Session Information:

Healthcare information: Creating patient-controlled, standardized, secure and open data structures

• Understand the problems we face with the status quo
• Learn about the “big picture” offered by this future
• Learn about the pieces required to make it work
• Be introduced to work being done today to make it happen

Session Transcript:

First speaker coming today directly from Phoenix, and there is Arizona.

We have Scott Whitmire with us. Scott is a researcher at the Mayo Clinic's Beijing, Phoenix, Arizona. He's currently working with several groups throughout the world to address access, privacy, and security issues faced by patients, researchers, public health officials, and healthcare providers. Scott, I know it's very, very early in Phoenix right now. We really appreciate you coming up and joining us early in the morning, and we very much look forward to your presentation.

Thank you.

Naveen, early in the morning, the Sun is just coming up in the background behind me, a little lightning, as we go.

So let me get my presentation going here.

My name again, is Scott Wittmeyer, I work as a research technologist in the Brain Cancer Research Lab at the Mayo Clinic in Phoenix, Arizona.

And one of the one of the issues that we've been facing as researchers for a number of years is access to data, and how to how to get access to the data we have amassed over the last 20 years.

The largest collection of brain scans and clinical data that we know about and on the planet.

And it's taken that long, and we've had to work with a number of people, deal with all sorts of, of technical issues, dealing with images, and data, and, and even today, our clinical side is all manual curation.

We read records and type data in the system.

The mmm hmm, this is a universal problem.

And so, I wanted to show you a picture of the current state here, or healthcare systems, and, and insurance providers in the US, and other organizations, outside the US, lock data behind firewalls.

And that's a firewall there, and, and act as if they own the data.

And, in fact, legally, the copyright for patient data belongs to that provider.

And that's part of the problem.

As you can see, and one of the things that the.

the Coronavirus crisis cause or showed highlighted, was the difficulty public health officials have in accessing data.

In terms of who's got while we're tracking the disease, an epidemic, figuring out who needs to be vaccinated, who gets vaccinated, who's been vaccinated, we have our reporting system that's delayed it several days late.

It takes a long time to bubble all this data up to the national level. So the information we're hearing on the news might be the lead this information available, But it's not the latest information.

So, we need to avoid it to fix that. So, this is our current, current state.

Among the issues, I see that that the center and that.

Then building there about third parties, health care providers and insurance providers act, as if, you know, they, they do on the data.

And so they, they sell it, and they may, they may de identify it, or they may not, depending on the nature of the thing.

But there are deals going down now with health care providers, including the Mayo Clinic, providing data to companies like Google on Exchange for analytics, What Google does with that data, after we get through, it's not clear to me.

And so, our lab hasn't participated in that, but, you know, we're just not sure what's going to happen with that information, But we understand, that's how it is today.

Patients have little or no say in who gets that data, or how it's used, or how long it's used, for what purposes.

These are some current issues. The biggest one is the patient is not in control of the data. And there's a global movement afoot.

My data global, my data global, is an organization that Finland, that set up too, advocate for individual ownership of their information.

Adjacent to that is patient controlled outpatient data so that the patient is in direct control of their information.

Now, one of the things about working at the Mayo Clinic in Arizona is that we get and semi-annual migration of people, city population almost doubles in the wintertime.

It didn't happen this year because a lot of the people stay at home. But, normally, what happens is we get these hordes of people coming in the move down here for the winter and bring with them.

Files are records, medical records because they have two sets of doctors. They have a doctor Holland. They have a doctor down here and they get care here.

one of the reasons at the Mayo Clinic in Phoenix.

I've seen some of these folder, they can be several inches thick, so portability is an issue.

The other thing that's interesting and struck me as strange is, if you've ever watched a radiologist or a clinician look at a patient's information, they're looking at two different screens. And I don't mean two screens on the same system. I mean, two different systems, on one side, to have the radiology information, the images.

And on the other side, they have the clinical data, and they're going back and forth, and integration of imaging and clinical data happens in the head of The Observer, they're not integrated.

We've done that integration in our lab, so we can actually show, relative to time points, in a patient's treatment cycle, where images of occurred in the information from the images that has been captured, and show that as a graph.

We're the only people that can do that right now, because we're the only place where integration work, patient images are integrated with data.

Data is acquired as a result of providing service to patient. It's not purchased.

In other words, there's no commercial consideration given for acquisition of this data. In fact, the patient pays for that service.

And so the data is acquired as a result of that.

So why ownership sits on? The yellow node rests with the provider is an interesting question because they're not the originator of it.

And in fact, they didn't pay for it.

They have a lot of bilateral sharing agreements.

There's, there's the only way to get data out of an institution today is to enter into one of these bilateral data sharing agreements.

Now, ours in the US are controlled by institutional review boards and the HIPAA regulations.

And in Europe, they are controlled by other regulations, But you still have to negotiate with each sharing partner to get data. And use it and how it's used and when it's used for. That might require re consenting patients may require a lot of paperwork.

Data is salt.

Companies sell data without combat, compensating the patient.

So my personal data, my images, like clinical results would be sold to some company for analytics purposes.

Or whatever else they wanted to use it for through one of these bilateral sharing agreements that I really had no say and I may not have to consent directly for that because they may be some fine print.

one of the content that I signed earlier, that says that the provider is allowed to share data for business purposes.

Then finally, if it's difficult to acquire data for public health and research, as we've discussed, those are two different problems, and they require different solutions, nest somewhat, although the solution will look the same as we'll see an end.

So these are the issues that we currently face.

Anybody who's been involved in the research side of medical, the medical profession, knows what this is like.

If you're trying to co-ordinate clinical trials across sites, you see they have the same problem they've developed explicit data transformation or data sharing languages.

HL seven and fire is used for clinical records.

and these information exchanges are limited because they're a series of bilateral data sharing agreements and that they just agree to share data in that format.

Data is not necessarily available.
8:26
So, what are the consequences of this?

Millimeter data is often shared for profit.

Derived data is owned and licensed, so that the, the company who creates derived data has information. There's been some movement in the, My Data Health Organization, too.

Claim that, oh, continued use of derived data and machine learning, information models and so forth for profit could hamper medical education.

much like.

Some other other things now are use of information is restricted.

Even to the point where you can't share with, with your peers or with your students, because it's, like, you had to pay a license fee for that.

So, they're getting the point now where there's a concern among medical professionals that derive data.

And, in AI learning tools and the results of those, AI learning tools would have to be paid for in order to even discuss which could hamper things like educating younger, young doctors.

So, there's a potential issue there that is just now being spoken about.

An S, that potential harm to medical education. There was a story out of taxes recently.

Well, maybe three weeks ago, about a woman who was, who had breast cancer, but who had been diagnosed as not having any cancer.

And it was actually a receipt, sent a letter by her hospital that said that she had, was found to be cancer free.

Well, it turns out the diagnosis was wrong, and her lawyer and a forensic investigator discovered evidence, and this hasn't been proven yet, but they've discovered evidence that the health care system, which had just been acquired by a corporation, not too long before this, I was actually changing medical records to hide the fact that they, et cetera, this letter, to limit their potential liability.

So we have what, what amounts to, And that's just one example of the various data, modification. And I think this has gone on a number of, times, again, this particular lawyers in this couple of times, and other lawyers that modified it.

So it was a very alarming from my view story to read about.

Now that case is ongoing.

I don't have results for it yet, but the idea that that can happen, and I can see how that could happen without.

An audit trail, is something that we need to worry about.

Then there's this whole patient product mentality.

We all know that.

You know, when, when you sign up for something like Google or Facebook, you're the product, it turns out that a lot of providing provider systems, and health insurance companies, and other other organizations that collect those data, treat the patient as a product, and they sell the data as if it was there.

No.

In our case, in our lab, we've gone to a lot of work to acquire and add value to this data.

I work, I mean, thousands of hours of labor.

So we've added value to it, So that's worth something. But the, that originally came from some patient.

And it really belongs to that nation.

So what are the solutions to this, And this is A What I'm going to propose are, I'm not proposing a specific solution, I'm proposing a shape of a solution.

Which there are nearly infinite number of actual possibilities would be get into the details.

And the idea is that these pressures that we're facing now, and the been exacerbated by the pandemic are highlighting the need for change and there's been a movement afoot for years and it's just accelerating and growing faster to move into a new way of managing health data.

In addition to that, there are pressures on cybersecurity. Healthcare systems are the, one of the main targets for cybersecurity.

Both in ransomware and data breaches.

And the Mayo Clinic in particular because of our celebrity client base is, has very sensitive information and very valuable information in its system.

Now, we have to pay a lot of money every year to protect that data.

We go through a lot of training and we go, you know, information security is one of the biggest biggest things that we have in our system in terms of training, everybody has to go through information security training.

Many years ago, convenience stores realized that if they didn't carry cash on hand they wouldn't get robbed.

Or they wouldn't.

What you don't have can be stolen.

Um, we took that lesson. I worked at Nordstrom's several years after that.

And during the time of the Target data breach, when all those credit card information was stolen from Target, we realized that the convenience stores had a point. If you don't have it, it can't be stolen. And so we were working on ways to get credit card information, or store networks.

Because then we don't have to spend the effort to protect the data that we don't need, anyway. It's not, it's not part of our daily business.

We can rely on the banks to provide that information. Because it's really a transaction between us and the bank.

And then that credit card information, between the bank and the cardholder.

So it's really not our business health status is going into that same mode, present. My next slide here so they can get a picture where we're headed.

Where the expense, the trouble, the effort required to protect data is becoming increasingly honoris in terms of diverting resources, from providing medical care.

A health care system expands a significant portion of its resources to an analog control and protect and, uh, back up and, and make sure the data is high quality and so forth.

What they really should do is collect it, and give it back to the patient.

And there is an organization called Health Record Bank Association that has been established to advocate the creation of health record banks, which is like a data balt.

It's an organization that exist solely to collect and protect information, particular health records, in a way that is controlled by the patient.

So that the patient gives consent, either electronically or some other means, to share that data. To use it. To make sure that providers can access that when they need to, so that, and they're all electronics or everything's electronic, including imaging.

That's part of the puzzle.

The other part of the puzzle is all the technology to make this happen, and you can see here the changes that, um, the records are no longer controlled behind the firewalls. They're used by healthcare systems, and insurance providers.

They're also used by researchers, other third parties and public health officials, but the patients control who accesses that directly.

So if a health care, public health official puts out a call for data, a patient can then beside whether or not there data will be contributed to that.

There are a number of ways to implement this.

But the common characteristics of all of those is the patient is in control.

The data is electronic and form. This is our portable health records that we've been trying to get to in the United States for about 25 years.

It's interoperable. It's searchable. It's organized anatomically, so that data about the brain is is organized by the brain.

So you can search for information by by body part, either macro or microscopic structure.

You can have any number of ontologies for anatomy to use to organize this data.

So it's a matter of just taking a piece of clinical data and attaching it to one or more anatomical structures.

And that's done as part of the data collection process.

So you can say, you could put out a search, the sale line, images, the brain, and I want certain characteristics and so forth.

And the search engine would find that in return, a list of potential patient identifiers, not the data and not the patient that you would then have to go get consent from. And you could do all this electronically.

And it's integrated so that imaging is integrated with the data.

And it's no longer separate, you don't have to go to, even today with information exchanges.

The image itself is actually still behind the firewall where it originated.

It's not part of the health exchange record. The record just points to it, if you'll look at the details of a fire, for example, for an image.

So where does the data live? There are many options in this.

For this case, one is that we could widen the silos and go virtual, and so that they could start out where it is today.

The systems just provide access to these health record systems, which could be a virtual system, where data is not copied, but it just looks for it. Or it's generated.

Companies like Cerner, and Epic could then provide gateways into their data, which they don't today, and getting the information that it is a monumental task for somebody who's on it.

And Cerner, which was not to rub dirt on Epic Cerner was just as bad because we used to be on Cerner.

Then, Mayo Clinic was systemwide over the course of three years to ethic.

The the problem was getting data out of the clinical data clinical system was.

It was just that there was no gateway to do it, it wasn't easy to do. And so we kept the manual process.

So you could widen the silos and it required work on the part of Health care system to provide access to this information.

Or you could create centralized stores of data and create these health record banks.

How it goes enough, in the future, I think, is predictable based on pressures that are driving the process in the first place. We're going to start with modified cells, because nobody's gonna just also send their data to a bank.

First of all, are no, no, thanks around a doodad, and secondly, the health care system is Barry, Conservative, in terms of being risk averse, will eventually move to health record banks and data security can drive that.

The problem today is that if you insist on protecting data, you have to be world-class at data security, and information security, and not.

There isn't a health care system in the world that can afford to be world-class information security specialist.

So what's gonna happen is you're going to hire information security specialists who run these data balls, and their sole function is to protect data. So they're going to be really good at it.

And I think we're going to be driven there by security. I believe that the payment card industry has already been there today.

It's very rare that when you purchase something online, that when you go to enter your credit card information, you're not talking directly to the bank.

You're on the bank site using a secure connection.

Outside the merchants, visual in, what they do is they send you to the bank side bank, takes the information, evaluate your card, and send that token back to the merchant.

That token is generated identifier for that payment card. That's unique to that merchants so that the bank now knows that when that token shows up, it's from that merchant. If it's not from that merchant, it's fraud.

And so, that's one of the advantages that happened over the last 10 or 15 years or so.

So, the medical records are gonna go that way. And it's just a matter of.

The good guys, versus the bad guys.

And the bad guys are always a step ahead and how that's going to happen, is that the health records are just going to, you know, providers are gonna say, We can't afford to do this anymore. We're going to focus our resources on medical care.

So, we're gonna turn it over. The other question that's going to drive this is, who pays for it?

Who pays for this? The centralized records in this new patient control system?

If providers continue to pay forward, either providers or payers, they're going to act as if it's their data just like they do today.

So, we're going to good behavior that we don't want.

And it's not nefarious or anything.

It's just, it's just human nature and behavior like that.

So then we're going to have to move towards a situation where the patient pays for that, for that storage. And the health record banks.

And one of the advantages of the health record bank, at least in the latest virtue that I've seen, is that a health record bank costs about 5 to 10, maybe $15 per year, per patient.

So the cost to the patient might be $20 a year to store their data in the secure vault and provide all this necessary access.

Now, access is the hard part, The vaulting part, and getting the data there has been the easy part so far. That's, that's, we don't have to do that.

The problem is what happens in the meantime? And how does it all work?

How do you identify patients who provides the identifier?

And there's a lot of work on, and I presented here the trust over IP architecture, which is the product of the crossover IP Foundation, which, one of the groups I'm working with.

And they're there, position isn't necessarily health records, but their function is this four tier architecture of digital trust that you can see layers, 1 and 2 are digital trust in terms of communication techniques and then layer 3 and 4 are ecosystems and applications built on top of that.

Layer one are these utilities.

The World Wide Web Consortium has developed some standards on distributed identifiers, which is a self sovereign identity.

The issue to be solved, yet there, is, it uses blockchain or a ledger list method called Carry two.

Using ... purposes, they're both publicly available.

Data that allows anybody to validate a digital signature.

The problem is, how do you assign, make sure that, that somebody who claims to be Scout Whitmire isn't fact Scott Webinar, in terms of creating these identifiers?

And so initially, there's going to be some identity validation of who is, who is the person or the entity creating this identifier?

But once the identifiers created, it's immutable.

It can easily be verified, and its history is known.

Level two, are these wallets, and they show a mobile phone, because Apple Wallet Google Wallet.

Electronic wallets for payment cards is the applicable model here to show how things might work. And so you would get notification on your wallet that somebody wants to access your data. You'd be able to query them and find out why there would be some communication work. But I'll be with the wallet.

The wallets then decide.

The wallet vendors decide which blockchain used or whether to use a blockchain, so that's all determined by the wall, the vendor.

So they decided, What happened, the layer one?

At Layer three, we have, what are known as verifiable credentials, and a verifiable credential as a digitally sign entity, payload.

It might be attached to a medical record, it might actually be the medical record.

We have it depends on what whoever implemented besides, So there's this is where the opt ins start, explode.

But the verifiable credentials the digitally signed, cryptographically signed document, that can be verified as to the provenance and whether it's been modified. So this would solve the problem of a health system modifying health records, because you could prove that they sent that letter, and they could not erase that drug, that track.

And so that the various modification of records is no longer an issue, because you can tell when that happens, and it's all publicly available information. Now, the contents of those verifiable credentials, so it's not available. That's not what they're all encrypted information itself was, is usually kept separate from what they call a DOD documents.

But the documents are information about metadata about the credential, such as, who sent it the public key to decrypt it.

The, know what its history, as it has been applied when it was created, what blockchain, it's on an acronym, and where to go to find the actual contents.

So this is what that layer three verifiable credential.

And, right now, we're working on building verifiable credentials or all of the fiery sources that we use here in the United States.

I love Art Layer four, is for the applications, that, this is where the, the, the worker, the people live, the healthcare systems, the providers, the researchers, the public health officials, and the patients all live and work and later for using applications that are built on the infrastructure below.

So, the technologies in layers. 1 to 3 are blockchain, new.

Leger lists, replacement, that doesn't require a blockchain, called Carrie.

And then self sovereign identity is one advantage of carry that we've been looking at. Is somebody, well, actually, it was me asked the question.

So, what happens when the blockchain provider decides they want to quit doing business?

And, Or what happens when your health record bank wants to go out of business, and they just want it? They don't want to existing where they got sold out, or that the owners retire, or whatever, because organizations don't exist forever. So, we're looking at keeping records in perpetuity. So carry as a way to do that because it doesn't require any infrastructure.

Other than the utilities, to interpret the information, doesn't require somebody to maintain a blockchain. It doesn't require the sovereign network or the, the other blockchain networks that exist.

Self.

Sovereign identity is a self organizing self managing set of utilities that work on several principles of cryptology, And so, that doesn't require an organization to be there, either.

Did com, is a specification put out by the World Wide Web Consortium that supports the, oh, communication of, at at Layer two, and one of the properties of that, that standard, is that organizations can create private key pairs.

In other words, a public private key pair for between them and another organization, so that that when Mayo Clinic communicates with Banner Health, for example, here in the Valley, they use a set of public private keys that exist only for that communication.

So they always know that when a communication is legitimately from the other party on that, on that line, so that is similar to what the banks have done with merchants.

And so when when a patient communicates to a provider, they'll use their private key.

Not only that, only the patient is on the on the patients, in the patient wallet.

The when the provider then shares that information, based on the permission the patient gave them with another organization, they'll use a different private key to encrypt that data so that the receiver that it knows that it came from the original provider.

So that's what layer two is all about, and it provides that information, that ability, and it's fairly slick.

If we just and then it's about ready to go live or a number of things.

one of the things we're looking at is Koby vaccination Passports.

Europe is looking at implementing that and there's a group that's fairly far along in that, using this kind of technology.

Layer three, we're talking about fire and HL seven, for structure only, it would be the that structure so that anybody who has a health exchange good actually interpret the data.
29:33
Then there's an art and architecture called Overlays Capture Architecture, which is a series of overlays that allow data to be modified in and passing, without actually changing the original schema.

It makes it easy to translate, to add labels.

To do it, customize it so that receiver that Eric and apply their overlays to the data that's in the thing and the original resource.

And in effect, convert it to their systems like XML transformations in real time.

And that's, that's been around for awhile and we're making use of that.

So the Layer four ecosystem looks like this. The.

We have an issue or an issue where somebody creates a verifiable credential.

And then there's a holder, and this is particularly driving IDs, but it could be any verifiable credential.

The holder is probably the patient. So they're going to have this. Their health record bank is going to hold their information.

Verifiers going to access this health record bank and then verify the issuer and the with the governance authority that this hasn't been modified.

That is, in fact, who generated it and end up the whole process. And this is all happens under the covers.

The governance authority is an organization that organizes all of this and writes the rules and decides who gets to play and what the, what the costs are.

And, and I labeled that the hard part, because it's not clear, were that authority should, should rest probably, not a government, but that's probably where it's going to start.

I think somebody, like, the Veterans Administration is going to be the first out of the gate, and that kind of thing.

And hopefully they, their transformation is not a typical government project, but more along the lines or something like this, where we get truly portable records that we can then extend this ecosystem to other parties or the religious, the Veteran's Administration. So it's not a closed system.

So that's, that's the thing I'm working on right now as is who should be this governance authority, right?

In the payment card system that's mastercard, and Visa and Sunlight American Express.

And some of those, like Discover, those are all governance authority, because they create rules and methods and processes for making the thing work.

Now what would be the the job of the government authority? Now, the question is, who funds?

You see here a couple of options that could be a government agency, could be somebody like the World Health Organization, United Nations, non-profit organizations, foundations, or health care systems.

Could be insurance companies, or for-profit companies, could be, could be a governance system, that could be all of the above.

I mean, the sun, any organization created, it can create a network. And all I gotta do is get patients to sign up for it, and pay them to maintain it.

And then what goes on, how they organize it behind the scenes, is hidden.

And so you could have some, some networks that are virtual, all where the data is controlled by the providers, and maintained by the providers virtual.

But it looks like as health care record, or Healthcare Banker health Record bank, And other organizations will create health record banks. And, in fact, the health record bank may, in fact, be the government's authority and sign patients up.

And then they create agreements with our health care providers to participate.

From the standpoint of accessing it through the wallets and so forth.

They would all work the same, so it wouldn't matter to any user how this stuff was organized under the covers.

Big question is, again, and I mentioned this earlier. How is it funded?

How do we pay for this? Who pays for this?

And, and that's a difficult question, because ownership goes with who pays for it?

But, charging patients for that kind of thing is difficult to get started.

So it's, uh, it's an interesting question that hasn't been solved yet.

And I'm open to the input if somebody wants to join the effort.

We have a lot of room and a lot of activity am involved in an article, a standard that is defining what amounts to verifiable credential structures at Layer three to be used by such an ecosystem with the ethics of go along with it.

So there are some, there's a lot of effort already, that you could join and participate, if you want to.

So, with that, I'll terminate my presentation a little bit early, couple minutes, and then we can take, we can go into our question. Period.

Thank you very much, Scott. Fascinating view of what's going on.

I think that, well, I certainly did not, did not know about all that's going on behind the scenes in this area, and it's fast.

And so, um, you know, you discuss this a little bit already, but just to, to reinforce, we're kind of the groups that are collaborating to build this, this, it seems like a vision and a structure, and governance that's being built right now. What kind of the main groups are collaborating on there?

Well, the main groups are my data, as a health organization that is advocating patient control of data, they're not actually implementing any of this there. They've been advocating, they're out of Finland.

And they've been pushing for standards and policies.

Very light on implementation. The Tech Trust Over IP Foundation was formed last year, as a matter of fact.

Um, And its job is to build the infrastructure that these ecosystems can live in. So, it defines the rules for what happens, the Layer one, the communication between layer 1 and 2, of that whole technical architecture part of it.

So they're driving the technology behind that.

But even, they're not really focused on health care records, there's people like me that look at health, my data.

And the I triple E standard, that is going on, and, and the trust of R P, and say, you know what? All these parts to play a role.

And so there's a small group of us, probably 10 or 15 people, right now, worldwide, that are working on integrating all of these options and policies, and trying to figure out how to make this work.

So that's, it's come together, rather quickly, in about nine months or so, But it's taken a number of years to figure out what the problem was, And then, where the parks are.

So, the pieces are all available, it's just that nobody's built the thing. We've got the pile of lego bricks.

We just haven't built the model.

Very, very interesting. And a legislative standpoint, is there anything happening in Washington, that, that's along those lines? Or it's a big influencer to what you're doing, here?

Yeah, the, there's Bend a long running debate about national patient identifiers here in the United States, which would be roughly equivalent to a social Security number, and probably just as valuable.

The problem with Social Security number is that it started out as an identifier, public identifier, so it was like your name.

The problem is, is it's gotten extremely valuable, because it's used to access all sorts of information.

So now you have to protect it.

Well, a medical record number, which every provider that I've contacted has one for me, is just as bad, because with that number, I think actually get into it. So identifiers probably won't work.

But that's been ongoing, and there's been some debate about whether or not that's even a good idea.

That effort has been going on for probably 20 years or more.

Europe is doing some other things and then their their data sharing regulations are getting more strict and patient control or personal control the right to be forgotten and that kind of thing are hampering some of these efforts.

I think that the biggest impulse will be something like the Veterans Administration Transformation Project, and they go down the right path, or a path where the data is more of an open structure, even though it's a closed system.

Because it's closed in the sense that they only have to be the only people who can play at the people they invite, So there will be a great governance authority.

But if they go down that route, then, that would be a huge influence towards everybody else following suit.

Somebody like the Mayo Clinic of Providence is working on with a company called Medic, which is building a similar system for the Provenance families, of health care systems.

So it's going to happen, eventually, and we'll see, you know, how long it takes, But it's the Wild West at this point. There are no rules.

That's, that's fascinating.

William Fuller, Sess, what a fantastic presentation, and insights on the, On the, On what's, on what's happening, in this area. And he asks, first of all, his thought, was a great concept. You have a great concept slide there, and he says, imagine that, the patient, actually being the central focus of healthcare, because that's what the picture that you had, what a novel concept, and the, and then he follows that up by asking.

What do you think it would take to make individual health data owned by the individual, by the page patient, much like intellectual property?

Do you ever see that taking place where, you know, I own my data, and, you know, it's my intellectual property type of thing?

I do, and I think a number of things are going to cause that the app, but I think legislation will drive some of that. Think healthcare systems, all the right side that, you know, what, I don't want to be responsible for this anymore, So I'm going to give it to the patient. Let them protected.

Because the information security and the cost of the data breach are accelerating astronomically.

I mean, they're just exponentially worse.

So that liabilities and a drive that, you know, once once a health care system loses a bunch of patient information, which has happened.

Yeah, but it hasn't been one of the major breaches much like a target credit card information. Once that happens, you're going to see a scramble for something like this because liability is going to drive it.

So, the idea then, would be from a health care provider system, is that, OK, we've collected all this data, we need to use it, but we don't want to own it, We want you to take care of it.

And, and, so, that's going to drive the development of such an ecosystem, I think that's part of it. Legislation may started.

That's excellent.

Another question that comes up is that, there is at least a perception that the Europe is farther ahead when it comes to this topics, In terms of discussing these topics and taking maybe some legislative action on the on patient, data protection, and distribution and use, and so on, so forth. The question is: Is that perception real or not? And that is, is era of ahead of the game right now? Is there are lessons for us to be, to be, to be gained from looking at what they're doing.

Yes.

In terms of, uh, perception, in terms of ideas. Looking at, you know, there's the of recognizing the problems, you know, my data is coming out of Finland that was started in Finland.

There's a whole movement afoot to protect personal data and Europe is by far ahead of the United States in terms of I'm moving towards personal control of information.

The U S is way ahead in some other areas from a technology standpoint and figuring out how to make all this happen.

But then in terms of understanding the problem and moving towards a solution, europa's is ahead of us.

I think the first systems will be implemented there, mostly because their environment is set up to receive that much better than ours.

Um, we have a number of huge roadblocks that will have to be dealt with in the US, in the marketplace, just didn't make that happen. So, I think, in that sense, the perception is real.

We're learning a lot in terms of why a person should be able to control their own data.

I mean, that just something that never occurred to us until a few years ago.

Is there a framework, the framework that they seem to be moving with, similar to what you're proposing here, or it's something that's, that's significantly different.

Over proposing would be compatible with their system, I mean, there are rules, data sharing rules, and so forth. Once the patient is in control and controls the keys to all that data access, we've met their regulations.

I think that the system we're talking about is not necessarily designed to satisfy their problem or their regulations, but it certainly would.

We're looking at something that is truly global because we have.

all of my activity in this area as early in the morning here, because a lot of the pupil In Boulder in Europe so we are working across the pond already and with Asia as well. So it is a truly global effort.

Very good. Another question that has come up that I'm looking at here as an overall theme has to do with the readiness of this underlying technologies that you talked about, I mean, blockchain, yeah. It's it's there perhaps how mature this technologists to support what you're proposing here or aware, which areas you think that there still needs to be no significant technology development before we can materialize this vision.

Um, Blockchain is fairly well established.

They're working on implementations carry, which tasks, key that logs back and forth to validate.

History of a key, basically, it's how you validate the provenance of the document.

The, the, the distributed identifier is up and running. The Sovereign Foundation has implemented that and was working on that for.

Identifiers, like driver's licenses, there's subgroups and Europe's trying to put their passports online, that kinda thing. Simple, things like that. So, there's a number of efforts to do this, so there's the technology is progressing.

It's not ready for prime time yet.

It will be by the time.

The market is ready to receive it because that's going to be the hard part.

Um, so it's not mature at this point.

Buddies, threats imagination, but it is being used And it's the same technology that is being used in other areas where you want online documentation and Digital Trust.

And so we're piggybacking on efforts that existing now. So we're not creating anything brand new.

And it's further along than you might think.

We have time for one more question, here, so you mentioned this, but I want to follow up and make sure everybody understands. There are different organizations who are working on this, on this system right now, in the, or, maybe, this vision and developing what's needed.

What is the best way for people? Lots of people in the medical community here are asking, you, know, how do I get involved? What is the best?

maybe entryway for participating in some of the discussion groups or supporting somehow? Are there any resources that you could share with us?

Yeah.

The two organizations, my data health and trust over IP, allow individuals to join at no cost. Basically sign some non disclosure agreements, or some, some documents that you agree to play by a certain set of rules, and they participate.

And you're a full member. I'm an individual member of trust over IP foundation. And I participate in a number of groups.

They have working groups and task forces.

And even project team to get involved, or right now, there's three of us that are working on, on translating fire, using creating OCA overlays for fire. So we can, that's the data layer.

There's an I Triple E standard organization that is involved in creating the data structure, which is the, you know, what are the entities that are the data model that is required for this online medical record and how do you connected to anatomical structures.

And actually, we're recruiting participants on that Standard now. So, if you wanted to connect me, I could, I could route you to any one of these organizations.

So there's that I triple E standard effort.

There's the, my data, there's trust over IP, and are all accepting participants on an individual basis and at no cost?

So, it doesn't, you don't have to pay a lot of dues just time. It's a lot of time.

That's that's, that's right, Scott. What a great presentation. Great insights on, on this vision, Such an important area that I think that that is built awareness to so many who are with us today. So, thank you for taking the time to share that expertise with us. We really appreciate it.

Thank you. Thanks for the opportunity.

Thank you. Ladies and gentlemen, that was Scott Whitmire, directly from Phoenix, Arizona with the Mayo Clinic, talking about this very important questions about patient data, and, and rights, and the governance for that. I mean, these are very important items in our current health, current, and future healthcare system. So, great insights, really, really pleased by that, By data coverage, which we don't see very often. Honestly, I don't, at least from my perspective, I have not seen to address at that level of depth on, on what's what's happening. With those organizations. There are building this vision and framework for, for patient data. We're going to switch gears When we come back up at the top of the hour.

We're going to be inviting our, an operational excellence leader from Sanofi. She is the leader for research development in North America first for Sanofi, and she's going to talk about empowering excellence in research and development. We can do better science by operating more efficiently and where you do not want to miss that from one of the top operational excellence leaders in R&D, in, in this space, and we're going to be back with her at the top of the hour. In the meantime, for those of you have additional questions or want to know what speakers are saying, we want to know what participants are saying.

Check out the LinkedIn posts that we have for for this session is, under my name is Joseph Ferris on LinkedIn, and you can connect with Scott Wittmeyer, by the way, directly from that, because I have his name listed there, Just click on his name, Connect with him, tell him in your invitation that you're attending, vetoes Healthcare Live and you want to know more. You want to participate in some of those groups that he talked about. So, there are updates that I post on a daily basis to that posting on LinkedIn.

So, engage on that. If you have additional questions.

You can contact one of our speakers, that is best, Beth, for you to do that. So, thank you for now. See you back up at the top of the hour.