A Proposal for Decentralized, Global, Verifiable Health Care Credential Standards Grounded in Pharmaceutical Authorized Trading Partners
DOI:
https://doi.org/10.30953/bhty.v4.175Keywords:
verifiable credentials, identity, DSCSA, pharmaceutical supply chain, interoperabilityAbstract
The twin forces of privacy law and data breaches have fundamentally challenged how we collect, store, and share sensitive information. Within this landscape, healthcare information is sacrosanct – and intimately tied to identity and data ownership. Building on prior work with UCLA Health, Genentech (a member of the Roche Group), Sanofi, Amgen, Biogen, and others, we offer this opinion piece to promote the development of a standard for decentralized Verifiable Credentials (VCs). This will empower Authorized Trading Partners (ATPs) in the pharmaceutical supply chain to trade and exchange information in compliance with the US federal law. Starting with credentialing and interoperability for the ATP community, our ultimate goal was to chart a path to a global standard for all health care VCs – providing individuals and health-care professionals control over their own data. By sharing our results and releasing essential components of the work to the public domain, we hope to align and connect with other foundational efforts, thus evolving standards within a truly open framework with broad stakeholder involvement.
Downloads
References
Heath B. SolarWinds hack was ‘largest and most sophisticated attack’ ever – Microsoft president [Internet]. Financial Post; 2021 [cited 22 February 2021]. Available from: https://financialpost.com/pmn/business-pmn/solarwinds-hack-was-largest-and-most-sophisticated-attack-ever-microsoft-president
COVID-19 Credentials Initiative. Hello world from the COVID-19 credentials initiative [Internet]. Medium; 2020 [cited 22 February 2021]. Available from: https://cci-2020.medium.com/hello-world-from-the-covid-19-credentials-initiative-6d45534c4b3a
Bossert TP. I was the homeland security adviser to Trump. We’re being hacked [Internet]. The New York Times; 2020 [cited 22 February 2021]. Available from: https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html
Krebs B. At least 30,000 U.S. organizations newly hacked via holes in Microsoft’s email software [Internet]. Krebs on Security; 2021 March 5 [cited 18 March 2021]. Available from: https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software
Newton C. Warning signal: the messaging app’s new features are causing internal turmoil [Internet]. The Verge; 2021 [cited 22 February 2021]. Available from: https://www.theverge.com/platform/amp/22249391/signal-app-abuse-messaging-employees-violence-misinformation
Tobin A, Reed D. The inevitable rise of self-sovereign identity [Internet]. Sovrin Foundation. 2017 [cited 22 February 2021]. Available from: https://sovrin.org/wp-content/uploads/2018/03/The-Inevitable-Rise-of-Self-Sovereign-Identity.pdf
Commons Project Foundation, MITRE, and Evernorth. Broad coalition of health and technology industry leaders announce vaccination credential initiative to accelerate digital access to COVID-7. 19 vaccination records [Internet]. Business Wire. 2021 [cited 22 February 2021]. Available from: https://www.businesswire.com/news/home/20210114005294/en/Broad-Coalition-of-Health-and-Technology-Industry-Leaders-Announce-Vaccination-Credential-Initiative-to-Accelerate-Digital-Access-to-COVID-19-Vaccination-Records
Decentralized Identity Foundation. DIF – Decentralized Identity Foundation [Internet]. 2021 [cited 22 February 2021]. Available from: https://identity.foundation/
CommonPass [Internet]. The commons project. 2021 [cited 22 February 2021]. Available from: https://thecommonsproject.org/commonpass
Computational Health Informatics Program. SMART health cards framework [Internet]. 2021 [cited 22 February 2021]. Available from: https://smarthealth.cards/
U.S. Department of Health and Human Services Food and Drug Administration, identifying trading partners under the drug supply chain security act: guidance for industry – draft guidance [Internet]. 2017 [cited 22 February 2021]. Available from: https://www.fda.gov/files/drugs/published/Identifying-Trading-Partners-Under-the-Drug-Supply-Chain-Security-Act-Guidance-for-Industry.pdf
Healthcare Distribution Alliance (HDA). HDA saleable returns pilot study identifies two recommendations to meet 2019 DSCSA requirements [Internet]. Healthcare Distribution Alliance (HDA). 2016 [cited 22 February 2021]. Available from: https://www.hda.org/news/2016-11-10-hda-pilot-results-revealed
U.S. Department of Health and Human Services Food and Drug Administration. Drug Supply Chain Security Act (DSCSA) [Internet]. U.S. Department of Health and Human Services Food and Drug Administration [updated 2019 May 22; cited 22 February 2021]. Available from: https://www.fda.gov/drugs/drug-supply-chain-integrity/drug-supply-chain-security-act-dscsa
U.S. Department of Health and Human Services Food and Drug Administration. FDA’s Technology Modernization Action Plan (TMAP) [Internet]. 2019 [cited 22 February 2021]. Available from: https://www.fda.gov/media/130883/download
GS1 US. GS1 standards resources for DSCSA implementation support [Internet]. GS1 US; 2021 [cited 22 February 2021]. Available from: https://www.gs1us.org/industries/healthcare/standards-in-use/pharmaceutical/dscsa-resources
XATP Working Group. Framework for eXtended ATP authentication, enhanced verification, and saleable returns documentation [Internet]. Las Vegas, NV: LedgerDomain; 2020 [cited 4 February 2021]. Available from: https://www.xatp.org/whitepaper
7. Ashkar GL, Patel KS, de Jesus J, Vinnakota N, Helms N, Jack W, et al. Evaluation of decentralized verifiable credentials to authenticate authorized trading partners and verify drug provenance. BHTY [Internet] 2021 [cited 18 March 2021]; 4. doi: 10.30953/bhty.v4.175
Sporny M, Longley D, Chadwick D. Verifiable credentials data model 1.0 [Internet]. W3C Working Group. W3C; 2019 [cited 22 February 2021]. Available from: https://www.w3.org/TR/vc-data-model/
Reed D, Zundel B. What are Decentralized Identifiers (DIDs)? [Internet]. SlideShare; 2019 [cited 22 February 2021]. Available from: https://www.slideshare.net/Evernym/what-are-decentralized-identifiers-dids
Object Management Group. Object management group issues request for information for disposable self-sovereign identity standard [Internet]. Object Management Group; 2021 [cited 22 February 2021]. Available from: https://www.omg.org/news/releases/pr2021/01-21-21.htm
Lodder M, Hardman D. Sovrin DID method specification [Internet]. Sovrin Foundation; 2021 [cited 22 February 2021]. Available from: https://sovrin-foundation.github.io/sovrin/spec/did-method-spec-template.html
Looker T, Steele O. BBS + signatures 2020 draft community group report [Internet]. W3C Community Group; 2021 [cited 22 February 2021]. Available from: https://w3c-ccg.github.io/ldp-bbs2020/
Hyperledger Ursa. GitHub [Internet]; 2021 [cited 18 March 2021]. Available from: https://github.com/hyperledger/ursa
USFDA. Drug Supply Chain Security Act Public-Private Partnership [Internet]. FDA: 2021 [cited 15 April 2021]. Available from: https://www.fda.gov/drugs/drug-supply-chain-security-act-dscsa/drug-supply-chain-security-act-public-private-partnership
Housley R, Ashmore S, Wallace C. Trust anchor format [Internet]. Internet Engineering Task Force (IETF); 2010 [cited 22 February 2021]. Available from: https://tools.ietf.org/html/rfc5914
Thayer W. Why does Mozilla maintain our own root certificate store? [Internet]. Mozilla Security Blog. Mozilla; 2019 [cited 22 February 2021]. Available from: https://blog.mozilla.org/security/2019/02/14/why-does-mozilla-maintain-our-own-root-certificate-store/
Otto N, Lee S, Sletten B, Burnett D, Sporny M, Ebert K. Verifiable credentials use cases [Internet]. W3C Working Group. W3C; 2019 [cited 22 February 2021]. Available from: https://www.w3.org/TR/vc-use-cases/
Spherity. Entities [Internet]. Spherity; 2021 [cited 22 February 2021]. Available from: https://docs.spherity.com/spherity-api/verifiable-credentials-api/entities
2021.02.17 General Meeting Agenda – Healthcare SIG [Internet]. Hyperledger Foundation; 2021 [cited 22 February 2021]. Available from: https://wiki.hyperledger.org/display/HCSIG/2021.02.17+General+Meeting+Agenda
Google. Protocol buffers – Google’s data interchange format [Internet]. GitHub; 2008 [cited 22 February 2021]. Available from: https://github.com/protocolbuffers/protobuf
Young K. Verifiable credentials flavors explained. COVID-19 Credentials Initiative; 2021 [cited 22 February 2021]. Available from: https://www.lfph.io/wp-content/uploads/2021/02/Verifiable-Credentials-Flavors-Explained.pdf
Untitled code sample. W3C working group. W3C [cited 22 February 2021]. Available from: https://www.w3.org/2018/credentials/v1
Dodds L, Davis I. Follow your nose [Internet]. Linked Data Patterns. 2012 [cited 22 February 2021]. Available from: https://patterns.dataincubator.org/book/follow-your-nose.html
Searls D. New hope for digital identity. Linux J [Internet]; 2017 [cited 22 February 2021]. Available from: https://www.linuxjournal.com/content/new-hope-digital-identity
Temoshok D, Abruzzi C. Developing trust frameworks to support identity federations [Internet]. National Institute of Standards and Technology; 2018. doi: 10.6028/NIST.IR.8149
Makaay E, Smedinghoff T, Thibeau D. Trust frameworks for identity systems [Internet]. Open Identity Exchange (OIX); 2017. Available from: https://connectis.com/wp-content/uploads/2018/05/OIX-White-Paper_Trust-Frameworks-for-Identity-Systems_Final.pdf
WebAssembly [Internet]. Mozilla Developer Network (MDN) Web Docs; 2021 [cited 18 March 2021]. Available from: https://developer.mozilla.org/en-US/docs/WebAssembly
Rossberg A. WebAssembly core specification [Internet]. W3C Working Group. W3C; 2019 [cited 18 March 2021]. Available from: https://www.w3.org/TR/wasm-core-1/
Kaptijn B, Gort S, Stöcker C. X.509 DID method [Internet]. Web of Trust Info. GitHub; 2019 [cited 22 February 2021]. Available from: https://github.com/WebOfTrustInfo/rwot9-prague/blob/master/topics-and-advance-readings/X.509-DID-Method.md
Sovrin Governance Framework Working Group. Sovrin governance framework V2. Sovrin Foundation; 2019 [cited 22 February 2021]. Available from: https://sovrin.org/wp-content/uploads/Sovrin-Governance-Framework-V2-Master-Document-V2.pdf
Callahan J, Vescent H, Young K, Duane D, Appelcline S, Othman A, et al. Six principles for self-sovereign biometrics. Web of Trust Info. GitHub; 2019 [cited 22 February 2021]. Available from: https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-spring2018/blob/master/draft-documents/Biometrics.md
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2021 Victor Dods, Ben Taylor
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors retain copyright of their work, with first publication rights granted to Blockchain in Healthcare Today (BHTY). Read the full Copyright Statement.
