SSI Orbit Podcast
Patient-Centric Identity Management for Healthcare with Jim St-Clair
By Mathieu Glaude
April 13, 2021

Listen to this Episode about patient-centric identity management for healthcare on Spotify


Mathieu: Okay, we’re on. Hi Jim, how’s it going?

Jim: I’m well, sir. How are you today?

Mathieu: Doing well, thanks. Before getting into all of the cool stuff that you’re doing at Lumedic and the different communities that you’re working in, I’d like to start this conversation by taking a step back to understand how you got into healthcare. It doesn’t seem as if you got into it just yesterday, so would you mind giving some background of how you got into the healthcare space?

Jim: Sure, absolutely. I want to be clear that I characterize my healthcare involvement as around health IT. I don’t have the privilege of being in healthcare like many frontline workers and doctors and nurses but have come into it as a technologist, going back about 12 years ago.

I’ve been in technology and the public sector for a little over 20 years. During my time in the public sector and public sector consulting in Washington DC, I got more involved with federal agencies in healthcare, in federal health IT, and in data efforts. I used that opportunity to work for HIMSS, the Health Information and Management System Society. HIMSS is the world’s largest cause-based non-profit, specifically focused on healthcare technology and the use of technology for patient empowerment and patient engagement. I spent a year and a half with them as the senior director for interoperability and standards.

I left that job to go back into public sector consulting, supporting the State of Vermont with implementing systems as part of the Affordable Care Act. Then, I moved into another small company supporting a large enterprise software development initiative with the Department of Veterans Affairs (the VA). Following that, I worked for another small company in Maryland with a focus on the Center for Medicare and Medicaid Services, which is part of US HHS (Health and Human Services). I stayed involved with HL7 and several other standards groups and consortia. I began working with Lumedic in January of this year, specifically focused on digital identity standards, especially in self-sovereign identity, and also continuing to work in HL7. Lumedic is part of Providence Health Systems, and we play a very active role in several HL7 initiatives for health IT and data exchange. It’s very complementary to the work we’re doing with groups like Sovrin, the Trust over IP Foundation, and so on.

Mathieu: For those who aren’t familiar with HL7, like me, what is it?

Jim: Sure. HL7 is an international body; HL stands for Health Level Seven. I apologize for not remembering exactly when they got started, but they’ve been around for several decades. They have various international working groups and focus areas that are using standard schemas (very similar to W3C and others) to develop health data standards for interoperable health data in healthcare systems.

Mathieu: There are other organizations as well; FHIR, or the Fast Healthcare Interoperability Resource, is another one that you’re a part of. Or, at least, when you were part of HIMSS, was that a part of that too?

Jim: Oh. I’m glad you mentioned that. FHIR fast health information resources is, in fact, the latest JSON-based iteration of technology that HL7 has developed over the last six or seven years. The development of health standards has been iterative. Going back to the data standards and the way data was organized and used in the client-server environment; all of that has changed with web services, and with APIs, and cloud services and the internet, etcetera. Health data standards have changed as well. FHIR fast health information resources is the latest iteration for being able to capture health data from electronic health care records and make it available through web services.

Mathieu: Got it; thanks for the breakdown. There’s a newer act a little more recently, but I’ll just take a step back before getting to it. There was a nice representation that Michael Nash from your team put together, showing the progress of healthcare. As it started in its pre-digital era, you started to get different standards and legislation like HIPAA. Then, you started to get more digital standards and high-tech standards as the paper era moved into the digital era. Closer to today, with the 21st Century Cures Act coming into place, moving from the digital era towards more the patient era. How have you viewed that whole evolution in healthcare, and how has the 21st Century Cures Act aligned with what you guys are doing or what you’re thinking?

Jim: Mike Nash, our CEO, has espoused this vision, which I think is outstanding; about the healthcare in the US coming into the patient era, and how Lumedic is part of the patient era now. To walk through that evolution that you articulated; like so many other industries, we moved from paper to digital over the course of the last couple of decades.

Healthcare records had historically been big, thick binders of paper and faxes and notes, which would still persist today. There was a change in regulatory focus to take into account the fact that healthcare records have been more and more transitioning into the world of digital and digital records — electronic healthcare records systems. That prompted a law in 1996, called the Health Information Portability and Accountability Act (HIPAA). HIPAA was ground-breaking in its obviousness in saying that number one, your healthcare data should be able to go wherever you want it to go; and number two, healthcare systems were responsible for how they manage, safeguard, and distribute electronic health information, which we called EHI or PHI (protected health information). Everyone appreciates the fact that the law helped to clarify and articulate that data should be available to you, wherever you need it to be, that it could be transferable, and most importantly, there are protections behind it.

However, it still had an organizational ‘silo’ feel to it, and that traditional client-server view. Since that time in 1996, more and more things are available through the internet, mobile apps, and electronic systems. Then, you have various middleware and patient engagement experience platforms, and use of third-party apps, and health and fitness apps. If anything, I think the term I use now is the ‘ubiquitousness’ of healthcare data; your healthcare data should be ubiquitous, in terms of your ability to get it and to combine it with other information that you’re collecting. It should be ubiquitous in its presentation and ability to be used at different places. That’s where we’re getting to with the patient era. That is: you, as the patient, have the technology, and we have the architectures to empower you to be able to collect your data and use it as you see fit. That is quite a cultural change.

Your ability to get access to that data, and be able to use that data as you see fit, has oftentimes been questionable just because of healthcare silos. But, we’re now at a point where the architecture and the technology no longer restrict that sort of silo of data, and you should be able to take advantage of it and use apps to do so. That is a thematic undercurrent to everything that we do with Lumedic, but in particular around the Lumedic Connect identity platform.

Mathieu: HIPAA provides guidance for health information exchange between organizations, which is still valid with the 21st Century Cures Act. It’s a component that fits within that act; the act makes it increasingly possible for more patient-driven, or patient-owned models, is that correct?

Jim: That’s a great point. The 21st Century Cures Act, as suggested when it passed in the 21st Century, goes into effect in 2021. In many ways, it layers on top of HIPAA, and I think you bring up a good point that’s worth clarifying. HIPAA was passed in 1996. In 2010 you had HITECH, the Health Information Technology for economy and community health. HITECH added another layer to HIPAA in terms of recognizing health information and promoting the use of electronic health care records. Now, you have the 21st Century Cures Act; there are many good summaries out there that your listeners can find for the 21st Century Cures Act. The most important aspect is how it takes such a broader message and regulatory guideline around the availability of health information; something called patient access APIs. This offers subsequent modification to things like the HIPAA privacy rule and others, that help to bolster the underlying message that patients should access their own information.

Mathieu: So, if we look at a Patient-Centric ID or the patient era moving forward; why is that the solution to fix the problems? I’m assuming there’s a lot of problems that are related; you’ve described a few of them, such as the siloed view of data and the lack of interoperability and stuff like that. What are the major benefits of Patient ID that you guys are excited about?

Jim: I’d say that there are a couple of things; on its surface, one can be excited about the principles of privacy-preserving architectures, and building in the concepts of self-sovereign identity. You know, the things that you and I, and other folks in the identity standards world are excited about: to allow people to control their own information, and help control how their information is shared. Even more than that, if the information is controlled by the individual and by the patients, they’re now empowered to control where that information goes.

I often use an analogy that culturally, healthcare in some ways is still like going to see the tribal shaman 10 000 years ago: I show up at a healthcare environment; some doctor says that there’s some issue. Maybe I understand it, or maybe I don’t, which is a patient health literacy issue. Maybe I have access to the data, or maybe he or she magically presents a lab result and says, “Hey, this is the issue, and now you have to go and do this, this, and this.” These are three other things that you’re being told to do, that change when you now have the individual able to manage how their data is collected and how their data is disseminated — how they do things in the healthcare environment with a healthcare organization. I think it now allows them to be empowered to make decisions about, “Well, I’m not only going to see this doctor here, but I’m also going to see this other doctor. When I do see this doctor, these are the things that I think they need to know about me, but I shouldn’t have to consent to share my entire life history with them if I don’t feel it’s relevant. If I’m going to a back specialist, for example, do they need to know something about substance abuse, that may or may not have anything to do with that.

How do I, as a patient, get more involved with how my health information moves around, in a way that I’ve never been involved in before, whether it was paper or digital.

Mathieu: That’s another interesting aspect to that; you definitely have the privacy-preserving aspects to the whole story here, but I think we’re seeing in health care and health technology that we’re getting more and more opportunities to use different methods for health data inputs. Whether it’s wearables, whether it’s going for different specialized treatments or scans or activities like that; being at the center and having control of that, and being able to amalgamate all of that information for yourself at the center. That all goes along with the whole big data story, where there are tons of opportunities to use more and more data in healthcare today. It’s probably another benefit of having this patient-centric identity management model.

Jim: That’s a wonderful analogy, and I’d add to it as well. I’m sure you’ve read quite a bit about the use of AI in healthcare, and AI services and chatbots, and that sort of thing. The more that you have the ability to collect your own information, and use that in support of tools such as an AI-driven application, for instance, then the more things can be customized to you or built on what we call evidence-based medicine (EBM) as a framework for decision making.

There’s a proliferation of health apps and advancements in technologies that allow you to monitor your own heart rate at home, and that assist you with medication adherence and how you take medication—gathering that information in your own app, having that information available to you as part of your own data, as part of clinical decision making, and deciding where your data is really where the 21st Century is going. As we discussed, the 21st Century Cures Act is your ability to get that information, to work with information from mobile apps and health applications, and then decide how that information is shared and controlled. The consent belongs to you.

Mathieu: Got it. We’ve been hearing more about the work you’re doing through different communities like the Trust over IP. Lumedic is an organization that was existing before, but was purchased by Providence Health Systems a few years ago. Would you mind making a distinction between those two organizations, and what both of them are up to?

Jim: Absolutely. Providence Health Systems is the ninth-largest healthcare system in the USA, and they are a not-for-profit Catholic hospital system located in Seattle. They support seven states under that banner. As part of Providence Health Systems, they have a for-profit portfolio of companies called Tegria. One of the companies under the Tegria portfolio is Lumedic. As you mentioned, Lumedic was acquired independently a couple of years ago, to be added to that portfolio to support new tech startups and health innovations within that portfolio, under the umbrella of a large major health care system. To add on top of that, Providence has its own digital innovation group, and they coordinate with a venture fund. It gives them a broad base of involvement for identifying healthcare technology solutions that obviously advance their mission for care delivery in the states that they support.

Mathieu: Within Lumedic, do you have the opportunity to leverage the ecosystem of different companies or different resources that Providence has assembled, or that Tegria has under their portfolio?

Jim: That’s a great point, and one I’m not afraid to advertise. As you know, there are lots and lots of health tech companies out there. Very few of them have the opportunity to daily participate in and interact directly with a health care system, beyond a traditional customer-vendor relationship; not only that, but a health care system of the size and scope of Providence. I consider myself to be very fortunate that I get to work alongside senior Providence healthcare professionals and leaders as part of what we’re doing in advancing the field. Specifically, we’ve created the Lumedic Exchange, which is a voluntary organization of stakeholders from other healthcare organizations, but including Providence. The Exchange focus is on developing use cases and workflows around this concept of verifiable credentials. That gives us the opportunity to tap into not only folks who are technically part of Providence Health Systems, but Providence itself has jurisdiction over the State of Oregon, and it’s got other systems in California. This gives a tremendous degree of variety and organizational diversity, each representing different healthcare organization perspectives as part of this development work. There are very few health tech companies that can offer that sort of background and diversity, in terms of their solution development and application.

Mathieu: What was the vision behind the Lumedic Exchange? It makes sense to have some sort of ecosystem or consortium, governing the health apps, or the data, or the different systems and what people are using. Is that the idea behind the Lumedic Exchange?

Jim: That’s a great question. I know we haven’t talked about it too much besides the references to the Trust over IP Foundation, but the Lumedic Connect product is based entirely on the Trust over IP Foundation framework for managing decentralized identity, and using the W3C (WorldWide Web Consortium) verifiable credential model.

If you think about what that verifiable credential trust triangle model looks like; between the issuer, the credential holder, and the credential verifier — what type of business processes and use cases are there, for using that verifiable credential in healthcare use cases? Despite what we could bring to the table for technical knowledge and engineering to develop the Lumedic Connect product as a small company, or even in conjunction with Providence Health, we couldn’t necessarily come up with every use case by ourselves. Nor could we get industry buy-in for a use case of how a verifiable credential could be used in a healthcare scenario, without the participation of as many healthcare organizations as possible. So, we created the Lumedic Exchange to allow healthcare organizations to join for free and participate in that process to get educated about verifiable credentials, and contribute their perspective. For example, if I have a patient coming in for an x-ray, and they have their insurance through Blue Cross/Blue Shield, what needs to go into a verifiable credential? What’s the registration process? How do I tie that credential to the imaging system and to the image? How does it work with their insurance eligibility and registration? That sort of thing.

Mathieu: I always worry about the education gap with any new technologies, but is it clicking with the health providers that are coming into the Lumedic Exchange? Are they really seeing the value of portable digital verifiable credentials?

Jim: That’s a great question. I would like to say that they see the value of it, but it is a brand new effort. We launched around November of last year. Of course, launching anything last year in the pandemic obviously complicates some of the messaging. What I can say is that we have strong participation from several folks in the payer community, from Mastercard, identity services from other representatives in Providence, and from HireRight, the human resources information company. They are consistently participating in a couple of the workgroups we’ve stood up, plus some new ones that are addressing various issues for credentials. So, I’m very optimistic that the momentum is going to build this year. I think both membership contributions and value will all be built as the year goes on.

Mathieu: It seems like the one opportunity, or one of the good things with COVID (if there’s any of them), driving the push towards more and more digitization. The use of proof-of-vaccines; that’s one of the first use cases that it seems you’re focused on.

Jim: Yes, and I like the way you paraphrase that; both fortunately and unfortunately. It’s terribly unfortunate that we have such a human toll and tragedy concerning the pandemic. On the other hand, it has prompted consideration and forced changes in business models, in ways that we’ve talked about and never been able to do. They are now a reality; whether it’s telework and now the adoption of telehealth and virtual care. In many ways, the substance around a health pass or vaccination credential was there before, and it’s something we’ve been working on as an underlying technology with Lumedic Connect and for Providence for a couple of years. However, fortunately, or unfortunately, the foundation of vaccination coverage and a vaccination credential serves as a foundation for really demonstrating a use case, in one of the most positive and fast moving ways.

Mathieu: People definitely understand that when they see it, and it has been interesting.

I remember early last year when we were in the early days of COVID, with the COVID credentials initiative starting and a lot of different efforts, trying to look at a way to use these new technologies for good, without sacrificing privacy, or any ethical considerations, and so on. Although this stuff could excite you, is there stuff that scares you about the COVID? There seem to be a lot of different COVID projects that are going on right now.

Jim: Absolutely. Of course, I’ll be quick to point out ours as being one of the best, but I do so in the context that the vaccination credential use case is but one of many use cases that we’re looking at, as part of the broader aspect of managing patient health information that we’ve been talking about so far, when you called out things like HIPAA and the 21st Century Cures Act.

You’re right, unfortunately. There are several prominent cases going on right now, or several prominent industry applications, where privacy seems like a real concern. It’s understandably very difficult for a consumer to look at these different things, and be told, “Oh, don’t worry, it’s on the blockchain.” That’s somehow supposed to mean something in terms of privacy, without underlying what a governance framework is, or what an inherent privacy-preserving architecture is. We were aiming for all of that first and foremost, even before dealing with vaccination credentials, and so that’s built on it too. In working with things like the Good Health Pass Collaborative, we’re trying to come up with that type of Good Housekeeping/UL seal of approval that shows that this credential application and mobile application have taken into account key considerations for privacy, security, interoperability, a trust framework, and so on. This would enable consumers to know that you can trust and appreciate that these apps are only working on your behalf and that they’re not representing either corporate surveillance of healthcare or some other government intrusion into your health information.

Mathieu: There’s a lot of good work happening, as you mentioned, at the Good Health Pass Collaborative. With the trust models or trust frameworks that you’ve been working on within the Lumedic Exchange, is there a lot of overlap there? Have you been able to contribute to that?

Jim: I think you make a great point; it’s entirely collaborative. If you think about the things that we’re working through in terms of privacy, and interoperability, and trust frameworks in the Good Health Pass Collaborative; while called into focus around the issue of vaccination credentials, they also pertain across the board to any other healthcare information factor. As you mentioned, there are lots of good companies in the COVID Credentials Initiative (CCI) and lots of work there; but, of course, as an organization, they’re focused on COVID credentials. Ours is a focus on health information credentials, patient-centric identity management first, with COVID credentials being a natural overlay to that.

Mathieu: There’s a need for trust models or trust frameworks across different industries or ecosystems. We see many developments taking place in the financial sector; that’s the area in which we work a little more. How do you describe a trust model or trust framework to someone? It’s a new concept, that wasn’t necessarily there with traditional architected systems.

Jim: You’re right, it is very new. When you’re advancing this model of trust, first and foremost and speaking as a Chief Trust Officer, I of course spend some time explaining what a Chief Trust Officer is. I emphasize to them that previous roles for chief this, and chief that, whether it was a Chief Information Officer, Chief Technology Officer, Chief Data Officer; all those roles highlighted how organizations were taking a new organizational leadership around that particular concept. That is, how important information was, or how important data was. Now, we feel we’re in the era where trust has to be called out as something that is an organizational value, an organizational effort. So, with that in mind, you need a trust framework.

When asked how I look at a trust framework, or a trust assessment framework: digital trust is considered to be an embodiment of all the ongoing activities and areas of security and privacy, and data management or data governance. That activity manifests itself as some way that parties who may, or may not, know or like each other, can agree upon trusting each other. That generally represents a combination of things that we’re already familiar with, such as ISO standards, or GDPR (General Data Protection Regulation), or in financial services, GLBA (Gramm-Leach-Bliley Act) and other financial securities. Acts that combine together, and lay out some way that organizations can attest, or be certified, to say, “I’m following security standards; I have security in place; I’m following privacy standards.”

There is a right-to-privacy for the users; there’s a right to protect their data, and a right to be forgotten. All of that is serving as a framework to be able to say, “Can I now trust that the rules in this organization, combined with the rules in that organization, will allow me to use this credential as a model to identify me?” Despite the fact that you may not know everything about me, we both agree that we’re following these rules together, and you can trust that I can do this. Or, more importantly, that I can trust you, that you can have my information, or that we can have some sort of transaction or relationship together.

Which, when you think about it, is the heart of where blockchain, and Bitcoin and everything started. Even in anonymous, almost adversarial, relationships, you could have rules for how transactions took place, so that two people could conduct a financial transaction without ever knowing each other. Everyone agreed to what that was, and that was, in fact, really a trust assurance framework. It was engineered into the Bitcoin code and the way in which Bitcoin operates. That serves as a foundation, to then extend that to verifiable credentials, and saying, “I present a credential that comes from someone you trust, or an organization that’s trusted. That serves as the basis for our transaction together, without having to collect and store a bunch of other information.

Mathieu: I remember some years ago, when blockchain was supposed to be used for everything. In the early days of decentralized identity management, a lot of the thinking was, “Hey, let’s just throw everything on-chain.” I think we realized pretty quickly, that definitely does not hold up; you can’t put personal information on-chain. I’m definitely happy with the evolution that we’ve seen, with off-chain secure communication with verifiable credentials, and using pretty cool cryptography and protocols to allow that to happen. Does the Lumedic ecosystem publish its own trust framework, and does it use a specific blockchain as a utility to write information that’s pertinent to issuers and certain credential information?

Jim: Yes, and first of all, let me say I think your summary was beautiful! As someone who has been in blockchain and healthcare for about four years, I translate it from a Dilbert cartoon: blockchain is like radioactivity; you can use it for good or evil, and you don’t want to get any of it on you. I believe a lot of people had a vision about it; to simply use blockchain like bitcoin, and somehow it’s all anonymous. When, in fact, blockchain does a beautiful job of being able to eliminate anonymity, and being able to trace and associate transactions with a specific person, with specific information. However, when you abstract it out between on-chain and off-chain as you’re suggesting, then you have a new way to be able to enforce privacy, especially with the principles of decentralized identifiers. We are built on a combination of the Hyperledger Indy/Aries framework and part of the Sovrin Network. So, you have those principles and trust framework associated with Sovrin and SSI, as part of the framework for the Hyperledger Indy/Aries network or software components that we’re using. To your question; yes, the Lumedic Exchange is developing its own trust framework and own credential rules, which we intend to publish. They’re developed by the working groups, and published on our website to be available as examples for anyone.

We see that the most important things to do first, are culturalization, education, and adoption. We won’t necessarily be the only solution for this, although we’d obviously like to help all the patients in America. However, truly understanding it and moving it forward as a concept for how patient information should be managed, is probably the most important thing first and foremost. Therefore, we’ll publicly share all of the trust framework and governance framework documentation we develop out of the exchange. That will allow people to build upon it, and when the next thing comes along — whether it’s KERI, or Hedera Hashgraph, or the next version of Hyperledger Indy/Aries — we’ll have a framework to help support that.

Mathieu: That’s awesome. Similar to the rest of the community, it’s great to see you guys participate. I know you’re passionate about participating in different organizations; whether it’s the Trust over IP, ID2020, or other ones. Going back to that nice illustration that Mike Nash had put together; that starts at the paper era. Well, definitely not the elimination of the paper era, as we’re talking more and more about today. This technology needs to be accessible to people, and it needs to fit the different cultures and the different ways of using it.

Jim: Absolutely. Your commentary drives me to another point too, which is this idea of patient-centric, and patient empowerment, and consumerism. I know that’s on Mike’s graphic as well, that we have to take into account the gradual but steady building of consumerism and healthcare, in a way that hasn’t existed before. By virtue of making this technology accessible, consumers can take advantage of it as part of doing their business of daily life.

You know, the use of faxes and the use of paper records have still continued to persist. Nothing makes me want to stick a pencil in my eye faster than when I see an advertisement for a secure cloud-based fax platform. I’d say, “Fantastic. What a great job hedging over the cart path, and I’m going to go buy another horse.” It’s not advancing where technology can go, to help consumers and empower patients. There’s a great deal of that effort going on within HL7, of course, which is why I’m excited to make it a complementary effort. There are so many folks around the US and around the globe, who are working HL7 to advance more effective ways to exchange health information. We advance other standards from the global community around identity, to be able to make it a patient-centric way of managing that.

It’s nothing short of revolutionary. “Revolutionary” means that there are winners and losers, and you hope that the most important winner, of course, is the patient.

Mathieu: Yes: with the understanding, as you said perfectly, that there’s not going to be one winner — you need to be able to play within the ecosystem and add the value that you’re good at adding. It’s not that you can simply replicate the siloed models that are there today; that’s not the evolution or revolution that we’re looking for here. I’ll post Mike’s illustration in the show notes for this podcast. We’ve referred to it a couple of times, and I think it’s a great overview of the different eras within healthcare.

different eras within healthcare

Mike Nash, Lumedic

Within the Lumedic Exchange, there are different organizations that are part of this, and there are different working groups that are happening. What’s being worked on?

Jim: Let me highlight probably my most exciting working group, which is Health Equity. We’ve set out to try and get about seven working groups up and running. We have an Identity working group, who are looking at things like identity attributes, and binding things I’m sure you’re familiar with. These are issues that are a fundamental block-and-tackling for how verifiable credentials work. We have another working group around Registration and Eligibility, which starts to tie in the actual workflow of a patient registration process in a healthcare system, into the use of a verifiable credential. We’re also looking at some very specific healthcare opportunities, for things like skilled nursing facility, and for imaging and pharmacy applications.

In our Health Equity and Population Health working group, I got excited about it because I spent a lot of time working on another concept called “Social Determinants Of Health,” or SDOH. In healthcare, that concept has a lot of conversation going on. This deals with looking into non-clinical factors that make up your healthcare aspects and your lifestyle. As someone said, social determinants of health are our health factors, no matter what. We tend to look at them for things like housing security, economic security, and food security. These are social factors that weigh-in, for whoever is being considered as part of the clinical analysis. It’s not information that your doctor historically has gathered or that you typically see in a clinical record. But, we understand these factors more and more as being a critical consideration. If you live in an area where it’s challenging to get affordable housing, that’s going to factor into impacts on clinical care and your ability to get to the doctor, and just have a place to live.

That translates into points of digital information about you that are separate from what you have in your health care record, but have to be considered. Where should they be considered, better than in a platform that you control for where that information is available and then shared with your health care provider? Conversely, there are things about your healthcare information that may need to be taken into account when you’re being provided housing, or for mental health, or for food security. However, that doesn’t mean that you’re giving consent to everyone that you meet, to have total access to your health care record.

There are all of these various factors and determinants that are looked at for modern healthcare: those are sources of digital information that only the individual concerned can control. So, we’re looking at how these factors of health equity and social determinants of health get considered from a verifiable credential standpoint. How do I tie together some of the work being done in HL7, and things like the Gravity Project for social determinants of health, into the identity model that we have in using a verifiable credential? Probably most importantly, how do we ensure that using verifiable credentials doesn’t create a problem for digital health equity (the so-called digital divide), but in some way, maybe even helps to mitigate or improve health equity problems that we’re seeing in digital health right now?

Mathieu: Are these layers that one would see if they’re using a digital wallet? There could be an agent in your wallet, like your Lumedic Connect, that is able to process this the right way. I’ve seen it differently in different use cases, where we start talking less about credentials, but more about capabilities and skills. And so, you have this translation layer; is that something that would be similar to the health equity stuff?

Jim: Absolutely. That’s a wonderful observation, because, for us, this effort doesn’t stop with just the credential. The patient era is about patient empowerment. I mentioned before about AI and other tools you can use; I think that there’s nothing more important than continued advancement of the presentation layer, of that user experience. So much of this is just under the covers.

I joke around in the blockchain and healthcare community, to say, “The first rule of blockchain, is to stop talking about blockchain.” What you’re really talking about is, what is it in the decentralized application that improves things? We have to have applications that elderly Medicare recipients can understand how to use, as easily as a 25-year-old millennial Javascript developer. Specifically, in the world of healthcare: what can be done about healthcare terms and diagnosis and treatment plans that are not only easy to understand, but can translate into things from a user experience or an engagement platform, that work with the patient to keep them informed, to help them make decisions, and at the same time, help safeguard their data and the ability to share data and provide consent.

Mathieu: Are there new revenue opportunities, too? Are these conversations that come up with different people within the ecosystem? You mentioned that you got to talk about the value or the benefits, rather than just saying ‘blockchain’ or just talking about the technology. I’ve been seeing this for a while now, where this is great. Once I establish myself; let’s say I’m a healthcare provider, or let’s say I’m an insurance company, let’s say I’m a lab; these are all participants that would fit within the Lumedic Exchange. Do you work with them to define what the revenue models are? Are there concerns about, “Hey, what if my credentials are reusable, and shareable, and stuff like that — do I potentially lose on future revenue? Are these issues and topics that you guys talk about?

Jim: You know, I can’t say that we’ve had some of those specific conversations. But, I think some of what you’re alluding to is really important; the general concern overall that so many healthcare applications are just another form of surveillance capitalism. And, saying, “Hey, what a great application to help you manage your health care,” only to find out that you’re putting all of your personal data in it, and they’re doing something with it behind the scenes. That’s clearly not something we want to have as a problem.

I think that in general, as you mentioned the concept of verifiable credentials and using your patient identity, we all need to be cognizant of ways that you don’t inadvertently create that surveillance capitalism, or find new ways to construe information that becomes restrictive. Nobody wants to be able to have their healthcare data present a situation for an insurance company to pass judgment on not covering them or to raise their rates. Are there ways that healthcare information is anonymous around decision-making, or anonymized, that allow you to protect your identity, limit bias or unethical approaches, and at the same time, advance how that information is used for effective quality measures or quality metrics?

Mathieu: That’s interesting. There’s something strong about having selective disclosure. But also, beyond that, being able to control your image or your persona, and not needing to necessarily divulge all the information about yourself so that you’re not completely exposing yourself to everyone and everywhere, basically, along the surveillance capitalism lines that you just said there. As a patient, if I’m now using Lumedic Connect, I have some credentials on there. I’m able to use different services and stuff like that that you’ll have on there. But, when I show up to a doctor’s office, and they’re still using their traditional systems in there; whether it’s an EHR or whatever it is, is that how it works? Is it that I show up at my doctor’s office, I scan a QR code, and I give them consent, and I transfer certain data to their system?

Jim: Yes, that is the long-term vision, for sure. You’re right; those are areas that our working groups are still sorting through to understand the specific mechanics. It is being approached with the idea that you would have, basically, a QR code presented. A QR code-reader has the fundamental interface point for everyone to consider. It could be Near Field Communications (NFC) or Bluetooth as we build upon it. However, that initial point of registration, and leveraging that QR code, is where our conversations are starting, that is correct.

Mathieu: Got it. I saw something posted that it’s being tested internally within the Providence system. This is being piloted; it’s being tested, it’s being used, as we speak.

Jim: Yes, it’s being piloted and tested around the vaccination credential first, because that’s obviously the use case; the other ones are in development. I would mention again, the opportunity that we’re afforded with Providence Health Systems is a landscape of 85 million patients and 120 000 caregivers. So, we have a very broad and diverse landscape in healthcare, to be able to leverage “in our own backyard,” which will help you know demonstrate efficacy for health care overall. It’s not merely a single clinic, in one single town someplace; which makes it very exciting to show the depth of development that’s possible.

Mathieu: Awesome. The other projects I’ve seen in the healthcare space have been more from the doctor, or the physician side of things. I know you collaborate with NHS, and I’ve heard conversations with them before. Is there collaboration with them, too?

Although, they’re touching the other side within the larger ecosystem; everyone needs to be plugged in.

Jim: That’s a great question. We don’t actually collaborate with NHS in the UK at the moment. I’ve had the pleasure to meet some colleagues there and talk with them a bit, but our focus is on the US. The US is so large, and so diverse in terms of what we’re trying to address; I’d welcome the chance to work with the NHS in the future, but we want to conquer US healthcare first.

Mathieu: That makes sense. In closing, Jim, what’s on the roadmap? What should people expect from Lumedic for the rest of 2021? How could people help out?

Jim: A couple of key points: our work with the Good Health Pass Collaborative, as well as internally with Lumedic, will continue to advance what a secure, privacy-preserving vaccination credential is like; if, in fact, people are called upon to need it for travel, and return to work, and so on.

We’re building upon that to help improve and revolutionize the registration workflow, which potentially saves patients a whole bunch of time and preserves their privacy as well; it can be tremendously efficient on the part of the healthcare systems, too. Also, continued growth and participation in the Lumedic Exchange; to define new use cases, new proofs-of-concept, and being able to advance this verifiable credential patient information platform concept that much further in 2021 and into 2022.

Mathieu: I love the vision towards the patient era. I think you guys are at the forefront, and I look forward to keeping a close eye on what’s happening, and the progress that’s going to be happening this year and over the next few years.

Jim, thank you very much for doing this with me today.

Jim: Thank you, Mathieu. It’s been a pleasure, and I look forward to you keeping me honest in our developments, my friend.

Related Episodes

Want to Be a Guest?

Come Onto the Show

Stay Connected to Get The Latest Podcast Alerts

Introducing our groundbreaking Trust Registry platform

The ultimate solution for forging resilient trust ecosystems in today's digital landscape.

Trust Registry



Orbit Enterprise

Establish your own trusted digital interactions ecosystem with your customers, partners and suppliers

Orbit Edge Wallet

Hold and manage issued verifiable credentials securely and in a privacy-preserving way

Orbit Trust Registry

Empower your organization to establish credibility, verify identities, and foster secure interactions with confidence and ease.



Product Updates



Verified Person

Receive a verifiable credential from Northern Block


Try our new OpenID4VC demo

Energy and Mines Digital Trust

Organizational Wallet and Credentials

Receive, store and exchange organizational credentials within your ecosystem




OpenID4VC Demo

Exchange verifiable credentials over OpenID4VCI and OpenID4VP.




SSI Orbit Podcast

Self-sovereign Identity, Decentralization and Digital Trust


Insights and News from the Forefront of Self-sovereign Identity

Latest Content