Introducing NIP-82: Medical Data over Nostr
It's a very early draft. A conversation starter for the private exchange of any medical information over Nostr with consent management and access revocation.
My goal here is to start with the simplest solution that can possibly work. Let me know if it doesn't.
Great idea!
🤔
Thank you so much for your hard work!
Ehat would be the purpose / usecase of sharing such information on nostr?
typo... what?
How strong of ties does Flux network have with Nostr. Just curious.
WTF?
I don't understand, someone englighten me to the purpose of putting my medical records on nostr
This seems like a profoundly bad idea on the face of it. Moreover, in the US, there’s no way this passes HIPAA compliance.
* HIPPA
I think it does pass, easily.
More power to you, but I wouldn’t want to be a private company on the other end of an audit trying to convince HHS.
Who said it has to be a company? Maybe a patient is putting up its own relays...
As a company that has provided such services for the past 15 years, I could easily put a relay up.
none of any of this will ever pass compliance
I have done compliance for these types of systems for 15 years. I think it passes.
You honestly think nostr will pass compliance? 🤔
Yep. HIPAA is not that hard.
Nostr, not HIPAA.
Interesting use case though.
Medical records being self hosted for your Drs to access.
Worth exploring.
Regardless of the uptake of this NIP, the discourse will be useful context for defining the boundaries of what notes and other stuff is or isn’t.
As far as I’m aware I don’t know such a list exists.
As I understand Vitor’s fiat business I think is related to medical notes. Looking forward to the discussion.
Nah #[0]
Vets also need this. Getting my animal’s records transferred between vets is a nightmare. If I could custody the data and give the vets of my choice access to the records via an npub would be 🔥.
#[0]
Good point.
Can I ask how Nostr relates to Solid protocol (based on self sovereign identity). Seems sharing same vision? Is there any relation or cooperation? Why not join forces to accomplish a shared vision. You´re initiative seems perfect for staring in Solid pods for example.
No idea what Solid is. But if it is good, I am sure somebody will make a bridge between Nostr and Solid.
Thanks for your time, astonishing to realize your reply but maybe that says more about my lack of understanding about Nostr possibly so I really need to dive in a lot more. However your work on sharing and controlling your own med data is in line with their vision and work. https://solidproject.org/about
Thanks again.
Hospitals can maintain their existing confidential record keeping processes with the advantage (from their pov) of lowering liability since they're no longer responsible for granting permissions. Adoption might require a plugin or patch that creates an automated way to extract data from their existing EMR system.
Most hospitals/nursing have medical data stored on cloud servers via web software.
That software is called Epic… fitting name because it costs hospital systems an incredible amount to implement. Billions with a B
https://ehrintelligence.com/news/amp/top-5-most-expensive-ehr-implementations-of-2017
There's a lot more then epic. Lots of software, most all cloud based.
Not true, it’s becoming very centralized. 1/3 of healthcare systems are on Epic. As they buy smaller regional hospitals and practices they too get Epic (which is happening, true private practice is rare these days).
Also Epic is cloud based.
https://www.healthcareitnews.com/news/epic-still-leads-ehr-choices-among-large-orgs-says-klas
Wrong. I deal with 4 verticals , government, health, education and manufacturing. I can't say the name of the software, because I don't discuss details of my job. But there is a large amount of hospitals / nursing homes that utilize our software.
Rhymes with burner?
I’m not disagreeing with you. Of course there’s lots of software out there. But it’s centralizing to a few companies, with Epic having the largest market share and the most growth.
I work at a hospital that uses Allscripts, and we are moving to Epic later this year because of billing capture, and interoperability with other systems among many other reasons. Just like big tech, EHRs have been, and will continue to centralize to a few key players.
Epic will have a run for its money. The software I do tech support is unreal , some of the clients of this software is top 10 market cap companies/organizations. Companies everyone has heard of. Really wish I could say more. But don't want to discuss anything that could cost me my job.
Just realized how bad my spelling and typos are . Sorry I am running on low sleep
Yes, but your PHI is also stored in multiple secondary proprietary clouds before it’s integrated into the user EMR. Any time you’re hooked up the a monitor, you’re “deviced” by a nurse and your data is on a cloud owned by Philips, GE, Mindray, etc
The cloud it's stored on is not owned/rented/ran by Phillips. Philips is simply the hardware. The data is synced with software and that web based software would be the one responsible for cloud storage. I know someone who sells these units. And I also do tech support for software that works in conjunction with the hardware
I’ll defer to you as the expert. It seemed that each of those companies presents their data management in ways that confuse a simple doctor like me
Yeah , but it kind of reminds me of going to the grocery store ,, 200 different options from 4 competitors. Lol. I’ve scanned about 5 million medical records, in fact , I”m extracting silver from X-rays I got stuck with currently , having the worlds largest staple ball should be proof enough , lol.
What’s left of my business currently are customers we built case management apps for in our platform , ap, hr, ,,, whatever , AWS and on premise installs too .. I’m delivering pizzas part time though. I have one full time manager running support
Funny, Flux runs a relay for Nostr. Flux released info about medical application with there blockchain. I am thinking this is tied. We will see 😅
#[0]
interesting
I’m a physician and totally on bord with people owning their med data- and sharong what they need to share if clinically warranted. Like the 30 yrs okd may not want the ER nurse to see that he had Chlamydia 3 times 10 yrs ago. Not relevant and personal. Build it! 👌
Agreed. But that 30yo might not know that something they are hiding might be an important element in the diagnosis… there should be a flag that indicates to the physician that something is hidden
Not saying all cards need to be on the table every visit, but maybe that 30yo contracted syphilis also and now has syphilitic aortitis as the diagnosis for his new onset chest pain
💯❗️(I just had a pt with Q fever aortitis… rare! )
😳
Right? ID figured it out- farmer putting his hands up animal uteruses for difficult births- he did not tell me about that! Presented twice in 15 yrs with leaks 😳
I have a lot of respect for docs like you who can hear those hoofs and rule out horses to find the zebra.
Most of my patients have defined themselves before I get my hands on them.
So interesting!
Family med is a lot paperwork and boring refills, but I do love the babies to 100 yr old pt spectrum of practice, and knowing my pts for 15 yrs now. Pretty cool You guys tho are the Gods in the hospital 🏆💉🩸💉
True. I think maybe something like you can ask, in a complex case or an appropriate setting « hey, I’m your treating physician right now- you need to trust me and I need to know everything »
Someone coming in for a wart is not the same as someone coming in for general anesthesia. Agree that pt often have no clue that me knowing they don’t have an appendix and gallbladder is pretty important in an abdominal pain consult and knowing they take Viagra (which they always omit) is pretty important if I’m gonna give you nitro.
Yes. And that’s the thing: most doctors don’t humanize themselves and speak mano a mano to their partner, the patient.
My medical records already exist, but I feel no reason to link it to my browsing history, online preferences, etc, anything associated with my online identity. Putting it on Nostr doesn't make me own it, it just adds another copy of it, because the other pre-existing copies of my medical history still exist.
I know this is the type of thing you used to work on, but it really makes Bitcoiners nervous.
You can create a new nostr identity just for your medical records. You can link or not link. It's up to you.
I find it interesting that you said bitcoiners are nervous. This is by far the most freedom-oriented idea within health care that I know of. bitcoiners should be in full support of it, not against it.
The current system doesn't offer any freedom at all.
Vitor, kudos to you…what a moonshot! Seems like an uphill battle, that has left Google Health and Apple Health struggling to succeed. But it’s definitely a worthy problem to solve.
If you’re interested, we have a group of doctors here and we use the tag #docchain Some of us have a background in medical informatics and EMRs as well. Let me know if you’d like to get in touch, we have an active TG group.
🎯
Bring it on. I need to know if this simplistic design will work or not. Otherwise, we need to go into more complicated solutions.
Sounds good… expect an invite to the group from either #[5] or #[6]
Looking forward to helping put patients and their relationship with their physicians first 🤙
Our province here in 🇨🇦 just implemented province wide EHR for all (public funded healthcare). I find it somewhat invasive for patients.
It’s very convenient for the Docs and helps a lot clinically in many scenarios, because I can see quickly what the pts history is and that helps for care and safety. But, it is built in a way that I see more that I need sometimes (like an OD 10 yrs ago). Things that I don’t need to see if coming in for an ankle fracture… and maybe pt does not want me to see all that. Also, Nurses, pharmacist, secretaries have access with a « permit»
Just some Sunday night musings here thinking about how no one really has full privacy regarding their health now, and with these EHRs it’s getting worse, they are wanting to integrate vaccin status too 🧐
Actually, that picture you paint sounds much better than the way things are, privacy-wise. I would definitely love to see that system replace the current one.
However, I do worry about the effects of creating a too efficient system. For example, if data can be more easily shared, data may be more likely in society to be demanded, as it was during the pandemic.
Countries more comfortable with digital surveillance had stricter lockdowns and contact tracing frequently aided by technology.
Nice point. My counter argument is that visible surveillance is better than invisible surveillance. What happened during COVID has happened for years behind the scenes. It is just hidden from us.
What part do you see regulations (data privacy/ HIPPA) playing in all of this? Even if the relay has no "access" to the data, the responsibility of record security has shifted from hospital to the relays (more vectors to attack). In the name of the "peoples protectoooooors", govts likely to fight back against this. A hurdle but not insurmountable.
Patients (in the US) have a right to request their data. Once they have it, it's theirs to do as they please. But the #medpleb movement would require the people to get off their ass and actually get them.
The only thing they can do is to go after relays that decide to host medical data for their users. But that is easily solved with an MDDS registration.
Do it, Vitor
I’ve worked on DID and EMR systems before that… but this doesn’t quite work, IMO.
The concept can be beautiful, but it feels rushed and the infrastructure to share, own, access, analyze aren’t in place just yet.
It’s an amazing accomplishment, but what makes it necessary? I’m a big believer in “develop only what’s needed” and I’m wondering what pain points this solves without a real deal DID or medical ecosystem that utilizes what you’ve built?
I could be missing so much. Not at all an attack, just some questions from a nerd, man.
you've gotten enough comments here so I'll keep this short:
No.
Not a good idea.
The medical establishment are nothing but devils, and giving them another tool by which to hoodwink the innocent people of the world that "don't know shit" about computers, is not a good idea, and will not end well.
Cheers.
Idea of onchain medical records have been explored several times before over the years. Nostr presents an interesting potential solution.
#[0]
I can see medical data specific relays cropping up. Paid relays will likely happen. User has the ability to pick not only who gets permissions to view their data but the relays they trust to route it through.
Private database as in storing encrypted information that isn't social related.
#[3]
Alright Vitor! Time to make your way over to #docchain for the telegram link. DMd you 🫡
I've been wanting to have an EHR that was the patient's and not the enterpise's, like Epic EHR. I just wasn't sure how to even get started with something like this.
As a physician myself, I would LOVE some innovation in the EHR field.
Id be excited for patient-owned records if done right.
#[1] I think you need a private relay proposal to go along with this one. We will need private relays for other things as well (e.g. a company-internal Slack alternative), and unless I just missed it I don't think there's a NIP for that yet.
The socket handshake would need to be authenticated with a signature to prevent unauthorized access, probably with a pubkey whitelist on the relay side. (There's currently a NIP for doing authentication *after* the socket is open, but that's insufficient IMO.)
Clients / users also need a way to make it very difficult to accidentally share data with unintended relays. Maybe private relays should enforce that all requests be sent encrypted with the private relay's own pubkey or something. So if I'm logged in to a private account in my client, the client will connect only to a specific relay and encrypt everything just for that relay.
#[0]
What we (medical docs) need is a medical relay (fork of Nostr relay) that is run by or for an EMR vendor and hooks into the EMR to be able to make referrals to specialist and to receive reports back from specialists. The patient would also have access to the referral process and will be able to see if a referral has been made, has it been accepted by the specialist, appointment date, specialist report. Medical relays from different EMR vendors need to talk to each other so that Dr X can refer to Dr Y that is on a different EMR.
Yep, medical relays can really turn regular ehrs upside down. They would be forced to interoperate instead of having interests in siloed ecosystems as of today.
In my day job I deal with these walked garden MHR systems/companies and they are a pain in the ass. I hope this works. It would be great for the patients.
Roaming, you should join #docchain
Cc #[5] #[6]
🫡💪
I would not host full medical files due to storage and privacy issues. But that said, I think there is money to be made by Devs that can pull this off.
Yo, doc. Doc here. Come join the party at #docchain.
?cid=2154d3d7yr9s0u8dtnmhnzn8tihyjdw65i1nuhsp2zr289s1&rid=giphy.gif&ct=g
Your post is getting a lot of views.
Added to the https://member.cash/hot feed
This is amazing but would definitely have to make sure that all information stays private, obviously.
This is really interesting. I used to work for a company that operated as a data steward for hospitals to analyze their claims data, and there was always a lot of discussion about FHIR. I could definitely see companies like this being essentially private relay operators, with EHRs integrating with them. If there were a sufficient number of private relays with hospital contracts, they could create a pretty well distributed network that would enable me as a user with a log-in to an EHR, to instantly share my record with a different health system. A lot of the data “risks” of third parties holding medical data are already being taken today for the purposes of analytics and research. The same compliance rules and standards could apply to relay operators that accept this data. I’m envisioning a much harder barrier of entry for relay operators, being gatekept by those that health systems are wiling to write to (obviously an individual can do whatever they want with their own data outside of HIPPA standards). Super interesting idea.
Thank you Katie! I think private relay operators can really be a game changer for health care systems.
If I could design the whole thing from scratch, I would make a upvotable summary of a patients PMH so that both the docs and the patient can bring what they think it important to the forefront.
My wife still has “history of vaginal birth” as a primary diagnosis on her record after delivering years ago
This is ambitious. Can't say I would ever want to put medical data on nostr. I see it more as a very effective way of broadcasting public communications.
Interesting idea! I expect this idea to be polarizing.
#[1]
Interesting, hopefully this will get adoption. Medical data transfer is an absolute mess here, doctors have to use a govt monopolized device to connect to the network and pay horrendous fees for it afaik
huge potential for clinical research
Looks good to me.
Sorry for hijacking. But I need some feedback for this proposal instead. Requires little to no NIP to make this work. Wanna see if I’m missing something
Okay. After the last 3 years of Medical tyranny, seeing this heading trigger panic 🤣
Don't you think it needs some kind of metadata protection?
Maybe SimpleX would be a better bet? If anything at all.
Why does this need to be over a formalised decentralised network again?
Can't the patients just hold on to it on their own devices and give it to whomever?
That's the biggest question. Do we really need it? Or is it just a good to have for V2?
Excellent proposal Vitor. I work as a doctor, I have 2 MD.
In my country, medical records are a patient's right protected by law. In 48 hours or less you have access to a copy of your entire medical record. But this proposal further elevates privacy and data protection by making the patient's medical record the integral property. And there are no multiple medical records or duplicates if one is treated in different institutions, nor are records or data lost.
Congratulations and in what I can help count on me 👏🏻
We need to keep privacy and security of the data at max level in order to make it work. Maybe with private relays in every clinic or hospitals.
Is this mainly to solve a problem in the US?
But well: go for it 😘
NAK. This is a complete 180.
