Right now we need embedded health as much as embedded finance

Embedded finance is great and I love having apps on my phone that take care of the interface to the tedious world of banks and money so that I don’t have to deal with them. But embedded finance doesn’t get me out of the house. And it can’t get me in to watch Manchester City again. It can’t get me on a plane to Singapore. Perhaps to get the post-COVID economy moving again, embedded health APIs will be more important than embedded finance APIs!

What’s the point of having all sorts of clever instant credit, credit transfer and buy on credit mechanisms that I can use to buy a new shirt if I am not allowed to go to meetings? Why bother with fancy QR code contact-free dining experiences if I am not allowed into a restaurant? How do I benefit from sophisticated electronic tickets dropped directly into my phone when there is nowhere to go on the train? What is needed to ease the economy back on track in the recurring pandemic, new normal world is the ability to show a vaccination record as well as a plane ticket and a negative test result along with a restaurant booking.

In fact, so pressing is this need that I might go so far as to predict that the virus shock may well mean a quantum leap in strategy in the world of digital identity: what if it is not finance or government, as most of us had assumed, but travel and hospitality that drives digital identity into the mass market?

Barman

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

It is actually pretty easy to imagine the customer journey with embedded health. I go online to buy ticket to see Hawkwind in concert at the London Palladium in May but in order to check out I must first present a certificate to show that I have been vaccinated against COVID-19 (I’m afraid that the Hawkwind fan demographic renders this necessary) and a certificate to show that I have been vaccinated against Yellow Fever or whatever else the London Palladium demands from would-be patrons. I present the digital certificates and go about my day.

That is quite easy to draw as some boxes and arrows mapping out a customer experience journey on a whiteboard, but what has to happen to make it a reality? That’s where things become a little more complex.

Vaccine Passports

There are some well understood issues around identification and authentication but to my mind these are largely solved. There are plenty of companies that can do digital onboarding pretty efficiently (indeed, I am an advisor to the board of one of them, Au10tix) and there are plenty of companies that can do authentication: If I could have used “sign in with Apple at the London Palladium”, I undoubtedly would have. What’s missing, and where there has to be some progress to bring that smooth customer experience into being, is the standardisation of the creation, presentation and verification of the health-related data.

(Just to divert for a moment to be specific about language: I use claim to mean the process of presenting a credential to be verified and I use credential to mean some attribute that has been attested to by somebody that the verifier can trust. By trust, of course, I mean “can sue for large amounts of money if the data turns out to be incorrect”.)

If a theatre, or more likely a theatre’s merchant services processor (MSP), wants me to show that I have been vaccinated then both the claim process and the claim data have to be in some sort of standard format. Otherwise we will end up in bubbles and make no real progress. It is clear that something has to be done. Ursula von der Leyen, the president of European Commission, recently said that a “Digital Green Pass” would provide proof of inoculation, test results of those not inoculate and antibody status of those who had had the disease. This is inevitable, frankly, in one form or another. But how exactly would it work?

There are some great companies out there who are already working hard to make the transport and display of results as easy as possible.Yoti, for example, have been involved in a number of trials using FRANKD. This is a rapid Point of Care Covid-19 RT-LAMP. People scan a unique QR code on their FRANKD test bag to add their identity to the test. After a testing swab is taken, results are processed and delivered straight to the individuals’ Yoti app within 30 minutes. To scale up, though, we need standards that identity providers can use to interoperate with service providers of all kinds. This is why the foundation of the Vaccination Credential Initiative (VCI) is so important.

VCI is a coalition of public and private partners including Microsoft, Salesforce, Oracle, The Commons Project Foundation, Mayo Clinic and many others working to enable digital access to vaccination records using the open, interoperable SMART Health Cards specification, based on the W3C Verifiable Credential (VC) and HL7 FHIR standards. FHIR stands for Fast Healthcare Interoperability Resources, a standards framework created by Health Level Seven International (HL7) , a not-for-profit, ANSI-accredited organisation developing standards for the exchange, integration, sharing and retrieval of electronic health information. The idea, essentially, is to group a set of FHIR content resources (eg, immunisation or observation) for presentation in the form of a verifiable credential.

The New York Times showed a mock-up (from The Commons Project) of what a digital vaccine credential might look like in practice, using a pretty straightforward QR code interface that passengers are already familiar with for check in.

Travel

Waiting for a globally-interoperable set of standards won’t help to boost the economy today, so it seems to me that it makes sense to link sector-specific identities together with sector-specific credentials that can be later bridged at the back-end. The obvious place to start implementing something like the EU’s Digital Green Pass is in the travel sector and the obvious people to co-ordinate this are the International Air Transport Association (IATA) and, indeed, the COVID-driven need for a such credentials has led IATA and British Airways’ parent company, International Airlines Group (IAG), to starting work together in this direction.

I hope they chose to use open standards for their Travel Pass Initiative (TPI). TPI brings together four interoperable “modules” that combine to deliver a practical solution to get people moving again. These modules are:

  • A up-to-date list of requirements for travel (ie, what vaccines or tests are necessary for travel on specific routes) so that travellers know what they need to do to travel;
  • A registry of health centres that can carry out vaccinations and tests that travellers need;
  • A contactless travel app for travellers so that they can find out what the travel requirements are, where they can get the tests and vaccines and store the results;
  • An application for labs to report results.

Singapore Airlines has been the first carrier to adopt the new standard and begin verification based on the IATA TPI framework. Passengers who receive a negative test or vaccine will be given either a digital or paper QR code to take to the airport. Emirates will implement the first phase in Dubai in April and will use the app for the validation of COVID-19 PCR tests before departure. Using the app, which will automagically post details to the check in system, passengers travelling from Dubai will be able to share their test status directly with the airline before reaching the airport. 

So if this works for getting on planes… why not use the same registries and APIs to power applications for restaurants and pubs to get the economy moving again? I’d be more than happy to be required to show my test status to get into the Etihad to watch the mighty Manchester City via a Travel Pass app, or my British Airways app, or my Man City app or whatever other convenient application was accessing standardised VCI vaccination and test records through the IATA API. And if IATA and VCI together create a global standardised platform then the opportunity for fintechs to exploit the combination of embedded health and embedded finance together in apps will be enormous.

(An edited version of this piece appeared on Forbes, 25th January 2021.)

“Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”

There’s been yet another story about fake medical qualifications in the news. A woman from New Zealand spent a couple of decades working as a consultant psychiatrist in our National Health Service (NHS) before it was discovered that she had made up her medical degree and forged a bogus letter of recommendation from Pakistan. The deception only came to light after she had been convicted of trying to defraud an elderly patient.

Now, I rather imagine that if I were a hospital or a medical centre or a GP practice employing a new doctor, I might be tempted to at least look them up on LinkedIn or something before I let them get their hands on a patient but I suppose that under the NHS it’s considered ungentlemanly or discriminatory or just plain rude to ask a prospective clinical employee for verifiable evidence of any valid qualifications. We are English, so we take people at their word. Unfortunately, dictum meum pactum. May not survive the 

While fake doctors seem to be something of an issue, as I have written before, I am English and therefore far more concerned about the epidemic of deceptive dentists across our green and pleasant land.

When I read that a “bogus dentist with no qualifications managed to fool her employers at NHS hospitals for nine years before being discovered” it makes me shiver.

When I see a woman convicted at Birmingham Magistrates’ Court on two charges of carrying out dentistry work without holding any dentistry qualifications, I get twitchy.

When I find out that Manchester Magistrates Court convicted a man who had no dentist qualifications, used a false name and was fraudulently using the registration number of a genuine dentist, I begin to think about leaving the country for good.

When I discover that a bogus dentist (an asylum seeker who told immigration officers he had a dental practice in Iran) took a dead dentist’s identity, drilled without a local anaesthetic and did expensive fillings that crumbled within days, I have trouble sleeping.

(Which again reminds me of the late lamented Robert Schimmel’s joke about visiting the dentist: “Do you want a shot of novocain? / No, I want a shot of you getting a diploma.”)

How can this happen, you might wonder, in a world where the blockchain exists? As Don and Alex Tapscott remind us in “Blockchain Revolution”, the “blockchain can hold any legal document, from deeds and marriage licenses to educational degrees and birth certificates”. And indeed managing educational qualifications seems to be one of those things I hear about at conferences where the magical properties of the blockchain are going to transform the sector and bring about a new era of peace and prosperity.

But how?

Suppose there was some global educational qualifications blockchain. That wouldn’t by itself fix anything as far as I can see. How exactly would the blockchain stop fake dentists from fixing my teeth with superglue and polyfilla?

I happened to look at a couple of projects in this space earlier in the year, and I can tell you that much of the wishful thinking projected onto the blockchain is really nothing about consensus or immutability but, as in so many other cases, really all about interoperability. There is no global standard for education qualifications, there is no global trust framework for organisations able to create qualifications (and their regulators) and there is no global infrastructure for digital signatures in that framework.

Think about it. If you present me with a Ph.D in Quantum Philosophy from the University of Woking, I need to be able to establish a trust chain that tells that there is a WokingU, that WokingU was authorised to award Ph.Ds at the time that you’re Ph.D was awarded, that the Ph.D you are presenting is real and signed by WokingU and that you are indeed the subject of the Ph.D award.

All of these problems have to be solved before we get near to figuring out whether a global blockchain might or might not be a better place to store such qualifications that either a global database of qualifications or a scheme for federating qualification repositories.