CARIN Alliance

Javed Shah: You do that.

Robert MacDonald: Hi, everybody. Welcome to our IBA Friday. We've got Javed. We've got a special guest today. Back by popular demand, Sheetal is with us. Hi, Sheetal.

Sheetal Elangovan: Hey, guys.

Robert MacDonald: Do your kids play video games, by the way?

Sheetal Elangovan: My daughter's six, and we've not introduced her to the video games yet.

Robert MacDonald: That's very smart. Very smart. What about your husband? Does he play?

Sheetal Elangovan: He does. He loves the Xbox, but he's banned right now.

Robert MacDonald: He's banned.

Javed Shah: [inaudible 00:00:34] video game, sorry.

Robert MacDonald: That's funny. All right. Javed, we've got Sheetal on today because she's going to talk to us about some of the work that she's been doing with the CARIN Alliance. Right, Sheetal?

Sheetal Elangovan: Yes, that's right.

Robert MacDonald: So why don't we start with this: Who is or what is the CARIN Alliance?

Sheetal Elangovan: So the CARIN Alliance is a nonprofit entity that is associated with the government. Their vision is to make sure that patients are able to share the data effectively. Today's [inaudible 00:01:14] your health information as a patient is distributed across so many different portals, so many different providers. There is no effective way for a patient to know where they are present and effectively share them across multiple providers or even pharmacies with your insurance. So the vision of the CARIN Alliance is to really provide an effective way, a person-centric approach to making sure that a patient is able to effectively transfer their health data.

Robert MacDonald: All right. So CARIN Alliance is all about healthcare space, trying to help patients like ourselves. It's very different in Canada than I'm sure than it is in the US, but similar problems, how they can manage their data. Javed, sorry, did I cut you off? Do you want to say something there?

Javed Shah: No, I think the scope is pretty broad, isn't it? Just imagine trying to connect aligned parties; trying to use some of that information to provide value added services to patients, and by extension to the providers themselves, potentially the doctors, the physicians, while ensuring the data has to remain secure; complying with laws such as HIPAA; and using modern technologies like OAuth2, IDC for secure transport, secure federation of that data.

I guess the CARIN Alliance is really, really important and has done a lot of work, actually, in the area. It's brought together folks who normally would not be talking to each other, normally, working with each other to POC, these things. This special forum allows competitors even in the field to come together and discuss drafts of how things should be, how to secure the transaction itself, but also to ensure that the patient gets what they want. They get to go to any hospital they want for that radiology lab, so to speak, and the lab doesn't get more than what it needs to perform that test and relay it back to the doctor. As an edge use case, of course. Very interesting stuff actually. A lot of work going on, by the way.

Robert MacDonald: Okay. So based on that, and that's great. There's all kinds of things that are now popping in my mind in terms of, hey, that'd be cool. As I'm going to different doctors or as I'm going to different hospitals or whatever, all of my records come with me so the doctor can make a better decision based on what is going on behind the scenes in terms of what I've already been through.
But let's get into what kind of work did we do with the CARIN Alliance to get to the point where we're talking about it today, Sheetal?

Sheetal Elangovan: Yes. So as Javed mentioned, as part of the alliance, we did a proof of concept where different competing parties, providers came together. The core people who came together were credential service providers, like 1Kosmos, who provide verified digital identities. On the other side, there were aligned parties like hospitals, payers, these kinds of people. And then of course there was this big participation from the human health services, who was also trying to participate in the capacity of being an identity broker.
So a lot of people came together and we've been at this CARIN Alliance for the last one year. The POC itself was about how can we federate digital identity? How can we set standards around how I can share Robert's identity as a patient with different people so that everybody can pull up the same record about Robert? So that's what we were trying to do, specifically with the entire work was focused around how do you federate a user's verified attributes using OAuth and SAML. So that was what our work involved.

Robert MacDonald: Cool. So you threw out an acronym, and then the name of the acronym at the same time. If you take two seconds just to explain to everybody what CSP or credential service provider is. Maybe not everybody's quite familiar with that term. What does that mean specifically?

Sheetal Elangovan: Credential service provider is exactly what it says. It helps you. It's a service provider that helps you provide credentials about a particular user. We want to be able to authoritatively say, effectively say that Robert is who he says he is, and we are able to do that using verified government ID documents. We've verified your live biometrics that you've presented to us. So multiple ways to do it. But what we're able to tell you effectively is that these are verified credentials of Robert.

Robert MacDonald: Fair enough.

Javed Shah: Obviously there's a lot of background activity for being a full service CSP, so to speak. It's easy to capture your credentials and just federate it out. That's been happening for how many years now? Two decades. SAML was a vehicle for that, or OIDC became another vehicle for that. That's less of the point really than more of it is, well, is the journey a one-time journey for a user? They have to do it over and over again. If I have to walk into another lab because it was an outpatient procedure or whatever, and I have to get this new lab done, do I have to onboard myself again, prove myself again to this new hospital? I shouldn't have to. There has to be an entity that can vouch for me and me having completed that journey before.
So this construct of a master entity that can kind of vouch for you, act on your behalf, federate data on your behalf, but also provide a very nice, seamless, web-based journey or app-less journey, either way, for you, Robert, to onboard yourself. Maybe scan your government issued identity documents one time, have an assurance level. Okay, I'm obviously getting ahead of the topic here. Have an assurance level asserted for you by that master entity, by that CSP and keep it updated in real time.
So to really be that friend to you as an end user, to the point of it being person-centric, patient-centric. If it's not patient-centric, it's not really a friend to you and you're having to do the same thing over and over again. I think the bigger construct there.
Robert MacDonald: I guess at the end of the day, what something like this is doing is it's eliminating all the instances of me in all of these different spaces. So I can prove my identity once and then not need to do it, and it exists in everywhere else I go. It's just the one. I share it without one place that I go to, and then they don't necessarily own it. I don't have to leave all my documents there. They're portable. It's that idea of a portable identity. I can take it anywhere I go. That's kind of the concept?

Javed Shah: Yeah.

Sheetal Elangovan: Yeah, so-

Javed Shah: Absolutely, and there is some orchestration at play as well because not all providers want the same things. They don't want the same thing in the same shape or form. So there's definitely nuances in the domain.

Robert MacDonald: Yeah.

Javed Shah: But go ahead, Sheetal.

Robert MacDonald: With anything. Go ahead, Sheetal.

Sheetal Elangovan: Mm-hmm. Yeah, so as I was saying, right, it's about proving yourself as Robert once, and then using that data. Today, there are multiple providers in the ecosystem. But once we're able to send out verified attributes about Robert to all of these providers, these providers can pick up those attributes and find your health record. That's called patient matching. So being able to provide that singular view to a patient that says that, Hey, this is Robert's record across multiple providers. A CSP is access that one central point who can tell you that, "Hey, this is the record. Please go and fetch all of his records across multiple providers." So that's the kind of ecosystem that we're trying to build today.

Robert MacDonald: So Javed and I, and you've been on here talking about digital identity and when you federated it and the process behind onboarding a user. We've talked about all those things. But what's the experience that we're trying... I think you've kind of touched on it through some of the other questions I've asked, but what are the experiences that we're trying to unlock for patients, hospitals by leveraging our technology here?

Sheetal Elangovan: The first and foremost experience that we're trying to unlock is patient onboarding. Today, most things are digital, but as a patient, you have to walk into a hospital, present your ID to actually create an account. But digital identity verification has become so secure and so foolproof that patient onboarding can happen completely in a digital way. So that's one of the big pluses of having digital identity within this entire space.
The second aspect is making sure that once you prove your identity, we work towards giving every patient a identity wallet. So that identity wallet acts as your centralized identifier, helping you control your data across multiple providers. It acts as that singular ID. And then the other thing is also the minute you help a patient find their record across multiple providers, it unlocks a huge amount of service experience for you.
This was a real world scenario that was explained to us. If you are an old person, you are going through surgery and then you're in physical therapy and from there on you're going to at-home care, each one of these providers need to have access to your patient records. But today, it is not effective for all three providers to have access to your records. Having that CSP act as the centralized, unifying, authoritative source, tying your identity across all of these service providers helps a doctor give you more effective care because you're able to send your health records across all these people.
Finally, we've seen other experiences where if you want to connect to multiple pharmacies and get the best rates for medications, we're able to unlock those kinds of other use cases as well. So overall, really having a more patient-centric approach is what having digital identity can truly bring about.

Robert MacDonald: Cool. All right, so I think you wanted to show us a little bit of this, demo some of this. Yeah.

Sheetal Elangovan: Sure. Yeah. So as part of the POC, there were two things, and I'll just set this up before the demo itself. As part of the POC, we worked towards two work groups we were part of. One was the use case itself is that, let's say a hospital wants to make sure that every patient that comes in has been verified in the past. Then what would that kind of use case look like? So that's called the CSP standalone use case, where a hospital would directly integrate with 1Kosmos as and CSP and from there on provide services to their patients.
The second work group video is what I'm going to be showing you today. In this particular scenario, what we did work towards was the human health services, this trusted entity that we all hear about today, who would be acting as the identity broker. What do I mean by an identity broker? If you are a patient, anytime you need to interact with a healthcare provider, the first place you would land in is human health services. You land on a federal website. And from there on you move, the first step you need to do is create your account with human health services and from there on, and that's the video that I'm going to show you. Why don't I go ahead, share my screen and take you guys through it. Okay. Are you guys able to see my screen?

Robert MacDonald: Yes.

Sheetal Elangovan: Okay. Okay. Okay, sorry about that. Okay. So in this particular scenario, what happens is that a patient is landing on the site of human health services. So this is them trying to access a particular provider's website. Every patient is given the chance to work with any of the CSPs of their choice. Here, you can see multiple CSPs; you would opt for, in this scenario, we're seeing what it would mean to opt for 1Kosmos as a CSP.
You begin that entire journey. Your first experience is to make sure that we are able to provide you with an account. And as part of that, we're going to go through some email verification, phone verification sort of steps. And this is what your patient onboarding experience is going to look like. If you are completely a remote and you're going to try and create account with a provider, you go through email verification, followed by phone verification. And once you finish that, you have effectively set up your account with the human health services and you are ready to go. But now behind the scenes, Human Health Services has integrated directly with multiple providers. It can be hospital A, hospital B, payer one, pharmacy two, all of these people. We need to go send out records about me so that they can fetch my record across different portals. How would that work? In order to do that, we need to make sure that my identity is IA-2, which is of a high assurance level. I'm going to go through the proofing exercise so that we can get verified attributes about me.
So this is a patient. They're going to have to verify their identity before they go ahead and connect to any provider to find their records. So I'm just going to hit verify with 1Kosmos. What I'm really doing here is making sure that I, the user, am set up with an identity wallet. We're a privacy first company, right? We want to make sure that anytime patients share data with us, it's always secure. It is protected by the private key of the user, and they go ahead and prove themselves. You start off with a driver's license. The most effective way to prove that you are who you say you are is with a government ID. So in this case, I'm using a driver's license.

Robert MacDonald: You're not going to show your driver's license here, right?

Sheetal Elangovan: No, I'm not.

Robert MacDonald: Okay, good. It's blurred out right before we jump into that.

Sheetal Elangovan: Yes, I did blur it.

Robert MacDonald: Okay, good. Excellent.

Sheetal Elangovan: Smart, Robert.

Robert MacDonald: Just want to make sure.

Sheetal Elangovan: I wouldn't offer an INT wallet and then go put all my information [inaudible 00:16:19].

Robert MacDonald: Listen. I work with Javed, don't forget. So I have to make sure that I'm using lowest common denominator here.

Sheetal Elangovan: Okay, so that's the user going through proofing, having their driver's license set up with verification.

Robert MacDonald: And this is an app-less process you're doing right now, right?

Sheetal Elangovan: Completely app-less process. [inaudible 00:16:42].

Robert MacDonald: It's all done through the browser.

Sheetal Elangovan: Yep.

Robert MacDonald: Okay.

Sheetal Elangovan: Completely that, and then we're adding in some information about the driver's license. In some scenarios where there are times where we are not able to verify all parts of your information. So we could resort to using some additional signals like using your social security information. So here you'll see that you can optionally add in a social security number, which gives you additional information about the patient. At this point, the user is proofed. They have all the information about the particular user. And this can be federated to entities. You're sending it to the human health services, and they're going to have [inaudible 00:17:26] records for the [inaudible 00:17:27] different. Sorry about that. I hope you can't hear my dog barking.

Robert MacDonald: Oh, it's all good. We all work from home, so it fits fine.

Sheetal Elangovan: Okay. Great.

Robert MacDonald: My kids are screaming just outside the door here. It's all good.

Sheetal Elangovan: Okay. So that's just a quick thing. So now you can see that I'm on the human health services. My identity has been. Now, I am totally allowed to go ahead and access my record across multiple providers. So that's the kind of use case that we're trying to... Okay, hold on, hold on, hold one second. [inaudible 00:18:01].

Javed Shah: Kept appearances. [inaudible 00:18:05] are bad.

Robert MacDonald: It's awesome.

Sheetal Elangovan: Yeah, that's the kind of skills that we're trying to unlock with respect to healthcare companies.

Robert MacDonald: Awesome. She's okay.

Sheetal Elangovan: Yes.

Robert MacDonald: That's why you got to get her to play video games. That's funny. Okay, Sheetal, listen, that was awesome. So a couple things there. If you're watching closely, that was a completely web-based workflow. The stuff that was on the phone, there was a text that was sent to get access to the camera so we could do the capturing, but it was all sending everything back to the web browser to do that app-less based onboarding, which was super, super cool. But yeah. Listen, Sheetal, that's cool stuff. Anything you want to wrap up with? Or Javed?

Javed Shah: No, very good. Very nice. I think it's a very powerful use case to be honest. It's just a tip of the iceberg. There's so much more to do. But this was a nearly out-of-the-box capability that we could just jump into the POC and very rapidly, I think it took less than a month of hands-on deck to just get this out POCed, and have [inaudible 00:19:26] mentioned in that success report, which is really nice.

Robert MacDonald: And then, I guess, when is this all going to be available to people? Is that coming in the near future or is it still under POC? Where are we Sheetal?

Sheetal Elangovan: So with respect to the POC, we're still considering all of these Moderna set standards. But the overall ecosystem is ready for this. If a singular hospital wants to go ahead and make sure that every entity that they have is identity approved, that's an use case that you can immediately unblock. Integration is quite easy. So that's where we're at today.

Robert MacDonald: Awesome. Yeah.

Javed Shah: It's important to understand is the POC is from the CARIN side of the house. Our capability already exists. What you saw was us integrated into their POC. We are already ready.

Robert MacDonald: Yeah. All right, hospitals, give us a call. All right everybody have a great weekend. Thanks for coming by to our latest IB Friday, and we'll see you again in a couple of weeks. Thanks everybody.

Javed Shah: Bye.

Sheetal Elangovan: Thank you. Bye.