Future State: Digital Credentials for Healthcare

Digital credentials and self-sovereign identity have the potential to revolutionize the healthcare industry by providing a more secure and efficient way to store and share important health information.

Future State: Digital Credentials for Healthcare

Digital credentials and self-sovereign identity have the potential to revolutionize the healthcare industry by providing a more secure and efficient way to store and share important health information.

A digital credential (such as the W3C Verifiable Credential) is a tamper-proof, cryptographically secure form of a machine-readable credential. For example, it might be a digital version of your SSN, your passport, or even a concert ticket. Your health recordsimmunizations, diagnoses for medical conditions, allergies, clinical vitals, lab results, prescriptions, and other health datacan also be represented as verifiable credentials, and therefore, owned and managed by patients themselves.

In this blog post, we'll explore the benefits of using digital credentials in the healthcare industry, including protecting sensitive health data from data breaches, improving patient care with more complete records, and reducing administrative burdens.

Protecting from Data Breaches
Verifiable credentials can secure health data from cyber threats, such as ransomware and data breaches. Health data is often stored in large centralized databases, which are increasingly vulnerable to these threats. With verifiable credentials, it is possible to decentralize the storage of health data to be accessed only by authorized individuals, which greatly reduces the risk of data breaches. This architecture can transform a centralized honeypot–a single point of failure–into a decentralized network supported with multiple points of resiliency and backups to meet high assurance requirements.

The U.S. Department of Health and Human Services Office for Civil Rights tracks all breaches of unsecured protected health information affecting 500 or more individuals, as required by section 13402(e)(4) of the HITECH Act. In 2021, there were over 27 million individuals affected by healthcare data breaches. In 2022, reported cases indicate over 48 million individuals affected by breaches, an increase of over 177% since the previous year.

The total number of incidents has also dramatically increased, with 601 breach incidents reported in 2022, a 226% increase from the 266 breaches reported in 2021. Breaches reported can result from hacking/IT incidents, theft, loss of records, or unauthorized access/disclosures. In most of these scenarios, wrongful access is granted to sensitive health records, either due to human errors, system errors, or lack of security controls. Currently, the individuals whose data is stored in these records are required to trust their healthcare providers and others who handle their sensitive data to have adequate systems in place to prevent unauthorized disclosures or loss of data.

An example architectural shift enabled by digital credentials eliminating a central database as the single point of failure.

In a new health records system, powered by verifiable credentials, patients would control disclosures and access to their data. Healthcare providers, pharmacies, or insurance companies would be granted access whenever required, but would not need to store a “honeypot” of sensitive health data on their internal servers, nor would they be able to share with any other third parties (either intentionally or unintentionally).

Better Care through Complete Records
Another key benefit of verifiable credentials in healthcare is that they enable patients to control and manage their own health data. Patients can create a portable, secure record of their health information that they can access and share with healthcare providers, insurance companies, and family members as needed. According to the Bureau of Labor Statistics, individuals hold an average of 12.4 different jobs between the age of 18 to 54. With each new job, the employer-sponsored health insurance provider may change, which requires the individual to find and establish new, in-network primary care. It becomes increasingly more difficult to piece together health history records with each new doctor’s office visit, primary care physician, specialty doctor, and same-day care facility.

Let’s use Alice as an example. Alice is an early 30s young professional who grew up in Florida and now lives in New York. As a child and teenager, Alice saw the same doctor every year for her annual checkups and regular vaccinations. After graduating from high school, she moved to California to attend university and enrolled in the student health insurance plan. She had a vague, but imprecise recollection of receiving different vaccines and, as a result, had to request records be sent from her family doctor in Florida to the university health office. Her new health records covering the care administered for her four years of university are stored in her student profile for the university health system.

After graduating from university, Alice moves to New York to pursue a career in finance. Her health insurance is now provided by the bank she works for, and Alice needs to find a doctor in New York in that health insurance network. She is no longer a student, so she’s lost access to her university student health portal and has to call the university health office to request that her health records be faxed to the new doctor. She also has to contact her family doctor in Florida to fax records to her new doctor, which can take a few days or even weeks. Between the ages of 22 to 32, Alice changes jobs four times, staying at each job for between two to three years. For each new job, Alice has new health insurance coverage, which requires finding new in-network doctors and repeating the process of requesting her health records over and over again.

Compared to average American workers, Alice is not a unique, fictional character. According to the Kaiser Family Foundation, 49% of Americans, or 156 million people, receive health insurance coverage through their employer. Insights from the Bureau of Labor Statistics show that the average worker tenure for employees aged 25 to 34 is 2.8 years. This means that 156 million people might be faced with establishing new in-network care every 2.8 years as they switch employers and, subsequently, employer-provided health insurance coverage. This results in spotty health records with incomplete care history.

Alice’s ability to establish care would be simplified dramatically with verifiable credentials allowing her to manage her own health records. Each time Alice needs to visit a new primary care physician, get a routine vaccine, or visit urgent care, it would be a simple, seamless process to share relevant health records and receive new records to store or share in the future. Alice would have a more complete, accurate picture of her health history to help any new doctor, either for routine care or emergency situations, and have all the context required to make informed recommendations for care plans. Medical records currently are often fragmented and incomplete, which can make it difficult for healthcare providers to diagnose and treat patients effectively. Applying self-sovereign identity within healthcare will empower patients to create a comprehensive record of their medical history that can be accessed by healthcare providers, allowing for better diagnosis and care.

Lowering Healthcare Administrative Costs
In addition to the benefits mentioned above, verifiable credentials can also help to reduce administrative burdens and overhead costs for healthcare providers. A study by the American Medical Association and Dartmouth-Hitchcock health system published in the Annals of Internal Medicine found that physicians only spend 27% of their office day on direct, patient-facing care time, with 49% of their day spent on electronic health records and administrative paperwork.

“This study reveals what many physicians are feeling – data entry and administrative tasks are cutting into the doctor-patient time that is central to medicine and a primary reason many of us became physicians,” said Steven Stack, M.D, Past-President of the American Medical Association.

With current systems, healthcare providers must spend a significant amount of time and resources verifying the authenticity of health records and other information, requesting health record transfers from previous care providers, and facilitating health record transfers between patients and insurance companies. Verifiable credentials make this process much more efficient, as the credentials can be easily verified using cryptographic algorithms, and, being fully controlled by the patient, accessed quickly on a need-to-know basis.

This future state with verifiable credentials powering health records wouldn’t completely eliminate the administrative overhead related to record-keeping, but it would streamline the processes with standardized formats that are easily verified. This can help to free up time and resources that can be used to provide better patient care, while also lowering overhead costs for healthcare providers–including fees paid to cloud service providers

Digital credentials have the potential to significantly improve the healthcare industry by providing a secure and efficient way to store and share important health information. They enable patients to control their own health data, create a full medical history, and protect sensitive health information from cyber threats. As the use of verifiable credentials continues to grow, we can expect to see many more applications of this technology in the healthcare industry.

Healthcare is just one example–virtually every industry that relies on data storage and record-keeping can be supercharged with verifiable credentials and similar technologies. Watch this space as we explore use cases across different industries.


About Spruce: Spruce is building a future where users control their identity and data across all digital interactions.