply sharing those records with trusted providers, it creates an entirely new marketplace for others to add value for the patients and their trusted networks. It’s a similar value proposition to the promise of Health Information Exchanges (HIEs) that present a hub/spoke model of data sharing across a spectrum of healthcare and public health services, except instead of the hub being a centralized data repository (either privately or publicly controlled), the hub is the patient themselves granting access to the various entities of their choosing.
The reason sharing these data across various entities is valuable is because those agencies can then get a macro population health perspective of the aggregate data to inform agencies of something like an emerging infectious disease, or micro insights to notify a patient of drug interactions. At PathCheck Foundation, we foresee an opt-in, crowdsourced surveillance system that allows users to provide access to their EMRs for population health analysis, like Waze for health. Users can then simply turn off/on access to their data for passive analysis, or they can actively participate in additional health surveys. One form that this could take would be over a Nostr (more on this later) relay dedicated to health data sharing.
This choice of passive or active participation is key. When I was building Sickweather, one of the biggest challenges in getting agencies to trust our crowdsourced data was our exclusive reliance on anecdotal reporting and user engagement. In a trusted surveillance system that is built on EMRs, you overcome both the concerns of anecdotal reporting and the requirement for continuous, active engagement. And while you still have to earn the trust of patients to allow access to their data, we know from crowdsourcing research that you only need a small fraction of the population to be engaged in order to derive meaningful insights. This is an important distinction from HIEs, which attempt to consolidate all known user data within a region or network, but is also why they have largely failed since gatekeepers of those data can just as easily restrict or revoke access to all the data at once.
Public health surveillance is not the only application that can be built on this framework, so can systems for tracking medical bills and insurance benefits. Consider the non-profit RIP Medical Debt which uses relatively small donations to pay off mountains of unpaid medical bills. When I spoke with the organization’s founders and asked how the debtors are notified of their newly cleared debt, they explained that identifiers for the medical bills aren’t shared with them, so they are unable to identify when a specific patient’s debt is paid, and since the collections agencies don’t care once the debt is paid, the patients may never know for sure if their debts are paid since they are unlikely in inquire. This could be easily solved by a system that could track those medical bills over time if a user chooses to grant access to them by approved validators. It could even allow for GoFundMe campaigns to validate legitimate medical bills, which represents over 33% of all GoFundMe campaigns, not to mention improve cost efficiency of transactions between providers and insurers, which would hopefully help reduce healthcare costs by reducing waste.
When patients can control access to their own EMRs, they can also benefit from various incentives that 3rd parties can provide: including royalties for licensing their data to clinical research organizations in the development of new therapies and vaccines, or to artificial intelligence systems that can learn from their medical procedures. Such is the hope of a startup called MD Air Support whose founders foresee a patient being able to grant access to video of their recorded medical procedure to inform future AI training. Perhaps one day the EMR on your phone will provide both a revenue stream for royalties and an immutable record of permissions to prevent the exploitation of another Henrietta Lacks.
In conclusion, DIDs under WHO’s SMART Guidelines will provide a lot more than access to critical EMR data – it will improve health equity for anyone with a smartphone. And if solving for access to smartphones is the only remaining challenge, then we’ve come a very long way.