A Proposal for Decentralized, Global, Verifiable Health Care Credential Standards Grounded in Pharmaceutical Authorized Trading Partners

Authors

DOI:

https://doi.org/10.30953/bhty.v4.175

Keywords:

verifiable credentials, identity, DSCSA, pharmaceutical supply chain, interoperability

Abstract

The twin forces of privacy law and data breaches have fundamentally challenged how we collect, store, and share sensitive information. Within this landscape, healthcare information is sacrosanct – and intimately tied to identity and data ownership. Building on prior work with UCLA Health, Genentech (a member of the Roche Group), Sanofi, Amgen, Biogen, and others, we offer this opinion piece to promote the development of a standard for decentralized Verifiable Credentials (VCs). This will empower Authorized Trading Partners (ATPs) in the pharmaceutical supply chain to trade and exchange information in compliance with the US federal law. Starting with credentialing and interoperability for the ATP community, our ultimate goal was to chart a path to a global standard for all health care VCs – providing individuals and health-care professionals control over their own data. By sharing our results and releasing essential components of the work to the public domain, we hope to align and connect with other foundational efforts, thus evolving standards within a truly open framework with broad stakeholder involvement.

Downloads

Download data is not yet available.

References

Heath B. SolarWinds hack was ‘largest and most sophisticated attack’ ever – Microsoft president [Internet]. Financial Post; 2021 [cited 22 February 2021]. Available from: https://financialpost.com/pmn/business-pmn/solarwinds-hack-was-largest-and-most-sophisticated-attack-ever-microsoft-president

COVID-19 Credentials Initiative. Hello world from the COVID-19 credentials initiative [Internet]. Medium; 2020 [cited 22 February 2021]. Available from: https://cci-2020.medium.com/hello-world-from-the-covid-19-credentials-initiative-6d45534c4b3a

Bossert TP. I was the homeland security adviser to Trump. We’re being hacked [Internet]. The New York Times; 2020 [cited 22 February 2021]. Available from: https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html

Krebs B. At least 30,000 U.S. organizations newly hacked via holes in Microsoft’s email software [Internet]. Krebs on Security; 2021 March 5 [cited 18 March 2021]. Available from: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software

Newton C. Warning signal: the messaging app’s new features are causing internal turmoil [Internet]. The Verge; 2021 [cited 22 February 2021]. Available from: https://www.theverge.com/platform/amp/22249391/signal-app-abuse-messaging-employees-violence-misinformation

Tobin A, Reed D. The inevitable rise of self-sovereign identity [Internet]. Sovrin Foundation. 2017 [cited 22 February 2021]. Available from: https://sovrin.org/wp-content/uploads/2018/03/The-Inevitable-Rise-of-Self-Sovereign-Identity.pdf

Commons Project Foundation, MITRE, and Evernorth. Broad coalition of health and technology industry leaders announce vaccination credential initiative to accelerate digital access to COVID-19 vaccination records [Internet]. Business Wire. 2021 [cited 22 February 2021]. Available from: https://www.businesswire.com/news/home/20210114005294/en/Broad-Coalition-of-Health-and-Technology-Industry-Leaders-Announce-Vaccination-Credential-Initiative-to-Accelerate-Digital-Access-to-COVID-19-Vaccination-Records

Decentralized Identity Foundation. DIF – Decentralized Identity Foundation [Internet]. 2021 [cited 22 February 2021]. Available from: https://identity.foundation/

CommonPass [Internet]. The commons project. 2021 [cited 22 February 2021]. Available from: https://thecommonsproject.org/commonpass

Computational Health Informatics Program. SMART health cards framework [Internet]. 2021 [cited 22 February 2021]. Available from: https://smarthealth.cards/

U.S. Department of Health and Human Services Food and Drug Administration, identifying trading partners under the drug supply chain security act: guidance for industry – draft guidance [Internet]. 2017 [cited 22 February 2021]. Available from: https://www.fda.gov/files/drugs/published/Identifying-Trading-Partners-Under-the-Drug-Supply-Chain-Security-Act-Guidance-for-Industry.pdf

Healthcare Distribution Alliance (HDA). HDA saleable returns pilot study identifies two recommendations to meet 2019 DSCSA requirements [Internet]. Healthcare Distribution Alliance (HDA). 2016 [cited 22 February 2021]. Available from: https://www.hda.org/news/2016-11-10-hda-pilot-results-revealed

U.S. Department of Health and Human Services Food and Drug Administration. Drug Supply Chain Security Act (DSCSA) [Internet]. U.S. Department of Health and Human Services Food and Drug Administration [updated 2019 May 22; cited 22 February 2021]. Available from: https://www.fda.gov/drugs/drug-supply-chain-integrity/drug-supply-chain-security-act-dscsa

U.S. Department of Health and Human Services Food and Drug Administration. FDA’s Technology Modernization Action Plan (TMAP) [Internet]. 2019 [cited 22 February 2021]. Available from: https://www.fda.gov/media/130883/download

GS1 US. GS1 standards resources for DSCSA implementation support [Internet]. GS1 US; 2021 [cited 22 February 2021]. Available from: https://www.gs1us.org/industries/healthcare/standards-in-use/pharmaceutical/dscsa-resources

XATP Working Group. Framework for eXtended ATP authentication, enhanced verification, and saleable returns documentation [Internet]. Las Vegas, NV: LedgerDomain; 2020 [cited 4 February 2021]. Available from: https://www.xatp.org/whitepaper

Ashkar GL, Patel KS, de Jesus J, Vinnakota N, Helms N, Jack W, et al. Evaluation of decentralized verifiable credentials to authenticate authorized trading partners and verify drug provenance. BHTY [Internet] 2021 [cited 18 March 2021]; 4. doi: 10.30953/bhty.v4.175

Sporny M, Longley D, Chadwick D. Verifiable credentials data model 1.0 [Internet]. W3C Working Group. W3C; 2019 [cited 22 February 2021]. Available from: https://www.w3.org/TR/vc-data-model/

Reed D, Zundel B. What are Decentralized Identifiers (DIDs)? [Internet]. SlideShare; 2019 [cited 22 February 2021]. Available from: https://www.slideshare.net/Evernym/what-are-decentralized-identifiers-dids

Object Management Group. Object management group issues request for information for disposable self-sovereign identity standard [Internet]. Object Management Group; 2021 [cited 22 February 2021]. Available from: https://www.omg.org/news/releases/pr2021/01-21-21.htm

Lodder M, Hardman D. Sovrin DID method specification [Internet]. Sovrin Foundation; 2021 [cited 22 February 2021]. Available from: https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html

Looker T, Steele O. BBS + signatures 2020 draft community group report [Internet]. W3C Community Group; 2021 [cited 22 February 2021]. Available from: https://w3c-ccg.github.io/ldp-bbs2020/

Hyperledger Ursa. GitHub [Internet]; 2021 [cited 18 March 2021]. Available from: https://github.com/hyperledger/ursa

USFDA. Drug Supply Chain Security Act Public-Private Partnership [Internet]. FDA: 2021 [cited 15 April 2021]. Available from: https://www.fda.gov/drugs/drug-supply-chain-security-act-dscsa/drug-supply-chain-security-act-public-private-partnership

Housley R, Ashmore S, Wallace C. Trust anchor format [Internet]. Internet Engineering Task Force (IETF); 2010 [cited 22 February 2021]. Available from: https://tools.ietf.org/html/rfc5914

Thayer W. Why does Mozilla maintain our own root certificate store? [Internet]. Mozilla Security Blog. Mozilla; 2019 [cited 22 February 2021]. Available from: https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/

Otto N, Lee S, Sletten B, Burnett D, Sporny M, Ebert K. Verifiable credentials use cases [Internet]. W3C Working Group. W3C; 2019 [cited 22 February 2021]. Available from: https://www.w3.org/TR/vc-use-cases/

Spherity. Entities [Internet]. Spherity; 2021 [cited 22 February 2021]. Available from: https://docs.spherity.com/spherity-api/verifiable-credentials-api/entities

2021.02.17 General Meeting Agenda – Healthcare SIG [Internet]. Hyperledger Foundation; 2021 [cited 22 February 2021]. Available from: https://wiki.hyperledger.org/display/HCSIG/2021.02.17+General+Meeting+Agenda

Google. Protocol buffers – Google’s data interchange format [Internet]. GitHub; 2008 [cited 22 February 2021]. Available from: https://github.com/protocolbuffers/protobuf

Young K. Verifiable credentials flavors explained. COVID-19 Credentials Initiative; 2021 [cited 22 February 2021]. Available from: https://www.lfph.io/wp-content/uploads/2021/02/Verifiable-Credentials-Flavors-Explained.pdf

Untitled code sample. W3C working group. W3C [cited 22 February 2021]. Available from: https://www.w3.org/2018/credentials/v1

Dodds L, Davis I. Follow your nose [Internet]. Linked Data Patterns. 2012 [cited 22 February 2021]. Available from: https://patterns.dataincubator.org/book/follow-your-nose.html

Searls D. New hope for digital identity. Linux J [Internet]; 2017 [cited 22 February 2021]. Available from: https://www.linuxjournal.com/content/new-hope-digital-identity

Temoshok D, Abruzzi C. Developing trust frameworks to support identity federations [Internet]. National Institute of Standards and Technology; 2018. doi: 10.6028/NIST.IR.8149

Makaay E, Smedinghoff T, Thibeau D. Trust frameworks for identity systems [Internet]. Open Identity Exchange (OIX); 2017. Available from: https://connectis.com/wp-content/uploads/2018/05/OIX-White-Paper_Trust-Frameworks-for-Identity-Systems_Final.pdf

WebAssembly [Internet]. Mozilla Developer Network (MDN) Web Docs; 2021 [cited 18 March 2021]. Available from: https://developer.mozilla.org/en-US/docs/WebAssembly

Rossberg A. WebAssembly core specification [Internet]. W3C Working Group. W3C; 2019 [cited 18 March 2021]. Available from: https://www.w3.org/TR/wasm-core-1/

Kaptijn B, Gort S, Stöcker C. X.509 DID method [Internet]. Web of Trust Info. GitHub; 2019 [cited 22 February 2021]. Available from: https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/X.509-DID-Method.md

Sovrin Governance Framework Working Group. Sovrin governance framework V2. Sovrin Foundation; 2019 [cited 22 February 2021]. Available from: https://sovrin.org/wp-content/uploads/Sovrin-Governance-Framework-V2-Master-Document-V2.pdf

Callahan J, Vescent H, Young K, Duane D, Appelcline S, Othman A, et al. Six principles for self-sovereign biometrics. Web of Trust Info. GitHub; 2019 [cited 22 February 2021]. Available from: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/Biometrics.md

Additional Files

Published

2021-04-29

How to Cite

Dods, V., & Taylor, B. (2021). A Proposal for Decentralized, Global, Verifiable Health Care Credential Standards Grounded in Pharmaceutical Authorized Trading Partners. Blockchain in Healthcare Today, 4. https://doi.org/10.30953/bhty.v4.175

Issue

Section

Opinions/Perspectives/Point of View

Most read articles by the same author(s)