There’s an untold number of parties – insurance companies, government organizations, researchers, electronic healthcare records solutions providers just to name a few – that are in-line to benefit or even profit from your healthcare data. And you might not be surprised to learn that, ironically, you – the patient – could be last among them in terms of benefits gained. In a perfect world, the patient should be at the top of the list. But the ugly truth is that you’re closer to the bottom of the list than the top. Even though it’s your data – after all, it came from your body in a manner of speaking – you have almost no control over (or knowledge of) who gets it, under what terms (cost, duration of access, etc.) and what it gets used for. 

How we got here over the decades is practically irrelevant. We’re here and, with the exception of the companies that have been monetizing that data in some way (as many have), most people would agree that the current healthcare data status quo is an inefficient (and oftentimes insufficient) mess. Especially in the United States where a variety of government initiatives to disentomb trapped healthcare data haven’t done much to move the needle. 

As an oversimplified example, in the context of solving a personal health issue, it often takes an act of God to seamlessly share your healthcare data between two caregivers who work for different organizations while at the same time, there are several other organizations (ones that you might never have heard of) that have no trouble profiting from that same data. To patients seeking expeditious care, the entire system seems upside down; designed to impede the remedy instead of expediting it.

Today’s Electronic Healthcare Recordkeeping: Ripe for Disruption

However, where others see a nearly unfixable bureaucracy, Jim Nasr, CEO and founder of Atlanta-based Acoer sees an opportunity for disruption; a chance to rebuild the healthcare data ecosystem in a way that puts the interests of patients ahead of the organizations who profit from their data. In Nasr’s view, it’s not just about patients taking back control of their data, but also about empowering them and their caregivers with the agency to discover emerging therapies or similarly afflicted patients who better match their blend of medical conditions and symptoms.

From the industry’s perspective, it’s financially infeasible for researchers and drug manufacturers to allocate resources to seemingly rare disorders. Investments into their remedies would very likely outweigh the resulting global efficacy. But, given the degree to which most healthcare data – even in anonymized form –  is disaggregated across proprietary silos barricaded from one another by costs, technical incompatibilities, or both, it is pretty much impossible to truly know the population size for a given affliction. Meanwhile, as the healthcare establishment continues to rely on limited, stale, or even flawed data to make business decisions, the lives of actual patients hang in the balance. It’s bad enough to have been victimized by a disease. But to be victimized by “the system” as well, and to deprive patients of their agency to take action is an addition of insult to injury. 

While there’s no single smoking gun to which this unfortunate status quo can be attributed, Acoer’s Nasr believes that one of the biggest cracks in the foundation has to do with how patient consent is managed. Similar to the way most internet users blindly agree to a website’s legal terms and conditions, virtually all of us have visited a doctor’s office or hospital and signed one or more consent forms without bothering to read them first. This comes as no surprise. In the same way we’ll typically do anything to gain instant access to some website, we’re also fearful of being denied urgent medical care unless we sign on the bottom line. As the old saying goes, “once the horse has left the barn,” your healthcare data is no longer under your control. 

Nasr envisions a very different system of consent; one that puts patients in charge of who gets what data, when, for how long, in what form (eg: anonymized vs de-anonymized), and what can be done with it. But, for such a system to work at the atomic level of granularity that Nasr has in mind, a total overhaul of the healthcare data ecosystem as we know it would be necessary. 

Imagine, for example, that your doctor thinks you might be dealing with long COVID symptoms and orders a blood test to check for the existence of COVID antibodies. Many parties beyond you and your doctor might have an interest in that data. In the United States (and in the spirit of containing the spread of COVID), government organizations such as your local health department and the US Centers for Disease Control and Prevention (CDC) will have an interest. Policy makers might take an interest in that data for the purpose of policy making. Pharmaceutical research organizations and drug manufacturers might take an interest in your data for the purpose of developing therapies for long COVID. How about the lab that does the bloodwork and the vendor of the system that stores the results? Other doctors and patients experiencing the same symptoms and yielding the same blood test results as you might take an interest (almost like the way a class of plaintiffs self-organizes for a class action lawsuit). Not only might all these parties be interested, some organizations may want the rights to your personal health data in perpetuity (and today, some parties are geting those rights unbeknownst to you).

But what if the patient’s consent could be customized for each party? Even revoked? What if other parties developed an interest in certain types of healthcare data but, under the current regime, have no idea which proprietary silos are hiding it, how to query for it, or can’t afford the exorbitant access fees that many healthcare data aggregators currently charge? Presumably, if patients were wholly in control of all of their healthcare data, they could also grant consent on an as needed basis. Theoretically, given that granular level of control, patients could even dictate the terms of third party monetization or even monetize the data themselves. 

Acoer’s Nasr thinks that sort of flexibility is possible and is enabling it by using public blockchain technology to atomically, transparently and immutably make a record of every consent event. To be clear, Acoer has no intention of putting private healthcare data itself on-chain. But to the extent that blockchain technology is super scalable and can create an easily-queried timestamped record of any event, it seems nearly purpose-built for keeping track of billions of consent events in a way that’s impractical if not impossible with clipboards and paper. Additionally, through the help of tokenization via non-fungible tokens (NFTs), blockchain can also immortalize health record ownership in a way that flips the current script and puts patients (instead of the industry) in charge of their own healthcare information. 

Each NFT would point to a bit of off-chain healthcare data (eg: a specific lab result) thus enabling a new class of applications where, after consent is granted, third parties can search, source (and aggregate) quality data from its canonical source: the patients and their actual medical records. This is different from the industry’s structure today where, due to technical incompatibilities between dissimilar electronic healthcare (EHR) systems, the quality of healthcare data and therefore its utility diminishes each time it changes hands. 

Why the open Decentralized Recovery Protocol Matters

So what, if anything, does the Decentralized Recovery (DeRec) protocol have to do with Acoer’s disruptive approach to healthcare data ownership and consent? 

One reason blockchain is so purpose-fit to the idea of a patient’s ownership and control of their healthcare data is the technology’s ethos and culture of decentralization. Blockchain not only removes traditional institutions (eg: banks) as the gatekeepers to certain services (eg: financial services), it disintermediates their role as asset custodians. Via the tokenization of patient healthcare data with NFTs, Acoer is shifting custodianship of that data from the institutions that own it today to the patients themselves. But, similar to cash, once consumers take custody of non-fungible tokens (and fungible ones as well), the safekeeping of those assets also becomes their responsibility. 

To the extent that a collection of digital healthcare assets (or any assets for that matter) are bound to NFTs and access to those NFTs is governed by a private key, any loss or compromise of that private key could be devastating. One option for Acoer (and developers of other apps involving tokenization of real world assets or RWAs) is to serve as an intermediate custodian of those assets. As an example, centralized cryptocurrency exchanges like Coinbase and Binance rely on custodial wallets (see What’s the Difference Between a Custodial and Non-Custodial Wallet?) in order to custody any associated assets on behalf of their customers. With custodial wallets, the safekeeping of the private keys is the responsibility of the application provider (eg: the exchange). For end-users that lose the credentials (eg: user ID and password) to their custodial wallets (and, who of us hasn’t forgotten a user ID and password at one time or another?), the provider typically offers an automated process for credential recovery. In other words, there’s a safety net. 

But, if Acoer chooses to operate custodial wallets on behalf of the patients who use its applications, it would be a step backward from patient control and ownership of that data, leaving the door open to the same malaise that affects the healthcare data ecosystem today. For this reason, Acoer is committed to an application architecture involving non-custodial wallets where patients have full ownership and control of their on-chain assets and the private keys that govern access to them. However, whereas custodial wallets typically come with a safety net that protects users against loss of access to their assets, non-custodial wallets have no such recovery mechanism. Given this gap, Acoer has taken an interest in the open DeRec Protocol as the means to which patients can enjoy complete custody of their healthcare-related data without bearing the typical risks associated with non-custodial wallets. In so doing, patients (and any designees) are guaranteed perpetual and unimpeded access and control of their own data without the interference of third parties who don’t necessarily have the patient’s best interests in mind.  

In the bigger picture, Acoer’s use case for the open DeRec Protocol demonstrates the role that the protocol can play in a wide variety of blockchain applications that deal with the tokenization of real world assets (and not just medical records).  For more information on how the DeRec Protocol can protect users of non-custodial wallets from the loss of their private keys and secret recovery phrases, please read Calling All Wallet Developers: Protect Your Users with the DeRec Protocol.