Trust over IP framework allows improvements in the delivery of Telemedicine services
In March 2020 the Ministry of Health and Family Welfare published the Telemedicine Practice Guidelines — Enabling Registered Medical Practitioners to Provide Healthcare Using Telemedicine. With the lockdown (shelter-in-place) guidelines due to the COVID-19 pandemic, patients across the country were having enormous difficulties in reaching out to doctors and continuing with the well understood doctor-patient relationship. The guidelines are mostly in the form of best practices but they establish how a digital transformation is going to come about in everyday life.
We are familiar with the concept of physical credentials. We use them as part of our daily life and present them at a multitude of interactions. The W3C defines a verifiable credential as
A verifiable credential can represent all of the same information that a physical credential represents. The addition of technologies, such as digital signatures, makes verifiable credentials more tamper-evident and more trustworthy than their physical counterparts.
Related to a verifiable credential is the concept of digital identity
A type of Digital Representation that uniquely identifies a Subject within a context, and is used exclusively by that same Subject, or by a Person acting on behalf of an Organization, to access online services with trust and confidence.
The Telemedicine practice guidelines focus on 7 aspects (Context, Identification of RMP and Patient, Mode of Communication, Consent, Type of Consultation, Patient Evaluation and Patient Management)involved in the effective delivery of medical consultation. Of these the 3 key areas where identity and credentials can enable privacy, security and transparency are
- Identity of the parties involved in the engagement (Sec. 3.2)
- Consent based consultation (Sec. 3.4)
- Prescribing Medicines (Sec. 3.7.4)
In addition to the above, there are requirements around exchange of information (Sec. 3.5) maintaining a digital trail of the consultation process (Sec. 3.7.2).
There are substantial challenges towards a robust implementation of telemedicine — availability of medical staff; accessibility to patients and the availability of network infrastructure (voice, data) to make this a good experience. However, the guidelines hope that with “telemedicine, there is higher likelihood of maintenance of records and documentation hence minimalizes the likelihood of missing out advice from the doctor other health care staff. Conversely, the doctor has an exact document of the advice provided via tele-consultation. Written documentation increases the legal protection of both parties.”
The transition from an interaction that has traditionally been high-touch and depends on extensive in-person consultation to one that can be engaged with confidence over phone, public internet or text presents a substantial set of challenges. The first of which is the question of identity
- Is the individual I am sharing information with authorized to receive the information to provide medical consultation
- Is the individual desiring to seek a consultation truly who they claim to be
Trust over IP (ToIP) based verifiable data exchanges allow such initial credentials to be established leading to increasing trust, confidence and safety of the interaction. Since the guidelines clearly indicate the requirements to be a Registered Medical Practitioner (RMP) offering telemedicine counselling, the patient initiating the conversation can request and verify the credentials presented by the doctor. Similarly, the doctor can ask for and review the bonafides and based upon consent of the patient, the set of documents which make up the medical history. ToIP credentials are built from a foundational government issued identity. Thus, based on the requirements of the consultation, the patient can create a composite set of credentials to present and satisfy the physician of their identity.
The exchange of credentials based upon a system of request/approval is a fundamental piece of the ToIP based system — the triangle of trust. In this there are 3 main actors — the issuers of credentials; the holder of those credentials and one who wants to verify the credentials. The verification process is consent based and is initiated when the holder presents the set of credentials to establish that they meet a certain criteria.
Once the credentials are verified, the consultation process would proceed with the discretion of the RMP based on the purpose — non-emergency first consultation or follow-up consultation; emergency consultations leading to in-person care with a medical practitioner. Telemedicine consultations also encompass the range of interactions which are commonplace in daily situations — between patient and a RMP; between two RMPs; between a caregiver and a RMP and between a health worker and a RMP. These interactions — especially ones where another individual is engaged in consultation on behalf of the patient can be represented by the topic of guardianship and especially digital guardianship constructed for the realms of managing digital identity, claims and scope of rights enabled. Self-Sovereign Identity considers guardianship as one of the core principles and allows creation of special relationships which enable various levels of access for a delegate or a guardian to manage identities and credentials on behalf of the owner of those credentials. The context based approach to guardianship allows this to be modeled along social norms we are familiar with as well as ensure that there are temporal limits which can be put along with the availability of the rights.
Subsequent to the consent to initiate the telemedicine consultation is recorded (and this can be done in an immutable manner on a distributed ledger thus creating the documentation to supplement the medical history) and the RMP seeks additional information (Sec 3.5.1 in the guidelines) around the medical situation, the patient can create the packet of information to be provided to the physician as part of the process. At each stage of the process, the request/response and approval is recorded and friction in exchange of data can be reduced. The physician can also be assured that the credentials shared are tamper evident. Recommendation from the physician in terms of in-person visit to investigate a topic which cannot be easily handled through telemedicine can also be recorded and shared with the assigned physician or health worker as part of the instruction set.
The key concept in this form of engagement is high levels of trust originating from the confidence in the accuracy and veracity of the data being exchanged and the attribute of being tamper evident. As part of the Patient Management (Sec. 3.7 in the guidelines) and especially related to the prescribing of medicines (Sec 3.7.4) verifiable data exchange allows for all attributes of the prescription to have digital contexts. So, the RMP can generate a prescription which records the date/time and type of consultation; list of prescribed medication and dosage along with any relevant information which is required for dispensing the prescribed medicines. The prescription is shared with the patient in form of a credential which is signed by the RMP. This is then presented at the pharmacist along with the set of credentials which form the requirements at the pharmacy for receipt of the medication.
The guidelines also envisage a scenario where the RMP can send the prescription directly to the pharmacy subsequent to recording the consent from the patient. Again, this form of exchange is recorded immutably and forms a part of the document trail. At the pharmacy, the credential is verified and if found to be resulting from a telemedicine consultation, the specific restrictions on categories of medicine would be included in the business logic which leads to the creation of the bill for the patient. If a specific prescription contravenes the in-place guidelines based on type of telemedicine consultation and the list of medicines prescribed, the pharmacist can duly note the reason to refuse dispensing the prescription and this would be recorded in the transaction history.
The interaction at the pharmacy and data exchange helps in seamlessly addressing the following
- Is the prescription being presented by a person authorised to seek and receive medication
- Is the prescription issued by a RMP expected to issue a prescription
- Is the prescription providing detail of the kind of consultation
- Is the list of medicines complying with the listed categories of medicines
The Trust over IP based frameworks are designed to translate familiar models of interactions and engagement and empower users with security, privacy and control. The nature of verifiable data exchange underlines the importance of confidentiality and frictionless sharing of just enough information to complete an interaction. One starts with a set of foundational IDs and over a period of time the acquired portfolio of credentials allow interactions based on consent, ownership and control. This helps in complying with existing regulations and being able to seek and receive services such as telemedicine services without the fear of receiving inaccurate information or, accidentally sharing data which was not meant to be shared in the first place. The presence of a robust governance framework created around privacy, security and inclusion are the drivers towards improving the quality and focus of delivery of the telemedicine services.
