Innovation in Healthcare: Identity
The number one innovation in healthcare you should be paying attention to – whether you work in tech, innovation management, policy making or digital transformation within your healthcare institution – is private and secure digital identity. This blog will tell you why.
Our expertise in digital identity technologies has led us to develop pilots with a major international NGO and the Turkish Ministry of Foreign Affairs and placing top 5 in the global Chivas Venture award among a thousand startups. We are now about to launch Ana, a digital identity management platform that allows organisations to issue tamper-proof digital credentials which are verifiable anywhere, at any time.
We have covered extensively on this guide about blockchain and identity management how a modern digital identity management system can maintain the security and privacy of its users by decentralising the data storage and by minimising the quantity of personal data stored.
By implementing the innovative technology of Self-Sovereign Identity, users own their personal data and are able to access services from an organisation, proving who they are and ensuring trust without the need to disclose any personal details. This greatly reduces the amount of data an organisation stores and thus reduces the possibility of Personal Data Regulations infringement.
Let’s dive in on the 4 reasons why Self-Sovereign Identity is a major innovation in healthcare:
Patient Identity Management
The importance of identity is paramount in the healthcare industry. According to a World Bank report on The Role of Digital Identification for Healthcare:
“Providers need to know a patient’s identity to access relevant medical and treatment histories and ensure that they are giving consistent and appropriate care.
Patients also need documentation to prove enrollment in insurance programs or other safety nets that cover medical expenses. (…)
Health insurers need to be able to identify patients to ensure that those for whom claims are submitted are actually insured and to facilitate the adjudication of claims based on the patient’s history.
A secure, inclusive, and responsible method of uniquely identifying and authenticating healthcare users over time and across facilities is central to each of these needs and the goal of achieving universal health care”.
Although this World Bank report focuses on the use of unique identifiers – that are a matter of concern privacy wise due to the possibility of correlation – the reasons they present for the importance of identification in healthcare we deem as valid.
Efficient identification becomes jeopardized in countries where identity and information systems are weak. Either because their records are paper based or because their digital identity management system do not allow for interoperability with other systems. Impeding record or data transferring between organisations. Which ultimately leads to less efficient health services.
Private and secure channels for data transfer, that provide trust between health facilities, patients, insurers and government is thus of absolute importante. One that a Self-Sovereign Digital Identity could provide.
Interoperability Healthcare Identity Systems
By using a common identity metasystem, institutions within the healthcare industry could easily and seamlessly verify digital Verifiable Credentials issued by other organisations (and even issue some themselves). A healthcare facility could trust the authenticity of a patient credential without even having to check the actual data there contained.
These privacy maintaining channels would be assured through cryptography and Zero-Knowledge Proofs. The verifying organisation would just have to check the blockchain to verify the authenticity of the signature of the attesting organisation or physician. If the signature matches the one in the patient’s credential, it’s authentic.
And you may ask, “But how do we know whether to trust the physician?”.
Phil Windley, Sovrin’s Chairman, answers this question: “Professionals can also create proofs from verifiable claims written about them to show that they have specific qualifications, certifications, or work at specific institutions. These claims are, in turn, verifiable in the same manner, creating a chain of trust.”
Non-interoperable identity systems are costly for the institutions and troublesome and stressful for the users. When patients arrive at the new facility, the need for duplicated registrations and paperwork increases bureaucracy for one side and frustrates patients in need of care.
“By allowing for secure and accurate identification and authentication of patients and enabling information exchange, they can increase the efficiency of patient management, improve the quality of treatment, reduce administrative burdens for patients, facilitate access to insurance, reduce fraud, and improve data collection.” (World Bank Report)
The digitization of healthcare identity systems is not enough though. Institutions must make sure their digital records are private and secure. Centralised healthcare records pose a major privacy risk for both patient and organisation.
Self-Sovereign Identity is the innovation in healthcare that provides the decentralization, security, privacy and interoperability for a more efficient healthcare system.
Digital Innovation in Healthcare: Birth Certificates
1.2 billion people around the world do not have an identity. Some of them because they never had it in the first place. Having no identity has grave consequences for these peoples’ lives as they are not able to access healthcare, education or banking services.
An interoperable identity system would be the major innovation in healthcare that allows hospitals, midwives or birth facilities to easily communicate a birth to the government who can instantly issue a digital birth certificate.
Access Management in Healthcare
Identity and Access Management Softwares (IAM) are used by companies to authenticate, authorize, manage and create a central repository of their users/employees.
Whenever a new employee is onboarded into a company, a whole new set of accounts has to be created. A lot of different accounts. From a simple email account to databases, servers or even Slack.
Once this employee leaves, all these accounts have to be revoked as they were created: manually one by one. One instance of a not properly revoked credential can open the door for vulnerability. As a malicious former employee can access the company’s network and steal data. This is specially important given how sensitive the information in the healthcare industry is.
Through the use of Self-Sovereign Identity the user would be onboarded on all the different services using his own credential or one created by the company. One that the employee would store on his identity wallet. On the moment of revocation, only one credential would have to be revoked to cut access to all of the accounts.
Self-Sovereign Identity could also be an innovative technology for the Identity and Access Management space by improving the audit trail. For compliance reasons, these enterprise softwares register a log of user access for fraud prevention. Though the method through which that log is created – sometimes a text file – is of concern as privileged users could modify or delete logs for nefarious reasons. Blockchain, due to its immutable nature, could be a prime use case for access log security.