 Digital Health at Harvard series, which is actually pretty new, was launched last year. It's a collaboration between the Birth and Client Center and our neighbors upstairs, Petrie Sloan, to bring together collaborators from different schools at Harvard, even the surrounding communities, to discuss important topics related to digital health. And so today we have Dr. Andrew and Robert joining us. And Dr. Robert has many, many years of experience in the field of health centered, sorry, patient centered and patient controlled health records. And so today he'll be delivering a talk on screen independent health records. He's the CTO of patient privacy rights and has a variety of experiences, which I'm sure you can highlight in relation to your talk. So thank you all for joining. And just in terms of the format, Dr. Robert will give about a 20 minute talk and then we'll have about 40 minutes for discussion. Thank you. Perfect. Thank you. So I'm going to talk about work that's been ongoing for a number of years. It actually goes, originates in the computer science department. At MIT is the guardian angel project maybe about 30 years ago. And myself and many of the people that have worked on health records in general in this country, around at least this part of the country, go back to Pete Sullivan's lab at MIT in those days. I think Richard was down the hall around that time if I'm not mistaken. And this is all about personal, this is all about looking at technology from the personal or the individual's point of view as opposed to the institutional point of view. So let me start with something very personal and the anecdote to sort of frame our conversation later. This is my granddaughter, she's about to be three months old, Chloe. And more important on the left there is my mom. That's the four generation of us here. And great grandma is 91. She's healthy, quite healthy but reasonably demented. She lives in her condo with a living caregiver. It's 200 miles away. And I basically need to monitor her interactions with the health care system. A couple of times a year, she goes to see a new doctor. The doctor has that paper clipboard that we all are very well aware of and the paper clipboard has the information that we all know in terms of health records. And I'll just focus on the medication list, the active medication list. And we're going to come back to this theme of what's fair, what's reasonable, who's expected to manage this very important component of my mom's life and what can we do to improve it. Because if you've ever been in this position and I suspect some of you have, there's nobody responsible for maintaining that active medication list and not only that, but there isn't any particular tools available to either the physicians or the patients or the family to do it. And that's where this is going. Just curious, which other industry uses a paper clipboard? Exactly. So I'll talk for probably 20 minutes, maybe less. There are not very many slides and I do hope to then come back and dig into the various points that I'm going to skip very quickly over during the initial presentation to figure out where people want to dig in and go deeper. Some of what I'm talking about is quite technical. I assume that the audience is quite technical. But if there are terms or acronyms that people need to explain, do stop me at least for that. So I'm going to basically frame this as an issue of fairness, fairness to the individual person. I'm going to draw out how person-centered technology or person-centered solutions might look. I'll talk a little bit about self-sovereign technology, policy questions to enable self-sovereign technology and what's being done and what can be done as next steps. That was not supposed to happen. Where did it go? Probably... Okay, so this is the data map. This is work led by Latanya Sweeney. She's a professor at the School of Government. Patient Privacy Rights helped support this work originally and it's now the subject of the Knight Foundation Grant to update it. Up at the top, if you can't read it, you have you, the patient in the middle and either a physician or a hospital to the right. And what the takeaway from this is very complicated and this is not by any means the end-of-the-story diagram is that from that physician-patient relationship flows an immense amount of information, none of which people are aware of, almost none of it. I mean, you do get an EOB from the insurance company, for example, etc. and all of the nodes in that diagram are institutions. We have all probably seen this diagram. It made a resurgence with the rise of blockchain, Bitcoin technology and whatnot. And so if you want to think of this in terms of health records, on the left you have systems in like the European systems, Australia, where because health care is a right and the system is highly, is basically paid for. For the significant part of it, people don't think of it in terms of insurance at all. There is a large centralized component to whatever health records are in place. In the middle we have the decentralized diagram relatively speaking similar to what we have here in this country except it almost overstates the connectivity between the islands, if anything, and we won't necessarily need to talk much about that. And on the right we have the distributed model where the nodes can be any piece of technology and so the nodes could represent an individual's technology an individual licensed practitioner's technology, a lab's technology as a licensed entity or a hospital in the sense of a care team or an institution. So again let's just to frame the issue and not belabor the details of this. Physician-patient relationships existed long before we had digital health records and they had this characteristic represented by a prescription here or the surgeon's report of a procedure that might involve a whole team of people but it was basically a document and it had certain things, it was authoritative, it might be tracked with a DEA number, it had identifiers in it and signatures, non-reputable signatures. So as we start to think about how we would set up a fair system that's fair to the individuals involved and fair to the professionals involved, we look at this node like the one I've isolated on the right and we say if this is an individual person this node has to support self-sovereign technology in the free sense of the word and in the independent sense of the word and other nodes in the system could be labs, could be hospitals, could be pharmacies. And one point that I think we'll come back to in the conversation because I'm just going to go very quickly over it is it's obvious that the nodes exchange attributes, exchange data as part of the network. What's not so obvious is that in order to be free and independent the individual's node has to shield, has to hide the individual's policies. Just like nobody asks you to basically declare whether you're a Republican or a Democrat or gay or straight or whatever you get to act the way you want to act in context, your policies for moving data from that lab, from that hospital to another node in the network should not have to be put on the wire. And therefore the important sort of revelation of the design of what at least we've been working on is this idea that you want to distribute access tokens in some standardized and acceptable way and not put policies on the wire. And that obviously means that information can move directly from a lab to a hospital, for example, without necessarily going through a personal data store, or a personal health record, or anything else. So let me just go down one more level now and talk about hardware and software, you know, software directly tied to the hardware and it basically from this self-solving technology point of view there's going to be three different categories. One of them is the router, the thing that sits in your closet costs you 200 bucks nowadays. And it's obviously, well not obviously, but if it's free software, and many of them are, and it's owned, and you don't assume that your router is linked to any particular institution or controlled by any particular entity. So it's going to be a fight to keep that going forward, but that's a different story. So in order to support this kind of distributed health records environment, the router has to be enhanced. I've already mentioned the need for something that looks like an authorization server and there are standards, the UMA standard for handing out these access tokens, these authorization tokens. It needs to be supportable by mortals and that's the Freedom Box project of the Free Software Foundation. We can talk a little bit about that. It's going well. It will need some kind of a personal data store for that part of the health record that you do want to aggregate on your own. You don't want to leave it sitting in that lab or that hospital where it originated for whatever privacy reasons or they might go offline or whatever. And to be truly distributed, you might want it to run something that looks like a blockchain node again, fairly obvious reasons and you will see blockchain technology or distributed ledger technology thread in and out of the rest of this presentation in various ways. The router obviously doesn't have a native user interface. There has to be something like that. Typically nowadays people think in terms of a smartphone. The smartphone has a browser which is how you control that Freedom Box and the authorization server and other things. The mobile client has to have a secure element that doesn't expose your private key that allows you to have a non-reputable signature especially if you're a licensed practitioner and in order to do that in many cases to do it conveniently and at scale you want to link that secure element to biometrics. And I don't mean biometrics in the cloud, I mean biometrics that are simply local to that device to that secure element. And finally you might want to have something like a blockchain client for obvious reasons. And then finally you're going to have things and the things might be in three categories. There are things that are literally implanted, implantable cardiac defibrillators, neurostimulators for Parkinson's for example or epilepsy. The wearables might be like a continuous glucose monitor linked to an insulin pump. I put up the night scout project there which has been running for six, seven years and it's just a wonderful example of how to do this way ahead of industry and in a very powerful way. We can talk a little bit about that. And then of course you have the other things like home monitors and other aspects of the Internet of Things. Sort of now going back in the direction of what's at the next level and what kind of policy issues are going to be raised by this approach, you have these other elements that result in a free and independent health record, right? You have the ability to aggregate information in a place that is well understood. Right now in this country we certainly don't have that to the extent that personal health records have been around for almost a decade now and they have not had an economic or health impact by any measure. Mostly they are unusable by the licensed practitioners and they ask individual people to do stuff that they're just not interested or trained or capable of doing. They need for having a source of truth and one that again represents that particular individual remains. They have to be curated. We all, well not we all but those of you who have worked with the electronic health records of the last six years and realized that what's happening because they're basically billing mechanisms that have been glorified or resource management systems, they are not properly curated from the individual's perspective. They may be curated from the institutional perspective. They serve the workflow and the economic needs of the institution. They're a strategic asset in that sense but from the individual's point of view none of them allow for example for a licensed practitioner or physician not affiliated with that particular institution with the electronic health records to sign in and make a change. So literally when you go one step lower and we don't want to necessarily go there when you look at the standards now that are being used to interconnect those nodes and to decentralize that middle diagram the standards that people are working on cannot support a medication list. There is no command you can issue to that restful API to that restful interface to meet the active medication list. So not only is there no way for a licensed practitioner to log in and make a change or curate the document in that system but the standard for moving the data around doesn't even have that as a command. They have to be authoritative. Right? What exactly do you mean by curated? What I mean by curated is that somebody is being paid to delete a medication and say this is no longer active or to say this person isn't really allergic to peanuts. They thought they were. That is what I mean by curated. That's something that is not a workflow issue directly. It's not a billing issue directly but it is from the patient's perspective or from my perspective as the caregiver that is central. The usefulness of what's on that clipboard that I started to talk about is what's important to both the physician and to the patient. So because in a self-sovereign environment you have this opportunity for the patient to touch the information in order for it to be authoritative in order for it to have legal usefulness in certain cases of illness, things have to be signed. And in the system that we have right now with the institutional health records, that is absolutely not done and we'll get a little bit more about that in the next slide. I think it's the last slide. So that's what I mean by authoritative. There are legal aspects to this. The signatures have to be nonreputable. Time stamps have to be accessible and recognized in the case of a dispute and there are records retention laws that have to be met. So just because we're making free independent health records doesn't mean that any of these things can disappear. And finally, for all sorts of obvious and good reasons we have to keep supporting and expanding certain mandated registries. The kind of things that are used right now to deal with opioid prescribing practices the kind of things for monitoring infectious disease, public health things that drive policy, all payer claims databases are now around and in many forms and again these are not accessible to the individual even though they really should be when you're paying $5,000 out of pocket for some of the health plans these days. That information would save you thousands of dollars a year in the exchanges. And obviously a lot of work and regulation happening in the research and quality monitoring areas and those become topics in themselves. So as we begin this discussion of how do we pull this stuff together and what are the communities and the business models frankly that are going to enable something like this going forward one way I like to think about it is you want to build on APIs from the start we don't have information systems not just in healthcare but in general. Things are still either document-centric or database-centric and I think that is not going to be able, sustainable for any number of reasons including security and cyber security that we're seeing so much in the news about. So it's APIs all the way down. So on the policy side we can talk about these four or six things where does policy consider fairness to the individual curation we talked about briefly already what I mean by that. I want to propose a very simple test how do we know that we've gotten there how do we measure success if we built this distributed infrastructure one test that I think is the single best way to to ask yourself if you succeeded is if you can provide both the patient and the physician independent decision support at the point of care during that 10-minute encounter, 20-minute encounter and not by the way the same decision support but the patient my mom or me in this case of our example needs to be able to have the benefit of IBM Watson or the Cochrane digital version of Cochrane or whatever for what we do the physician has their own decision support needs and also mandated requirements as long as both the physician and the patient in that encounter my mother shows up at that new doctor or she's being treated by that doctor have access to decision support that is it's kind of like net neutrality you know it it's as simple as that and it's a very nice test in my opinion if you have to pick a single test and then of course we have to deal with the digital divide the hardware smart phones included here is not that expensive if you think about $100 or $200 worth a year of technology compared in a country like ours where we're spending $10,000 per person a year at least on healthcare that's the drop in the bucket and it is not a reason to shut out the undocumented or the people who can't afford it and so this is the last slide what can we do right now in the first sort of layer beyond this stuff we've been building as reference implementation and standards and policies groups that we work in there is now a desperate need to educate the professions I don't know how many people here know about the Sedona conference I just learned about it a few months ago but they drive practice legal practice around technology at least from this perspective and I'm sure there are people I suspect there are people here that know a lot more I've had the opportunity to review and comment on a draft document that will come out in the next couple of months around the electronic health records and I can talk a little bit about those issues we have to have the concept license professionals physicians have a self sovereign identity there is a role already underway being considered or planned at this point for medical society for example or any professional society to run directories that allow the professionals to be somewhat independent completely independent of the hospital rather than being tied to wherever they're employed I've mentioned the freedom box and we don't have yet a project underway to add the authorization server that we're demonstrating to freedom box but that certainly needs to be done support communities and a desperate need for a business model in order to scale this and one last thing a pitch patient privacy rights a health privacy summit it's free of the Georgetown law this year it's June 1st and 2nd and it's streamed and it's very very good to address some of these issues thank you please I have a question about the scenario where the doctor is a clipboard and the patient has kind of their digital health record and so if the doctor is completing the documentation on paper presumably we would want that information to get into whatever that personal health record application is I'm wondering in your vision who is responsible for transferring that documentation from the form in which the doctor is originally reporting it to or the clinicians originally reporting it to the digitized record if there are no electronic medical records in the physician's facility I didn't say that there were no electronic medical records in the physician's facility but I didn't say what the answer was either so that's not a criticism what what I envision is that the doctor has self sovereign technology just like the patient does and that gives the doctor as a licensed practitioner the choice of either documenting that in their institutional their clinic health record system and or working directly signing in directly into the patient's self sovereign health record that thing that I call the personal data store in the previous slide that thing that actually stores attributes and in our model which is called HIE of 1 what we actually did to sort of take step and by we I mean Dr. Michael Chen he's out in Portland he's contributed a cloud based free software health record meant for clinics and we forked it we literally took the code and said when that physician goes from the patient list to a particular patient context we literally switched the hosting hardware from what the doctor is hosting for themselves or for that clinic to a copy of that same record with single sign on with API security that's standard space and they're working directly with the patient's aggregated record so in other words the choice of how to run the physician patient encounter sits with the physician if they have access to an EHR that handles these tokens these authorization tokens and then fine then obviously there are standards for these APIs that talk to the patient's record and if not you can sign in directly please like edge cases here so one would be the idea of you have someone on vacation who you know falls unconscious and then gets brought to an outside hospital where they don't have there's not already an access token because they have an established care and you know there's possibly an emergency need to access that person's medical record to find out if they have drug allergies how do you handle that? that is why in that previous slide let's see if I can put it up that's the role of the router component so when you think about the answer to that question you realize that you do need that patient to have a constant presence so the authorization server is not the mobile device did I answer your question? I'm wondering if they haven't configured their authorization policies to allow automatic approval of a request from an outside hospital for example it seems like you're kind of out of luck or would there be a one thing I was imagining was some sort of referral network where maybe you could get in contact with a hospital where they had established care and there was an authorization or something like that yes and again in another slide I talk about registries and one of the most important registries that you want to manage through these tokens are registries of where you've had care and when you talk about in terms of health information it changes like the one here called the mass highway or in every state or this every of them around the country in big states have more than one the single most important sustainability point for these exchanges now has bubbled up to be relationship locator services so it's basically a way for the patient to say when I visit this facility it's okay for them to say to the registry I'm there and then the registry operates ways for physicians to subscribe not for the patient's benefit mostly for the benefit of getting paid $100 more or something literally to subscribe to notice that this patient came to the emergency room over there so you handle that but the point to your deeper point when we show here on the top line a policy store there's a role for the community for the free software foundation or for patient privacy rights to put up standardized sets of policies to go along with the authorization server we would never expect people to create these policies we would only expect them to edit the policies based on their own particular situation so there's a deep role here I think for nonprofits for public service organizations to seed these things what do you mean by policies I mean I know that word I think that you're using it to mean something different and I'm lost when you say it this is in the context of UMA user managed access which is work of the Canterra standards group it doesn't really matter and what it that set of standards does is it splits the interaction amongst nodes into two phases phase number one is like a resource registration phase so imagine that the hospital or that lab puts up an API and says Adrian's data is available on this API Adrian has an authorization server and so the phase one there is no user of the data on the scene you've now registered that particular and it's kind of like think of it as a step when you go to a hospital and they ask you sometimes stupidly really stupidly to sign the notice of privacy practice imagine at that point in the scheme you are allowed to give them an email address that was dereference using webfing or something to your authorization server that's the phase one of the UMA protocol and it doesn't involve policies directly the second phase what happens is when somebody whether it's that ambulance driver that we were just talking about or whatever comes to access that resource and that what happens in this case is that that ambulance driver comes and presents credentials that you trust again for various mechanisms and your policies might say if this person's credential says that they're an ambulance attendant give them a token to that particular place where they've decided based on looking at a registry that I might have health records whether it's in my personal data store or at national hospital and that's the policy I'm talking about another question which is how do we distinguish between the ambulance driver of the ambulance I'm in when I'm unconscious and somebody else who works as an ambulance driver has never seen me and has been suborned to get it my data one idea that occurs to me is if I'm carrying something like a necklace it could be used to get access when I'm unconscious yes and actually if I don't want to take the time but somebody if you google Casey Quinlan QR code what will pop up at the top is Casey Quinlan who is a colleague in this sphere of things that actually tattooed a QR code to her sternum along with a password and this was about five years ago or something and so there you are and now is the second piece of that which is the problem and it's not healthcare specific of when you have a disaster when law enforcement or public health people come together and you don't have an institutional context to manage that interaction how does a public health officer or a law enforcement person convince whoever is in charge of the scene that they have access to this huge security issue on a much larger scale because obviously for public safety reasons you want to have these special registries if you want to call them that where people are sort of sworn and go to jail if they misuse them and then provide distributed access to that and that's an ongoing problem and in general trust cops you have to do that but it's not a healthcare specific problem this is a problem there are aspects of this that involve broad use of biometrics broad access to secure elements and blockchain technology in order to have a secure trust fabric that's not tied to any particular institution and is more resilient than a centralized system so yes it's not healthcare specific that part of it is just society is just going to have to figure out what they ask one more question what do you do about the danger that somebody accessing your data with permission on a certain occasion might save a copy of that data and make it available without authorization to someone else we don't it's a very difficult problem it is not a problem that even the blockchain technology distributed ledger technology solves and a lot of people have magical thinking in this area that this will solve it there is no there's no DRM component to what we're proposing the only thing I can say in sort of defense of that if you want to call it that is that when you have when you presume a network of always on nodes these routers as I call them and reasonably robust and redundant they need to aggregate information or to copy information goes down and you can actually pass laws that basically say if we find you holding on to this information and what's interesting is that a lot of corporations who wouldn't dream of competing on privacy and none of them really do it for Apple these days and that's a different story but nobody else competes on privacy at any scale they're starting to realize that holding on to more data than they absolutely need is a liability and they're coming to outfits yesterday I was talking to the Centers for Democracy and Technology CBT which is 40% funded by corporate interest to lobby in effect and they're basically saying you know what's coming up for them that's surprising them is corporations coming to them and asking how do we store less data and in order for them to do that you have to have this router component and that personal data store and that token server online so that they have access to that data and you have transparency that they've had access to the data A lot of the technical elements of your talk are a bit foreign to me but your first slide with your mother and the focus on the medication lists are not foreign to me so I was curious I mean there are at least two reasons why you would focus on medication lists one you want access to them but more importantly you want it to be accurate and they're notoriously inaccurate where in the outline you put up there does correcting records for accuracy come in? I did not specifically talk about that but it basically comes in as what's called direct medicine or concierge medicine done on a scale when we are spending $10,000 a year per person or more in the case of my mom at 91 the idea behind from a clinical point of view from medical infrastructure point of view is that there's some amount of money say $500 a year that an individual wants to pay in a substitutable way for somebody a direct medicine physician to manage to curate that part of their record that's really important the medication list and what the next thing to do to this patient is going to be wherever it gets done when somebody says this patient needs X you don't want that X to fall through the cracks because then people get sued and people get very sick or both so the analogy I like to use is paying taxes we some of us basically use an accountant to do our taxes why because in my case the accountant charges $500 a year for the family if that accountant saves me $1 if I get to save if I get to save $500 or $1 on the tax filing because he's done a more accurate job I just made $1 and I don't have to worry about the taxes in the system in what I would call a system that's fair to the individuals that fairness component it would have this characteristic that the same thing that happens with your taxes where there's standardization and law about the W9s are in this form the 1099s are in this form the W2s all come out on this date and what that does is it means that my accountant and I only spend a few dollars a year on software and aggregating authoritative information and so all of the money to that accountant goes to a professional service at a very reasonable price and I think of curating health records as that same model that eventually relative to the $10,000 you get to spend a few hundred dollars a year for the curator and that saves the whole system because obviously you don't want to ask people to pay for that out of pocket way out of proportion to what cost those raised the question the tax issue the data is yours you won't take responsibility let me say a word about ownership I use people get very confused ownership has at least three different definitions depending on how you approach it the only way I find ownership useful in policy discussions and design of these systems is if you can delete the data or you can take it offline then you own it and so as you remember this model of you're only distributing access tokens and it's turtles all the way down the ownership of the data is scattered by whoever created it initially and then if they kept the copy they and only some of the data is owned by the individual that thing that's in the personal data store on this slide and so by using this very strict definition of ownership you can now layer legal practice on top of the system in a fairly tractable way it's a really complex issue trying to understand the incentives of let's say the three simple parties that the physician, the patient and maybe the insurance companies outside it seems like everyone wants to do this right the physician obviously wants to look at the patient with the whole but also raise the liability for him as in reviewing all the records before he even advises the patient the same with the insurance company they might of course want to look up did you have an accident when you were 10 year old but also raise the liability that if they refuse it so how do you balance this incentives because otherwise I think you made a good point about the business needs to work too yes so let me be the first one to say that I don't have a solution to the business model for how to bring this about at scale now I would maintain to you that what we do to health care in this country by privatizing it and distributing it as an employer based benefit for half the population and the government benefit for almost the other half and then nobody or maybe soon nobody for the 30, 40 million that are left is just the travesty in its own right and it's also very expensive it's expensive for the practice that has to spend the number I've heard is 8% of what a practice spent never mind what's going to those insurance companies is spent on administrative cost and it might well be higher so the problem of how you get there from here which is what I would call the business model problem is extreme and I don't think I can even begin to have a conversation if there are people here policy people that understand that better they might have a better idea of how we fix it so I can't say anything about useful about that or you don't even make inroads into it is it sort of like oh no okay so now we get to yes so now we get to this slide basically when I say legal what I'm saying is that we now have access to the technologies particularly as distributed ledgers as blockchains become commercialized and particularly as medical societies start to realize that they are as a profession they're not being well served by institutional health records and the level of frustration we won't even go there so what happens is that as we introduce this HIE of one model and it goes from reference implementation type thing to actually a pilot what are we doing we're basically introducing support and legal legal things there is nothing about it that doesn't allow for incremental adoption so for example you might have telemedicine be the driver for adopting that on a physician by physician basis you might have mental health issues very privacy sensitive and not well served so because the practitioners that actually managed the person who signs that prescription before there was ever a hospital and EHR they're still there they're still responsible as long as they meet the kind of legal requirements that are on this slide commerce happens and not only does commerce happen but you eliminate the intermediary but it now is sucking as much as half of the value so for example there was a nice article that showed that when it comes to mental health advice online this really very sleazy intermediary that was basically acting as matching patients with clinicians licensed clinicians was taking half the money and detracting value because in some cases the clinician had professional responsibility for somebody that they would have to break anonymity you know to deal with issues of when do you report something when do you do and literally half the money in this case was being charged by the intermediary between the licensed practitioner and the patient and the whole point of the article in how many different ways this was a worse job than if the intermediary wasn't there so there is a huge amount of value now on average it's not going to be half but it could well be 20-30% and in a $3 billion healthcare economy that's a lot of money please client patient in any of these a patient who doesn't want to be involved in their healthcare in their have access to their records we in the design of the reference implementation, the HIE of one that I talk about we never assume that the patient is going to do anything and that's what I meant earlier when I said you want the policies to be initialized from a place you trust you want to make sure that licensed professionals are paid and where or another, either annual subscription that $500 or on a case-by-case basis there is nothing about this where I assume that people will ever touch their own thing please picture ethics question that connects with this a little bit so I assume that one of the implications on the system like this patients would have more access and control over their medical records if they wanted so my question is to the extent that we kind of encourage patient autonomy and give them control over their records that's great and I'm all for it there's also this corresponding risk that patients might go ahead and do things with their medical records that sort of ill-advised kind of a paternalistic risk that they should maybe make their records available to people they couldn't make them available to so my question is just to what extent do you think we should be worried about that out of place where you think you'd broadly recognize privacy risks like this or is there room for sort of a later inferturalistic out here Mike, I don't think we know I don't think anybody really knows how we scale what we're doing right now you know obviously the amount of health related information from wearables, from exercise from lab tests from registries like the precision medicine initiative that came to collect everything from the value of social determinants of health in managing access and managing policy we have no idea of how to scale the system relative to what you're asking but I think we have an intermediate step which we are not doing right now which is desperately needed and that is transparency right now when I showed that data map you know the notable thing about it is that whatever happens there is opaque to you when you're dealing with Apple or with Verizon or whatever you get a text message if somebody touches your data if somebody uses 99 cents if somebody logs in there is no lower bound when it comes to something that has such a high economic value and so important in the healthcare system is still designing for lack of transparency and that leads to a lot of security problems you know breaches are discovered six months later because there's no individual notice when somebody's API is accessed effectively and worse than that you cannot develop public policy if the people that care don't have the tools to know how their data is used in this environment you can cross this chasm in two steps is what I'm saying and the first step is radical transparency which is enabled by this ability to run an authorization server that's online all the time and that is enabled by the fact that individuals have secure identities maybe passwordless biometric sign-in that's convenient for them rather than you see what I'm saying so you put in as initial steps to give you accountability and transparency into the system and then we will worry about scaling from that perspective please kind of business model and getting people to adopt this so if we assume that positions and healthcare providers or people would want to create accounts in another system to be able to log into that system to have it all centralized with people and organizations like the hospital system they have a lot of responsibility and legal liability to make sure that the records that they have are accurate and that they're controlling access to those records how do you envision and even if we assume that the patient can't update the information that's there which would introduce another variable but how do we get healthcare providers to be okay with the fact that they're not controlling who has access to information that they're ultimately responsible for it seems like a really tough sell I think kind of in the big picture would be great if we could have all of this information in a central repository and ensure that it was accurate and have it producible and we could take it to whatever provider but if I'm a healthcare provider and more accurately if I'm a CEO of a hospital my worst nightmare is being responsible for a source of data that I don't have any control over I don't know who else has access to I don't know how the users are being verified I don't know how secure it is I don't have control over that so how do we get healthcare providers to buy into that because that just seems like a very something that would keep a CEO up at night what and so this becomes an interesting conversation in itself and if we have time we should go into it it would take a few minutes for me to give you the specifics of how that happens but five years trying to interact with the mass medical society with my committees and my task force and this and that in order to try and unwind the elements of how you do that and at the top level and we are actually implementing this both in terms of the medical society and in terms of the software the free software that we're you know that we're creating and what happens is you look at that hospital exactly the way you described it as combining three different roles and none of those three roles were there in the day of the paper prescription and the actual model, the actual discussion of this is introduced in a paper that you can find on my blog role that won a prize this summer around blockchain health which was a government operated challenge and the use case in that paper is how does a physician write a digital prescription without involving a hospital in other words the institution somebody raised the issue of the institutions the insurance company it's much simpler and more effective to think of the institution as being the pharmacy because the regulations are clear to people the use case is clear and it has direct economic value without introducing the American problems with insurance and so think in terms of these three roles the hospital being combined number one they're holding the health record so they're liable for the breach number two they're credentialing the physician and number three they are dealing with records retention they're managing the legal aspects so in other words the profession the physician has outsourced for convenience in the way we outsource to Google for convenience our Google docs these are Google slides that we're watching the physician for convenience has outsourced all three of these roles to the institution and in order to achieve free and independent health records we have to take all of those three components of the physician employer or the physician institution relationship and make them substitutable and separate it's not that we build a different kind of hospital entity it's that we explode those three roles into self-sovereign identity which we can go into discussions but this is basically managing identity and the verified claims around that identity using blockchain type technology and we're doing that in a project called Rebooting Web of Trust originally seeded with a bunch of Department of Homeland Security model and that's been going on for about two years you have the medical society managing the credentials they're not doing the credentialing but they become the well-known place in the state to find out whether this doctor who claims he's a doctor actually is a doctor and then the health records remain distributed and are dealt with based on who signed whatever entry it was and where you find it by the token server and so in effect you've removed the hospital and you've exploded all three of those things in standards-based way that are substitutable. May I board answer these in the two slides I missed? There's clearly a number of points of failure in place for hopefully graceful degradation for example you talk about a router that's in your house it costs 102 bucks so you know there's a meteor or a fire on the block where you live you escape your routers fry and your QR codes aren't too crisp on your chest and you're unconscious etc etc so and you don't have your phone etc etc and the other edge case is alright they find your records and say let's take X, Y, and Z the answer is no it says you're supposed to take X, Y, and Z maybe you haven't taken them yet for the day and it's critical or maybe as my own records through major well-known institutions in the state show saying he takes an X you know every time I say no I take it a few times a month when I need them or whatever we fix this and so how do you there's clearly a lot of edge cases and points of vulnerability Yes but you're talking about two very different things the most important I raised two different questions that I know So the first one is the first one is very straightforward and first of all it's not very healthcare specific and so the evidence or the practical instantiation which we do show on the YouTube channel HIE of 1 is how do you recover access to your identity to the private keys that you're using to sign prescriptions or to log into hospitals or directories at the medical society and in our case we're using a technology that's based on Ethereum that grants a group of people M of N type situation that are also using this particular and it's being standardized by the rebooting web of trust so you're not in a walled garden and so you as an individual define in the M of N sense a set of friends that you trust or institutions that you trust and people have started to do this years ago with respect to blockchain wallets for example because you don't want to lose huge amount of money just because your thing burned down so we have implemented this kind of recovery and redundancy technology in the sense of how you sign in and what standards you use to verify your claims around that for the part of the question you can't have it both ways if you're going to have self-solving technology and you're going to have this kind of diversity in how people live you know people eat too much people you know go to sun tanning salons or whatever you know at some point in order to have a resilient system you're going to have to allow people to do what they need to do and you're going to benefit from that diversity as opposed to the systems we have now where we have maybe 100 million records or 200 million records breached per year maybe 100 million healthcare alone last year and the reason is that we have this model of a hard shell in a soft chewy middle that dates back to client server days you know you can't institutionalize that second piece of what you're saying please do you have any thoughts on how to prevent commercial interests from invading this sphere and creating essentially a monopoly or a captive market based on access to healthcare and I'll give you specifically I'm thinking you know someone comes in and essentially takes this technology and packages up in a very nice neat way with a clean interface sells that to partners and now if you want to go to any partners healthcare hospital you got to download the partners app partner box sitting on your windowsill you know how do you avoid that it's I do that's an opinion I can't prove it there are three elements that drive to adopting that number one is physicians or professions in general nurses they you know with 21st century cures the recent act nurses have the ability more responsibility for signing and documentation that's great they're licensed individuals lawyers the people that contribute to the policies and deal with making the physician-patient relationship possible regardless of what other infrastructure is in place and then the most important piece is outfits like the pharmaceutical industry or centers of excellence for like doing hips and knees you know you're in Boston or cardiac surgery or somewhere else the people that are actually providing the globalized goods around healthcare like a pharmaceutical company or medical device company or center of excellence have every interest in disintermediating the the you know the aggregators and the data brokers in the middle and because they then share that value with the licensed professional and with the patient also make the similar argument about traditional electronic medical records and the idea of you know institution to institution exchange that there are a lot of outside interests that would benefit I mean I think healthcare providers conscientious lawyers and anyone who benefits from lower barriers to providing quick access to their products would benefit also from electronic health information exchange on the traditional institution model and that has been with 20 years of trying to get those people to talk to each other yes and you know I spend 90 percent of my life dealing with those situations I think it's I think what we've had is 30 to 50 billion dollars of government meddling alone in that aspect of the market both the EHRs and the HIEs and that's why we call our project HIE of one health information exchange of one and that hasn't helped at all and all it's actually done is shown the limitations not just my mother's medication list but just in terms of the efficiency of practice that the level of frustration of physicians now is incredible so yeah it was a blip you know it was a 10 year blip whatever you said it was it was a blip it's gonna go away so just to follow up on that you think it would be fair to say then that kind of but for the sunk cost and the entrenched infrastructure this is what you're proposing here is a more natural outcome of how the players in this sphere interact it's not only that I would say that the professions both legal and especially medical need to consider that if they want to add value as lawyers and doctors rather than as technicians I use the analogy of an airline pilot an airline pilot doesn't have a fiduciary relationship to any particular patient person on that plane they don't control their tools as a result their tools are regulated by the FAA they're provided and bought by the airline and nobody you know nobody complains but there's no interaction there's no freedom or self sovereignty at the edge of that network for obvious reasons that is not the case for legal or medical professions and so when I put there at the top of the list educate the professions I think it's absolutely essential and I don't know how long it's gonna take to get here in Massachusetts and I'm trying to sort of give talks like this and organize nationwide one final question Adrian we've talked about this question before which is where does health data intersect with housing in real estate and I think it's worth noting that the new head of HUD is a doctor so somebody across time named Megan Sandel talks about a housing vaccine can you can you foresee a future when we can monetize personal data from health indicators that have implications for real estate and bring revenue to your ecosystem you envision that's very I think factoring in the social determinants of health where you are your living situation is it becomes incredibly important as we go forward and the place where this crosses into that is nobody nobody is gonna trust you know the EHR system at Mass General Hospital with the social determinants of health so if we as a society are going to factor in social determinants of health in terms of measuring disparities in terms of measuring quality and dealing with the actual problems that we have there has to be another point of aggregation to do these things that data you know they can think and right now data from that implantable cardiac defibrillator does go through the vendor and then through the hospital maybe to the doctor and then maybe never ever to the patient themselves and I deal with patients in like that night scout project where that's obviously backwards so I think that's where we cross into this you know think in terms of how does society gather the necessary information and provide the level of transparency for things which obviously are not going to ever go through that hospital EHR system and your question because it's I can't tell what the goal is you talk about monetizing and well that seems to be somebody's desire to make a profit I generally find any statement or question that's formulated with that word to be suspect but some of the it's from the response it sounds like you're trying to talk about correcting some social problems that make people sick and that seems like a thing we're doing but I can't relate it to monetizing anything I didn't that's why I'm if you flip your word monetizing through saving tax fair money that's the heart of my question the social good that would be achieved by a housing vaccine saves money in other parts of it well this is what Megan Sandel talks about that by addressing the social determinants of the young family's life you may actually reduce the burden they put on the healthcare system or an older person's life like you're 90 I guess it makes sense I think we had other ways of formulating such issues that were more straightforward in the past anything that gets people to pay attention is okay with Megan