There are two interesting cases I would be happy to fediversize, being currently discussed in a team I am part of.
Secure handling of sensitive IoT data. The case is how to gather and securely process medical telemetry from smartwatches, fitness bands and such (implants being discreetly undiscussed). Following the idea of decentralization, I can imagine a locally hosted server, collecting data, somehow combined with secure backbone (TePeWu: Friendica | Search) and some ways to make data available either for an authorized physician or (locally anonymized) for research. But here I got to the limit of my technical imagination and I have no one around here to help me. Anyone?
There are two cases of matching underused assets with their possible uses
2.1. Medical equipment being left unused once research projects are done and closed with professionals lacking funding to buy/rent it on a commercial basis.
2.2. Clinical research programs looking for certain specific ācasesā ā volunteers for experimental treatment or diagnostics ā and people who cannot afford therapy for their less common conditions.
I can imagine using fediverse approach to create decentralized exchange, without central database, using tag and categories to find matching pairs.
This sounds interesting, also given the popularity of citizen science along with Raspberry Pi , Arduino for projects etc, it would be great to be able to gather data and share this in real time with selected entities. Even if this is say local temperature data, the potential of having a real time data could be useful to others. I would guess with a ābotā account once all set up it would just require monitoring to keep it working.
Raspberry Pi + data input + something to glue together + toot (command line tool) could be really useful here.
I am developing a standard āmicro-self-hostingā installation based on Yunohost which is very flexible and scalable. If I find someone to work with, we can start building upon this platform.
Yes, if a massive amount of effort is spent on the security side, probably making it incompatible with todayās Fediverse. The Mastodon/Pleroma/etc-flavor of ActivityPub that exists today is woefully insufficient for handling super private information like medical data.
This is most likely the easiest route. It does not involve the privacy of people, just management of āthingsā.
The barriers to āfediversizeā super private identifying information such as medical information of people are primarily on the legal obligations (HIPAA in the USA, IDK what in EU or other regions) around informed consent, storage laws, and regulatory oversight (ex: HIPAA & The Patriot Act gives the US government great latitude to obtain medical records without a warrant). For example, I am under the impression that many US based medical practices and hospitals will reject medical records solely given to them by patients and instead say āthatās nice but we also want your old medical providersā copy directly from themā due to the history of Americans doctoring our own records to attain prescription drugs under a false pretense (this is not the peoplesā fault ā the addictiveness of certain prescription drugs pushed heavily by certain pharma companies created this sorry situation). This is a different problem of authentication and authorization that is not solved by technology, but credibility and provenance. That means the federating behaviors may need to be different in different jurisdictions, and therefore lead to cross-digital-border compatibility issues. Simply making things federated does not erase national digital border issues, nor credibility/provenance issues.
I appreciate you raised the legal aspect of it, which is my usual blind spot.
As for the technical aspect of privacy, I see e2ee quite possible.
But indeed, medical data are not really suitable for fediverse model, which is rather about broadcasting than restricted access.
So, I will go for the fruits hanging lower than that.
However, outside fediverse itself, it would be great to find a way to process medical data in a decentralised and personally-controlled way. But thatās for another time and place I guessā¦
In the European Union and United Kingdom data is covered under the General Data Protection Regulations (GDPR)
Fines for breaches can be 4% of global turnover.,
Problem is that we would need to ensure any hosts are compliant, if they are hosting, in this case medical data.
Hello friends. Iām surprised I havenāt seen this thread earlier, or maybe I just discounted it for the naivete of being generally unworkable. @cjs is correct that even if you could get such a thing to happen it would be wholely incompatible with āthe fediverseā as it exists today.
However there seems to be a large amount of interest and myself and (many of) my colleagues at Allied Social have extensive experience in both the medical and fediverse domains. So I would be negligent not to share the knowledge and experience we are blessed with.
Firstly I should state that this was a prioritized discussion in our working group about 5 years ago. I myself attended a few local conferences about Healthcare Data 3.0 or some such nonsense. And we even tried to spin up a nonprofit based on the idea of end-user ownership of health data (unsuccessfully). In fact my reason for attending those conferences was to try to build interest and relationships.
I did learn quite a bit about the landscape of this field in the process. One interesting takeaway from the larger conference (hosted by USC and the professors responsible for teaching engineers how to make medical devices if I recall correctly), was a Chinese consortium who planned to use Blockchain to pseudonymously create a regulated marketplace for people to sell their health data for researchers while researchers would be able to find suitable cohorts for their research. It all sounded very cool and interesting and apparently even had FDA and EU approvals.
Anyway our interest was more about just creating free software that would help people securely maintain their own health records. We didnāt ultimately see a big fediverse upside, and Zot (plus our own proprietary protocol) were the only ones even conceivably capable of maintaining privacy. However, there is the example of many indieweb advocates sharing typically considered private data on their socials. So there is certainly a niche there.
All this is just to say I have a breadth of knowledge about the topic and feel obligated to share what I know. Iām happy to field questions.
Welcome to SocialHub @rialtate! Your perspectives are most welcome. Do you have a link to Allied Social (I found various possibilities)? I am not in the field myself, but did you look into combining AP with Solid (or similar personal data vaults)?
