A Copernican Moment for the Tech World?

Rebuilding our data infrastructure around people can foster innovation and trust, even around vaccinations, says the Commons Project’s Paul Meyer

Rising vaccination rates in developed countries present an opportunity and a challenge to the use of data for public good. Vaccination certificates could facilitate everything from the revival of international travel to the reopening of offices, and the European Union and several major airlines are rolling out their own so-called vaccine passports. Yet not everyone is on board. The Biden administration has ruled out developing a vaccination credential for domestic use in the United States, and several states have banned them, claiming they are too intrusive.

What’s needed, says Paul Meyer, is a fundamental shift in perspective comparable to what Copernicus achieved in astronomy nearly 500 years ago, only this time to put the individual at the center of the digital world. Meyer is CEO of The Commons Project, a Rockefeller Foundation-backed nonprofit that uses open technology standards to develop mobile-based health platforms that enable people to control how their data is used. Those principles underpin CommonPass, a digital health verification app that is being used by several airlines. The project also has developed CommonHealth, an Android app that allows people to access and share their electronic medical records, and a trust network that brings public and private health organizations together around common standards for sharing verifiable digital health information.

Meyer, a former Bill Clinton campaign staffer who co-founded an early telecom network in Kosovo and the mobile health messaging provider Voxiva, spoke recently with Douglas J. Elliott, an Oliver Wyman partner and co-lead of the Oliver Wyman Forum’s Future of Data initiative.

The pandemic presented an opportunity to use health data for a great public good. What were the failings and what lessons should we draw?

One of the challenges with health information technology, whether it's the Centers for Disease Control or a hospital or an insurance company, is it's always been deployed from an enterprise-centric perspective. So much of the failings of health data interoperability is because of this B2B thing. Our view is the human being is the only central organizing point.

We’re empowering people to get their data using open, verifiable standards, and letting them consent to use it for other things, whether it's getting on an airplane, or sharing their data with a new doctor, or for public health reporting or clinical research. The pandemic has created a boon in telehealth but without being able to share data it doesn't work right. That's why we see this moment as an extraordinary opportunity to accelerate the adoption of these open interoperability standards, to reimagine digital health infrastructure person up rather than enterprise down. The work we’ve done in developing The CommonsTrust Network further supports this mission and ensures that the health data being issued and shared is from a valid, trustworthy source.

We always hear that the HIPAA law in the United States, which protects patients’ privacy, creates barriers to the reasonable interchange of data. To what extent have you found that to be an issue?

Everyone forgets that the “p” in HIPAA stands for portability. We obviously have worked within the law’s constraints, but ultimately the accountability portion of the Health Insurance Portability and Accountability Act applies for covered entities sharing data with other enterprises. When an individual accesses their data with CommonHealth, it's just on their own phone. What individuals do with data under their control is not subject to HIPAA. We’re just doing the digital equivalent of letting someone walk out of their doctor's office with a manila folder filled with their health records.

With CommonPass, you are using data for vaccination passports. Yet states like Florida are banning them and companies are not that eager to embrace them. Why the hesitation about something so positive?

We have largely focused on international travel. We are working with most of the major airlines and with some states like Hawaii, which has been requiring testing before flying to Hawaii. We’ve not seen any of that kind of pushback in the context of international travel. To be able to inspect health information of people wanting to enter the country is allowed for in the International Health Regulations.

In our surveys, people say they're reluctant to share health information with tech companies, yet in practice they share tremendous amounts of personal information on social media and with tech companies. How do you think people are really feeling about this?

I don't think there's a simple, easy answer. There's a spectrum. In the mid-2000s, I was working on HIV/AIDS information systems in Africa and there was a huge stigma associated with it, so the importance of privacy preservation was paramount.

I've been sort of amazed by the social media sharing of COVID health data. Obviously some people are comfortable doing it, but I don't think people are thinking it through. I saw one airline was saying that if you upload your vaccination card, you could win free flights for a year. Is an airline the entity you want to do that with? It'll be an interesting test to see whether being eligible for a sweepstakes is enough to hand over your health data.

I will say in defense of people that there are situations where we don't feel we really have a choice. We either turn over some data or we don't get to use the service. What are you going to do?

That's a really important point. Technology primarily fits into one of two buckets – enterprise software or consumer – and consumer generally means advertising. And to your point, you don't really have a choice. If all your friends are on one social platform, you kind of feel compelled to be there.

Our longer-term vision is to say there's a different model. We're a nonprofit technology company. We have no fiduciary duty to try to maximize financial returns for investors. We're building sustainable consumer services that are designed to protect people. Our first duty of loyalty goes to the people we serve, not to our investors or advertisers or enterprise customers. I'm hoping we can show that there is a third way, a different choice. You can get something and have your data monetized or handed over to some big company, or you can do this other thing.

What are the circumstances in which that third way is superior? Virtually anything that's done for profit could be done nonprofit.

The Commons Project is about building what we think of as public infrastructure for the digital era. 

Somehow with the internet we’re like, “Oh, it's digital, let the private sector do it.” I think there are some things that are public infrastructure in the digital era that ought to be common utilities. You don't need 50 of them. And it's a lot easier, frankly, to get a bunch of key stakeholders to embrace this if you basically say, “we're this nonprofit, everybody get on board, we're not going to become a big tech company or get bought by one.” Common utility enablers are the test of where this model makes sense, or if it would be a bad outcome if they were operated to extract maximum financial return.

In the cases where you believe it makes sense, what are the biggest obstacles to making them work?

Like anything else, I think the recipe for success is bringing the ecosystem along. We're building consumer tools for people, like CommonPass, but ultimately we have to bring otherwise competitive stakeholders, including big tech companies, around the table to agree to embrace these common utilities.

Are there any major misunderstandings you run into?

A nonprofit building technology is a source of misunderstanding. We're not just convening and talking about standards. We're actually building services and operating them. That's unusual.

The idea that you can reorient the healthcare system around people is a real novelty. Everyone pays lip service to being patient-centered, but everyone defines the problem through their institutionally myopic lens. Every institution is convinced they're going to be your healthcare best friend and their portal is going to become the center of your universe. The mental shift behind our individual-centric vision is a pretty big one. I feel like this is a Copernican moment.