The Sovrin Network is creating a global metasystem for identity. Decentralised identity is an integral part of the Convergence Stack, with Sovrin as the premier solution to enable it.
The verifiable credentials paradigm and decentralised identifiers (DIDs) are core to Sovrin and the underlying HyperLedger Indy codebase. Verifiable credentials and DIDs have gained significant traction in the decentralised identity space, supported by many other initiatives including uPort on Ethereum, Microsoft Sidetree, and Blockstack, and with standards being established by the W3C and Decentralized Identity Foundation.
Being able to prove attributes about one’s identity with strong trust guarantees, without disclosing those attributes themselves, while staying in full control of the underlying data, is a powerful concept. Self-sovereign identity on Sovrin allows individuals to present claims such as “my age is over 18” or “I live in New York City” in a cryptographically trusted manner, without disclosing respectively their exact date of birth or a full address, or any other irrelevant, but sensitive, data.
What’s possibly even more exciting is that verifiable credentials can be used for applications beyond what is commonly understood as “identity” into other domains of personal data such as finance, education, and health.
As part of Outlier Ventures’ Research Programme with the Imperial Centre for Cryptocurrency Research and Engineering, six students have created an application of verifiable credentials beyond identity, in the healthcare domain. Data privacy in healthcare has been a challenge ever since the emergence of healthcare software. Unfortunately, data breaches in healthcare systems are ever more common and the consequences can be devastating. From my personal experience, having built SaaS healthcare solutions for a decade, my view is that improving the security standards on the existing model isn’t the answer. We need a different model.
Boris, Jedrzej, Irina, Isaac, Malina and Matej have done impressive work creating a working product built on Hyperledger Indy which can be deployed on the Sovrin network. It fully supports the core use case of patient on-boarding and privacy-preserving storage and exchange of health data. An interesting aspect of their solution is the balance between usability and accessibility on the one hand, and security and data reliability on the other. Patients are in control of their data, while their records are hosted at their doctor’s facilities privately, using a clever way of access control based on using a hash of the password. While this mechanism is not ready for production use, Web 3.0 is in need of genuinely different models of information access and security to be accessible to the majority of users, and this is one interesting approach to further explore.
Have you ever wondered “Who owns my medical information?”, ”Who controls it?”, “Who can view it without my permission?”. As a patient, we want to have our medical information available wherever we go for care but we also want to be in control of our own data.
“A blockchain-based approach would allow patients to become the owners of their data. It would allow the information to travel with them — to every new ED and hospital — both safely and securely. It could be updated as soon as new data is entered. And it could connect all of our medical information for the rest of their lives.” — Forbes .
The solution could lie with a blockchain for proofs of the credibility of digitalised health records, which would establish trust, a must in a system with data as delicate as our own health information. The benefits of a digitised health system like this would allow for easier and faster exchange of health records, while also providing for the integrity and safety of the data.
The market has a gap, which offers an immense opportunity. If we could create such a system, we could roll it out into real health care service providers. The main problem of trust in digital identities and records could be solved via blockchain and its zero-knowledge proofs.
As a team of undergraduate students from Imperial College London, we have paired up with researcher Dominik Harz and industrial sponsors Outlier Ventures and Sovrin to create a solution we’ve called HealthClaim.
The UK National Health Service‘s attempts to digitise highlight the scale of the opportunity
In the United Kingdom, the National Health Service (NHS) provides free health care to every single person within the country. It is the largest employer in the UK and one of the top 10 biggest employers in the world.
In the last decade, the NHS has gone through a series of digitisation attempts. Despite their goals, they did not manage to reach the goal of interconnecting all clinics and hospitals into a centralised database where all the records would be pooled.
Of course, the problem is the massive scale. Interconnecting hundreds of legacy systems in an industry where mistakes cost lives turn out to be a very intractable problem. Perhaps, instead of attacking the problem from the inside and untangling the myriad of legacy systems, we could try to cut straight through the proverbial Gordian Knot.
HealthClaim’s approach is instead to create a digital agent for each NHS instance (such as a clinic or a hospital), which can be a) easily set-up and b) rolled out independently and asynchronously of each other.
Piggybacking onto Hyperledger Indy’s framework
We worked with Sovrin’s Hyperledger Indy product, which provides a decentralized infrastructure for managing identities in a secure way using a distributed digital ledger. Hyperledger Indy store signatures of digital health records on the blockchain, which prove the validity of health records in real-time through its zero-knowledge proofs.
Our product is a Docker agent, which can be installed by any clinic. This supplies the clinic with all of:
- An encrypted local database of health records which can be read and written to
- A website with a doctor and patient logins, where users can be registered and approved, and doctors can issue health records for their patients
- Hyperledger stores digital proofs that verify each information of every health record
- When a health record is sent to a new doctor by a patient, validity is cross-checked via zero-knowledge proofs and trust thus established
HealthClaim paves the way for an easy yet secure way of sharing information between patients and doctors. An intuitive web interface allows patients to securely manage their medical data and control who they chose to share their data with. Neither doctor accounts nor third parties can access patient data they have not been given explicit content by the patient to see.
The following is a feature breakdown:
1. Secure registration — the right to privacy and security is a key part of our system
- Patient: In order to register as a patient, one needs to send a request to create a new account with a username and password to a specific doctor identified by a unique DID (decentralised identifier) number.
- Doctor logs in. They receive a notification about the patient’s sign up a request and sign it.
- The patient is verified by a doctor, their account has been created and is tied to a specific clinic.
2. Allowing doctors or third parties to request specific medical information
- Third parties can request certain attributes of a health record like “age” or privacy-enhancing predicates such as “is this patient over 18”.
- In order to receive the information, patients need to provide express consent to answer the exact query.
3. Allowing doctors or third parties to see patient data that was shared with them
- Only the requested health record information is given to requestors, with HealthClaim verifying that its signature exists on the blockchain.
4. Securely storing and delivering data to authorised parties
- HealthClaim attempts a zero-knowledge proof to verify whether the information supplied has been previously signed by a doctor as valid and isn’t fake.
Coming back to the NHS’s attempts to digitise their operations, HealthClaim could be a solution because each Docker agent is a self-sufficient organism and different agents can be easily tied together via a central lookup table of server addresses per clinic. The diagram below illustrates the abstracted structure:
Insurance integration and government use-cases are the next steps
With HealthClaim, users would have all their health records digitised and credibly signed on the blockchain, which means we have introduced trustinto our digital system. The system now provides even more value via third-party integrations.
Imagine having an accident and receiving a subsequent doctor’s report of it. Normally, making an insurance claim would require you to bureaucratically give your insurance company physical copies of the doctor’s report. Naturally, there’s still the mistrust of forgery present. Furthermore, not only do you have to provide a medical report of your accident-injured knee, but you also give the insurance company a lot of unrelated general medical record data.
On HealthClaim, once one receives the doctor’s report, our 3rd party portal allows verified agents to request specific aspects (claims) from the patient. The patient only has to accept this request and the records are shared digitally, immediately, and are verified. The requests can as granular as necessary, where each piece of information can be requested independently.
But let’s push this idea even further. Now that we have data digitised and, more importantly, verifiable, we can explore more ideas to use this data. HealthClaim can enable use-cases ranging from government health statistics to academic research, done with privacy in mind and user consents. Even more interesting ideas come in the form of private companies paying HealthClaim users in order to use their data.
Imagine Facebook paying us if we give it consent to use specific attributes of our data.
HealthClaim can be found on our GitHub page: https://github.com/OutlierVentures/healthclaim
To install HealthClaim, run the Dockerfile. Then please follow the User_Guide.pdf document, which details the user flows.
This article is for information purposes only and does not constitute investment advice. This article does not amount to an invitation or inducement to buy or sell an investment nor does it solicit any such offer or invitation in any jurisdiction.
In all cases, readers should conduct their own investigation and analysis of the data in the article. All statements of opinion and/or belief contained in this article and all views expressed and all projections, forecasts or statements relating to expectations regarding future events represent Outlier Ventures Operation Limited own assessment and interpretation of information available as at the date of this article.
No responsibility or liability is accepted by Outlier Ventures Operations Limited or Sapia Partners LLP for reliance on the contents of this article.
Outlier Ventures is an Appointed Representative of Sapia Partners LLP, a firm authorised and regulated by the Financial Conduct Authority (FCA).