The internet was not invented with humans in mind. Not from an identification perspective at least. Instead, the trail of who did what goes cold at the IP address of the accessing device. What lies beyond is a murky puddle of semi-representative usernames at best, or a fictional, possibly nefarious actor at worst. The Identity Paradox submits that we are quite happy being anonymous to the world, but we absolutely demand to know the identity of the person with whom we are interacting. Even more so when it involves our children.
Trouble is, humans have moved into the digital realm. We are sat at the edge, feet in the matrix, doing sometimes quite serious business. We purchase and sell across digital borders, sign contracts and transmit sensitive documents to the other side of the void – hoping we reach the intended trusted party.
People, however are not digital. Unlike the sci-fi movies we all know and love, it is not possible to extend a hand or eye across cyberspace to verify the person on the other side. We simply have to trust in the security standards of the day.
Until fairly recently, that standard involved the use of trusted third parties via a centralised server. The level of KYC (know your customer) employed depends largely on the risk or legal frameworks in force. We all accept degrees of reality on the internet with which we choose to engage. When playing an online game, it is considered the norm to create an avatar with an often hilarious name. The beauty of the fantasy world is that it becomes possible to be a blue dragon with seven legs called Steve that battles Joan the purple unicorn. Whether Steve is in her teens or Joan is actually John is mostly irrelevant and perfectly acceptable.
A telemedicine consult on the other hand is a different kind of beast. The first thing we learn as doctors when seeing patients is to establish we have the correct individual. We are obliged to match the name of our clients against the medical identity bracelet on their wrist – before engaging in any sort of confidential conversation. Failure to do so in this scenario is potentially devastating for all parties concerned. Even the insurance companies get a little twitchy when medical fraud is committed.
This works, of course, in both directions. When Mr Smith calls to ask for advice from Dr Osborne, he expects her to actually have a medical degree, and a license to practise appropriate to his requirements.
It can be argued that patients don’t generally inspect the university and regulatory paperwork of their physicians before confiding in them. We all know of cases of medical imposters. But it’s several degrees harder to pull off a bricks-and mortar con than to pretend to be a family doctor over the phone.
Trust – that word which the blockchain community loves – is all about data integrity and the ability to self-verify claims as true. It is certainly the case (once consensus is reached and a hash of the ‘truth’ is firmly stamped ad infinitum into the ledger) that those seeking to verify a ‘fact’ can use the nifty cryptographic keys provided to match that which is being claimed. Unfortunately, in the same way that card-not-present fraud doesn’t need the owner of the card, a private key that has been compromised does not necessarily represent the human to whom it belongs.
Thus, the blockchain solutions offering patients the ability to transfer control of access to medical records for telemedicine appointments still need a robust identity solution – for both parties in the transaction.
Well, that’s OK you might say – we can use a blockchain identity platform. Sovrin, Civic, uPort, IBM and many others claim to have found an answer for their users. Truu.id and Hashed Health both have interesting approaches under trial for provider credentials. It’s definitely progress.
However, these solutions generally work via attestation and probability. The higher the number of reputable third party providers there are attesting to the claims an individual makes about themselves, the more likely others can be confident of the legitimacy of each assertion. Probably. Proving ownership of said blockchain ID still requires a private key to be known though – and of course, these can be compromised.
I look forward to this being solved. As healthcare evolves and the blockchain ecosystem grows, the dreamers amongst us envision one giant interconnected data corpus. Sharing this virtual body, the insurers, providers, researchers, regulators and clinicians all act in symphony to create an almost living organism whose whole is greater than the sum of the constituent parts. In this online game, all players share the risks and responsibilities but more importantly, the rewards. They just need to prove eligibility to play.