500 4 FEBRUARY 2022 • VOL 375 ISSUE 6580 science.org SCIENCEBy Kristin Kostick-Quenet^1 , Kenneth D.
Mandl2,3, Timo Minssen^4 , I. Glenn Cohen^5 ,
Urs Gasser^6 , Isaac Kohane2,3, Amy L. McGuire^1P
ersonal (sometimes called “pro-
tected”) health information (PHI)
is highly valued ( 1 ) and will be-
come centrally important as big
data and machine learning move
to the forefront of health care and
translational research. The current health
information exchange (HIE) market is
dominated by commercial and (to a lesser
extent) not-for-profit entities and typically
excludes patients. This can serve to under-
mine trust and create incentives for shar-
ing data ( 2 ). Patients have limited agency
in deciding which of their data is shared,
with whom, and under what conditions.
Within this context, new forms of digital
ownership can inspire a digital market-
place for patient-controlled health data.
We argue that nonfungible tokens (NFTs)
or NFT-like frameworks can help incentiv-
ize a more democratized, transparent, and
efficient system for HIE in which patients
participate in decisions about how and
with whom their PHI is shared.
NFTs grew out of the concept of “tokens”
in gaming, whereby a “fungible” token can
be used to purchase a thing of value (e.g.,
a gold coin to spend on a superpower) but
a NFT can only be traded, given its intrin-
sic value that is not directly comparable
to that of another token (e.g., a specific
sword versus a specific tapestry). NFTs
have evolved into digital contracts com-
posed of metadata to specify access rights
and terms of exchange. Their nature as
metadata means that NFTs point to digi-
tal content but are not the content itself.
The use of NFTs as a tool for digital artists
to prevent the unsanctioned circulation of
artwork online has since bled into sports,
entertainment, and even health care, com-
modifying digital information and creating
a multi-billion-dollar market.NFTs are made up of a unique 40-digit
identification code (“hash”) and a uniform
resource locator (URL) linking to the con-
tent online, forming a “smart contract”
that can range from just a few lines of
computer code to a more elaborate set of
instructional code. These contracts desig-
nate a patient-controlled copy of the digi-
tal data and the terms under which they
can be accessed and used, using pseud-
onyms that permit deidentification while
ensuring transparency and accountability.
NFTs are created by “minting” digital
content on a blockchain. Minting involves
uploading and having other computers
verify and time-stamp the content, loca-
tion, and originator of digital informa-
tion, and all subsequent transactions
are recorded on a digital ledger that is
distributed across a network of comput-
ers. Redundancy, along with the compu-
tational difficulty and processing energy
required, makes it difficult to tamper with
the transaction record. Blockchains, some-
times referred to as “trustless” systems,
provide a verifiable infrastructure to man-
age digital assets.
There are many situations in which the
distinctive features of NFTs could pro-
vide potential advantages over, and help
address gaps in, the existing HIE sys-
tem. For example, in 2020, the US Office
of the National Coordinator of Health
Information Technology (ONC) issued
a rule as part of the 21st Century Cures
Act that provided a technical basis for
an individual to assert the right of access
to a computable version of their medi-
cal record. By the end of 2022, all certi-
fied PHI technology will need to support
Substitutable Medical Applications and
Reusable Technologies (SMART) on the
Fast Healthcare Interoperability Resources
(FHIR) application programming inter-
face (API), which allows third-party apps
to connect with and request data from
health care provider electronic healthrecords (EHRs) ( 3 ). To ease the cumber-
some manual process of extracting data
from EHRs, the SMART on FHIR API sup-
ports an ecosystem of patient-facing apps
that could serve to enhance patient agency
in directing sharing of their data. Although
this represents a leap forward in engaging
patients in HIE, the largely commercial na-
ture of the marketplace may still serve to
undermine trust and create disincentives
for sharing PHI.POTENTIAL BENEFITS
Automating data access and control
At least two scenarios could be realized
under an NFT or NFT-like framework for
personal control of health data. In the
first, PHI would be uploaded (or “minted”)
as a distinct, “original” version, with the
generator or custodian (e.g., EHR com-
pany, hospital, biobank, etc.) required to
register each new datum (e.g., diagnosis
of illness, prescription) on a public block-
chain. The encrypted PHI would only be
accessible to those given explicit permis-
sion in a smart contract. Mann et al. ( 4 )
proposed such a scheme using blockchain
and smart contracts to “prosent” (proac-
tively consent) pseudonymously to data
release or exchange for certain uses. In
this way, patients could specify in advance
with whom they agree to share data with-
out needing to consent to every transac-
tion, enabling greater patient control and
more timely and efficient data exchanges.
In cases where patients might prosent to
the sale of their PHI or to participation in
clinical trials offering compensation, the
smart contract could allow for automated
distribution of funds to the patient. If the
patient ever wanted to modify the terms of
the contract, each change of terms would
be immutably stored as distinct, time-
stamped events in the blockchain ledger.
In a second, but not mutually exclusive,
scenario, a patient’s data could stay right
where it is (for example, a hospital data-
base or on a patient’s phone), and the smart
contract could “push” an algorithm to sum-
marize or analyze the data with automated
permission from a smart contract. This ap-
proach is highly compatible with federated
learning approaches that train machine-
learning algorithms on multiple local data-
sets without explicitly exchanging data
samples or compiling them into a central-
ized server. Smart contracts could help to
realize data privacy and security goals of
federated learning, recently credited as be-
ing the “future of digital heath” ( 5 ).DATAHow NFTs could transform
health information exchange
Can patients regain control over their health information?
(^1) Baylor College of Medicine, Houston, TX, USA. (^2) Computational Health Informatics Program, Boston Children’s Hospital, Boston, MA, USA. (^3) Department of Biomedical Informatics, Harvard
Medical School, Boston, MA, USA.^4 Centre for Advanced Studies in Biomedical Innovation Law (CeBIL), University of Copenhagen, Denmark.^5 Harvard Law School, Boston, MA, USA.^6 School of
Social Sciences and Technology, Technical University of Munich, Munich, Germany. Email: [email protected]
POLICY FORUM
INSIGHTS