Mage — Own your medical records
Shared by michaeltendo · 37d ago · 16 comments

A secure platform for managing and sharing medical records putting patients in control.

kendsouza · 34d ago

How is this supposed to work? In the US and western countries, when you go to a hospital or any other provider, primary care, specialists, pharmacy etc...they create the records as and when the patient is treated on their systems. They are integrated with other providers ...e.g they can send a prescription directly to a pharmacy. The patient always has access to these records and can transition the records to another provider with a simple request.
Not sure I understand the tag line,, 'own your medical records' or why would a patient choose to retrieve records from their provider and put it on on unknown server prone to security risks..i,e why would anyone give ownership of their records to you??

michaeltendo · 34d ago

Thank you so much for asking. This is a very sensitive topic and it always invokes a negative reflex, but I rarely get the chance to explain.

Ironically, it is the system you described that is insecure; because it is not the patient who determines when and by whom their data is accessed.
If what you described had patient's control and encrypted transfers, it would be a perfect system. The patients are not handing over the records to us, just like WhatsApp doesn't own our texts, we just enable the encrypted exchange. Our employees can not read the content.

Sidenote: Many countries don't have any such privilege of asking to transfer records to a new hospitals, so there's that.

Also: The realtime feedback on your diagnoses and test results as they are made is an added convenience, integrating fitness data into your medical record, more.

Not to mention, Our efforts exceed this one goal. The product extends to:
- Verification of medical insurance and Certification of immunisations.
- Distributed clinical studies when patients volunteer their medical data.
- Insurance scoring to give customised better health plans
- Telemedicine with online appointments and ordering prescribed medication
- Monitoring baby health and tracking immunisations.

kendsouza · 34d ago

Whatsapp owns your texts..they will readily give up any and all data to law enforcement especially in third world countries if they ask for it.
I don't think you answered the question..there is no added value to the patient..other than that you want to monetize the patient's data under the flawed thesis of ..'owning your own data' i.e asking the patient to literally give up their data to a unsecure centralized server(which might be illegal in the US due to HIPPA violations). I am sure you do not have your own secure data center but hosting it on third party servers.

All the other efforts you mentioned is already done..nothing u say is a game changer. Also not sure how you arrived at the conclusion that the current systems are insecure or not encrypted.. can you give some examples?

Some countries might have not caught up yet on their health care infrastructure..does not make your system secure or viable.

michaeltendo · 34d ago

Where to start?
Unless quantum computing turns out to break RSA encryption, I don't think WhatsApp or anyone can read encrypted data.

The goal is to not have any hospital storing the data, but make it possible for them to access it once you grant permission. Basically a messaging app for you to give them ephemeral access when they need it to treat you, not us, only the hospital. END-TO-END ENCRYPTION.
The system is actually a quick way for smaller health facilities to be HIPAA compliant without having to develop custom systems.

We transfer the data from the patient to the hospital and back, but it is ENCRYPTED. The same way blockchain networks are public but still secure. The first line is enough: "End-to-end encryption (E2EE) is a system of communication where ONLY the communicating users can read the messages."

Please first confirm that you understand how we do not ask anyone to give us their data. I would like to answer the next parts.

kendsouza · 34d ago

India is whatsapp biggest market..India's IT laws (and so do many other countries) says all social media messages have to be stored in a traceable go figure. They recently got all the text messages of a film star's son's recently implicating him in a drug case. In the US..the Jan 6th committee were able to get the text messages of the most powerful politicians in the country. Transmission and storage are 2 different things. Are you using AES 256 encryption for data at rest?..I seriously doubt it. Transmission encryption is just one piece to avoid man in the middle attacks. Everybody does that nowadays..not a big deal. It's the data at rest you secure it and how vulnerable it is to attacks,
HIPAA guidelines are quite stringent from creating, processing, accessing to storing. The penalties for HIPAA breaches of data are severe..think jailtime..I don't think you understand that at all.

You saying now you are not asking for anyone's data..but want contracts from hospitals to use your systems without the patient's consent...huh??

michaeltendo · 34d ago

I don't work for WhatsApp, so let's maybe re-align back to simply defending end-to-end encryption. I'm certain whatsapp collects metadata which can be subpoenaed, this can go a long way in a conviction even without actual message content, and if they can compel one of the parties to hand them their unlocked phone, then there you go, maybe WhatsApp did give in to the new regulation, that makes them sneaky for not going public about the fact they broke the encryption for their Indian users.

If I say encryption I mean data at rest. I think everyone infers that.

How do you figure I do this without patient's consent? My whole deal is to bring patient's consent into every step.

I really think it becomes incoherent from here. Can you hop on a quick call?

kendsouza · 33d ago

yep..facebook is corrupt:)
Unless you build a EHR system and the providers use it, no provider in the US can provide patient data to a 3rd party.
The only way your mobile app becomes useful is when you connect to the providers data via api's and the patient pull it themselves (they are allowed to). That's millions of providers.
I accepted your connection. I don't think there is any reason for a call:)

michaeltendo · 33d ago

Actually this is part of the reason why it is a challenge, but again, the fact that it is hard, makes it worth doing.
Also, since patients have a right to request for their records from the hospitals. The goal is to create a medium for them to send requests to the hospitals and for hospitals to provide the requested records.

Currently, when patients need to ask for their data (exercising their right), that data may be sent through a third party; fax, e-mail, you name it (unencrypted, hence insecure). Or patients required to pick them up. So we are simply a carrier, one who encrypts the data we transmit such that only the recipient can read it.

My hope is that their motivation to integrate with us, is for the mutual benefit, that they can also pick records from the patients.
I know you said there are systems to get records from past hospitals, but this is not a absolute certainty, because there's data people enter themselves, such nutritional, fitness, cases of people moving out of the country, etc

I wanted to discuss because a back and forth can get incoherent when the conversation diverges into multiple concurrent arguments. And if I can convince you, I can sleep better, knowing hospitals will understand that I am not a threat. I live and breathe patients' best interests.

I did build an EHR, but I know that I can't replace the ones big hospitals already have. This should be something that is added to the front desk, whoever hands out forms to patients, should have them scan the hospital code to share their data and get it on the screen. The selling point for some hospitals has simply been; time saved in the waiting room.

A major life-saving note that can't be ignored, is bringing that data sharing to more countries, I've lost a friend because a surgical procedure was erroneously done on them twice. Can you imagine? I come from Uganda, BTW.

kendsouza · 32d ago

If I ask my hospital/doctor to send records via email, fax, mail etc they will send it because I gave them the permission to do so. The key is the patient granting the permission to do so.
It does not matter what your interests are whether you are a threat or not. No hospital in the US or the west is ever going to give you or your system access to any patients data without their permission.
Also there are already kiosks/ipads in the waiting rooms to fill out forms. All this is already established in the US. I know it is difficult to comprehend because you are not from here.

michaeltendo · 32d ago

Ironically, there is already a US company doing something similarly.
And Apple Health too has a service for requesting records.
I'm totally dumbfounded by the negative reflex you exhibit.

For the sake of other curious individuals:
1. Patients' consent can be verified remotely with ID verification
2. having an iPad in the waiting room, would not be the same as this, because with Mage, you provide data from your records, without having to refill a form, paper isn't the only issue with the form.

kendsouza · 32d ago

I know...I told you that it is already being done and health data api's are the way to go if you want to build something unique. There are patient portals for EHR's as well as several like onerecord , apple health api , google healthcare api , azure api etc who provide patient records through fhir api's etc

You're hyperfixated on your little app and do not see or cannot comprehend the bigger healthcare tech picture.

Anyway we are done here.

michaeltendo · 32d ago

Happy to explain to any other individuals interested in the little app.

michaeltendo · 34d ago

You must be
Please accept my connection on LinkedIn.

AndyDent-Touchgram · 33d ago

"The goal is to not have any hospital storing the data, but make it possible for them to access it once you grant permission"

There's a massive vulnerability on the part of the hospital - they cannot guarantee future access to that patient data for further treatment, billing or medical litigation.

Therefore on legal grounds alone, they would not participate.

michaeltendo · 33d ago

The focus is on giving patients easy access.
It's true that patients can even be denied access to some data, legally, such as therapy notes.
So it is okay for hospitals to keep the data, as long as patients can exercise their rights to access too, and there is a secure way(Mage) to deliver the data to them, because frankly, we're all thinking it. Sending patients' results over email/sms is already a HIPAA violation, and countless hospitals have been doing it during COVID. That's a class-action law-suit waiting to happen.

Sendoff · 37d ago

Cool looking tool. Well done.