Nosh: Nostr and Sharing Health Data
by PathCheck Team | Mar 13, 2023 |
Today, if you want to share your electronic medical records (EMRs) with different doctors or healthcare systems, either domestically or internationally, you have to log in to a portal, download your data and then send it to them either through another portal, email or in many cases by fax. These various standards can cause all sorts of problems, like null responses or broken links due to a lack of interoperability between them. This also creates various attack surfaces for hackers to steal your health data.
Nostr is a new, open protocol for social networking and messaging that has been embraced by millions of users around the world since the debut of Damus and Amethyst (Nostr-based iOS and Android clients respectively) in February. Its name means Notes and Other STuff over Relays. Here, we’re going to discuss the “other stuff” that can be shared and specifically how health data can be shared using what we call Nosh: Nostr for Health.
Nostr can be an ideal platform for sharing EMRs between healthcare providers and patients when coupled with HL7 FHIR standards and add-ons that Nosh-enabled clients can incorporate. Here are the main benefits of Nostr/Nosh:
- Tamper-proof, interoperable data exchange - Less attack surfaces
- All EHRs use/post to the same user id/relay - No more data silos / patient identification issues
- Patient in control - Direct consent for data sharing
With Nosh, you are the true owner of your EMR, so there’s no need to log into a central server. You simply share your EMR over various private relays with your own trusted, registered healthcare providers who can receive your EMR using HL7 FHIR standards. They can then add notes and update your records for any other doctors with shared access to see. And because these relays would exist within ad-hoc VPN tunnels there is virtually no attack surface for hackers to steal your data.
Using Nosh, we can also establish standards for sharing health alerts and medical bills with various public or private relays, so now you can use selective disclosure to crowdsource your rare disease, verify your medical bill on GoFundMe, receive localized health alerts, or even get paid* to share your health data with clinical research organizations, or not – never again would someone like Henrietta Lacks have their DNA or health data used without their consent.
*Both the Amethyst and Damus apps for Nostr allow users to ‘zap’ Bitcoin to each other by integrating with various wallets that support the Lightning Network and the Nostr Zap function. Some of these wallets will automatically convert those BTC to your preferred currency without any fees, so Nostr can already offer a powerful payment gateway as a means to monetize your own health data.
By building on top of Nostr we can take advantage of their growing developer community and available smartphone clients like Damus and Amethyst, while combining with the HL7 FHIR developer community and WHO SMART Guidelines to maximize interoperability with all nation states, agencies and providers. This interoperability effort is already being spearheaded by WHO and Google in partnership with the PathCheck Foundation - today over 4,000 healthcare and public health organizations have joined the global trust registry.
Like with Nostr, no one will own Nosh, allowing anyone to quickly and easily develop new clients that can leverage these new standards. However, it is important to note that implementing a decentralized identity management system requires collaboration and coordination between various stakeholders, including patients, healthcare providers, regulators, and technology providers. It also requires careful consideration of data privacy and security concerns, as well as the potential risks and benefits of such a system.
Nosh would also impact pandemic response and preparedness. During the COVID-19 pandemic, we all witnessed first hand the technology gaps and challenges that public health agencies faced trying to engage with their respective communities in real time. A proliferation of misinformation and contradicting advice ensued. Nosh helps fill these gaps with technology solutions that increase citizen engagement and empower citizens with control over their own health data, allowing them to share those data securely with any agency they trust. This way when the next Disease X emerges, they can actually detect in medical records rather than wait months for testing to be established.
Nosh also solves several problems that currently exist in how EMRs are stored and retrieved. Take Maria Garcia for example. In Harris County, TX there are 2,833 Maria Garcias – 528 of whom share the same birthdate. Since EMRs are located by name, location and birthdate this means many Maria Garcias health records are intermingled, causing confusion and putting them at risk. Because Nostr already solves for identification using public and private keys and record location through unique note IDs, this eliminates the need for patient matching, while patient consent simply becomes a variable within Nosh.
So here is Maria Garcia, one of 2833 women who share her same name in Harris County, TX. Currently her medical records exist in different forms between various EMR siloes across different providers, so additional effort is needed to match her records so she isn’t confused with another patient. These are essentially all loose records that need to be connected before administering any care, and unfortunately that doesn’t always happen.
But with Nosh, Maria Garcia is not only the true owner of her EMR, but she is the only Maria Garcia with her Nostr public and private keys, which are then validated along with the data to the trusted, registered providers that she chooses to share the data with.
Now Maria Garcia can share her single EMR across a variety of decentralized public and private relays with whomever she wants. Those same relays can then be used to recall her EMR without being centrally located or siloed by a single owner.
Finally, here is a screenshot of a Nosh integration in development for the live Amethyst app on Android showing an example of a patient’s messaging experience with their medical providers. In this case, the patient named Vitor is sharing his medical record with his Health Team which includes Dr. Edo and Dr. Liz, who can both verify each other’s credentials. No need to log into a health portal. Every note becomes a part of the EMR for any trusted medical provider of Vitor’s to see. Even if Vitor loses his device, so long as he knows his private key he can download the Amethyst client again and instantly retrieve his data from the relays he used to share the data with his providers.
In conclusion, Nostr can be a game-changer for the sharing of health data, especially for electronic medical records. It offers a secure, efficient, and privacy-preserving platform that can provide patients with greater control over their health data, while still allowing healthcare providers access to the information they need to provide the best possible care. As technology continues to evolve, we can expect Nostr to play an increasingly important role in the sharing of health data with the standards presented in Nosh.
Want to help build Nosh with us? Sign up to become a volunteer and join the OPDH Working Group.