Editor's note:This article was published on February 19 in the overseas industry **Health Data Management, which is one of the series of documents published by the American College of Health Data Management ACHDM.
With the growth of data exchange in the healthcare field, people gradually realize that the transformation of the identity system in the healthcare system to a "decentralized identity system" with stronger security, privacy protection capabilities and higher efficiency is an inevitable trend.
In a previous article, we delved into the "double-edgedness" of AI tools. On the one hand, tools like ChatGPT offer incredible convenience and efficiency, increasing the productivity of many people. On the other hand, these advances have also increased the ability of "bad actors" to wreak havoc by "easily revealing identities and credentials."
So the question is, how do you solve the problem of safety in healthcare?
Faced with this problem, we first need to be clear: cyber attacks are not the core of the problem, but the "symptoms". As people push healthcare to go digital, the industry suffers not only from the benefits, but also from the long-term "drawbacks" of the digital environment. There are pros and cons to everything, and the adoption of digital infrastructure also poses a "full internet risk" to the healthcare system.
The root cause of the healthcare cybersecurity problem is "a genetic disease that has been circulating online for a long time."
The problem is with the digital ID
The healthcare industry faces poor security of digital identities. Whether we're talking about individuals, organizations, servers, or applications, everything we interact with is a digital representation of "identity." These identifiers are the basis of our transacting capabilities. To date, we have lacked the tools to address the authenticity of digital identity.
In short, an exchange of identity information occurs when you try to log in to any **. Your computer will usually be certified by a third-party certificate authority (CA) to see if it is indeed what it claims to be. The ** then attempts to verify your identity with a username and password, or to hand over the identity issue entirely to a third party or centralized identity provider.
Most of us – often unaware – have anchored our digital identities to centralized systems. Whenever we choose to "sign in with Google" or "sign up with Facebook", we give a part of our digital autonomy to these tech giants. Centralized identity systems, while convenient, are also vulnerable.
It is also important to note that for such a centralized system, the destruction of just one of them can access thousands of records, which means that they (such systems) have become a treasure trove of hackers.
But what if you could self-authenticate your identity without relying on a third party and get security that goes beyond the "industry standard"? Decentralized identity offers a novel approach to self-authentication that has the potential to reinvent trust and data exchange.
Decentralized identityimplementation
The term decentralized identity (DID) may seem a bit contradictory at first glance. After all, we're used to associating identity with something "centrally (managed)", whether it's a passport issued by a country or a username and password managed by Google.
Decentralized identity aims to return control of identity data to an individual or organization. Decentralized systems do not rely on third-party authorities or intermediaries to "assert" identities, giving users the ability to control their identities without having to be externally verified at every step.
On top of that, decentralized identity solutions can tie participants to operations through digital signatures (this will be discussed in the final article of this series).
DecentralizationScope of technology
While the term "decentralized identity" is futuristic, its essence is the convergence of old and new technologies.
In 1976, Whitfield Diffie and Martin Hellman unveiled their vision of a "public and private key infrastructure (PKI)" to the world, thus laying the theoretical foundation for decentralized identity.
However, it is only recently, with the advent of technologies such as blockchain, KERI, W3C, etc., that decentralization has really started to be realized. A few examples of applications include:
Blockchain.
Blockchain is a cryptography-based distributed ledger technology in which identity events are recorded in chronological order. Blockchain proponents believe that the technology is transparent, immutable, and capable of operating without a single authority. Despite its token-related relevance, blockchain itself is already starting to find adoption in the healthcare sector, such as UCLA (a group of UCLA law and business students and faculty focused on educating and engaging with the blockchain technology community in Los Angeles) and organizations like Bruinchain.
Key Event Receipt Infrastructure (KERI) for critical event receipts
KERI is a unique non-blockchain solution. It does not require "global consensus" to ensure "global uniqueness" and does not need to be tied to any specific blockchain or authority to operate. KERI provides a self-authenticated, ultimately verifiable identity without requiring everyone to be on the same distributed ledger. A good example of KERI is GLEIF's VLEI, which creates a digital version of a "long-lived Legal Entity Identifier (LEI)" system.
Together, these and other technologies underpin decentralized identity systems, providing a new way to protect, verify, and share identities without relying on external centralized validators.
Decentralized identityGivein the field of healthcarebenefitsplace
In healthcare, personal health data (PHI) is very sensitive and extremely valuable. On the black market, medical record information is often sold for 10 to 40 times the (compromised) credit card number. The adoption of decentralized identity can lead to revolutionary improvements, including:
Safe.
Healthcare organizations often operate centralized databases containing sensitive patient information, from medical history to genetic data, and these "treasure troves" are prime targets for cyberattacks. By moving to a decentralized identity model, the need to store large amounts of comprehensive data in repositories is eliminated, greatly reducing the risk of large-scale data breaches and ensuring the security of patient data.
The "real win" in healthcare for security is not (in the manifestations) of an invulnerable network from a security perspective, but rather in the "destruction" of the data treasure trove itself, which will make the attack disappear.
Privacy and Patient Rights.
Who exactly has access to their records" – a question that often bothers patients. "Identity sovereignty information autonomy" can help patients take control of their data. For example, they may choose to share specific medical information only with certain specialists, rather than sharing their entire medical history with someone they are not sure about. This will help protect patient privacy and reduce the "vulnerability" of patient data in the event of a breach.
Interoperability.
Today's care often involves multiple people on the care team, from primary care physicians to specialists, laboratories, and pharmacies. Decentralized identity can be achieved – where necessary medical data is "seamlessly shared" between these service providers without compromising the right to privacy. Without the need for repetitive testing and paperwork, every healthcare provider** has access to the information they need.
Reduce dependency.
By eliminating third-party intermediaries in data validation, patients and service providers can build direct trust. This is especially important in emergency situations, where quick access to accurate medical information can save lives. Think of the 2020 "extreme data chaos" (a reference to the 2020 U.S. vaccine data chaos), where some states, such as Alaska, needed to call in the National Guard for data entry to address the problem of data disconnect between different systems.
Integrating decentralized identity into healthcare not only streamlines administrative processes, but also improves the quality of care and patient trust.
Decentralization in healthcareIdentity system applicationsThe Challenge
While there are compelling cases for decentralized identity systems in healthcare, translating technology from vision to reality means tackling a range of technical and cultural challenges, including the following.
Retirement, replacement, and incremental revenue.
Healthcare data exchange happens all the time, which means there is little opportunity to pause the flow of data to complete a technology refresh. "Downtime" is an important metric to measure the success or failure of a (technology refresh). Therefore, the right "open way" to implement a distributed digital identity system is to reduce downtime for mission-critical systems by "incrementing across time."
Global standards.
Health regulations vary from country to country. Decentralized identity systems must be flexible enough to adapt to different regulatory environments. A successful system must rely on open-source, open-protocol, and jurisdiction-free technology, and "proprietary technology" is the antithesis of a decentralized system.
Key management.
Cryptographic key management is the root of decentralized identity. Today, this daunting task is undertaken by CISOs and their teams, along with paying a third party to host encryption keys, which is less secure. When we hand over control of these keys to actual users or "edges", key loss or compromise becomes a pressing issue.
Digital identityfutureway
The advent of decentralized systems has allowed us to "see the future", and with the help of decentralized systems, healthcare data is no longer attractive for those with bad intentions. The healthcare industry is at the forefront of this wave of change due to its complexity and high demand for trust and privacy.
The combination of healthcare data and next-generation identity solutions is no longer a question of "if," but "when." From technology innovators to healthcare professionals, regulators to patients themselves, stakeholders have begun to collaborate to create a future of safe, patient-centric, seamless and efficient healthcare.