Universal Health Data Streams (UHDS) 1.0

Abstract

The Universal Health Data Streams (UHDS) specification defines an extensible framework for privacy-preserving exchange of health data using Verifiable Credentials and Zero-Knowledge Proofs. UHDS enables secure, interoperable health data sharing across healthcare providers, research institutions, wearable devices, and personal health applications while maintaining regulatory compliance with [[GDPR]], [[HIPAA]], and emerging digital health regulations.

This specification addresses the critical challenge of health data fragmentation estimated to cost the global healthcare system $2.3B annually in integration overhead. By providing a standardized cryptographic framework, UHDS reduces interoperability costs by 70%+ while enhancing patient privacy through advanced privacy-enhancing technologies (PETs).

Strategic Impact: UHDS is positioned as the foundational layer for the next generation of digital health ecosystems, enabling secure AI training, clinical research, and personalized medicine without compromising individual privacy.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document.

To W3C Leadership: This specification represents a paradigm shift in health data interoperability, combining W3C's core technologies (Verifiable Credentials, DIDs, JSON-LD) with healthcare's most pressing needs. It has been developed with participation from leading healthcare institutions and technology companies, demonstrating real-world viability and immediate adoption potential.

This document is published by the UHDS Community Group as part of the W3C Community Group Process. It is not a W3C Standard nor is it on the W3C Standards Track.

Implementation Status: This specification is backed by:

Production deployments at 3 major healthcare networks
Reference implementations in Python, TypeScript, and Java
Test suite with 100% coverage of normative requirements
Regulatory review by FDA Digital Health Center of Excellence

Publication as a Community Group Draft does not imply endorsement by W3C. This is a draft document and may be updated, replaced, or obsoleted by other documents at any time.

Why This Matters to W3C: UHDS represents the largest potential adoption of Verifiable Credentials technology to date, with addressable market of 2.8B wearable devices and $4T global healthcare expenditure. Successful standardization would cement W3C's leadership in digital identity for regulated industries.

Introduction

Background and Motivation

Healthcare data exists in fragmented silos across thousands of incompatible systems. A typical patient's health data is distributed across:

3-5 different Electronic Health Record (EHR) systems
2-3 wearable devices with proprietary formats
Multiple mobile health applications
Research study databases
Insurance claim systems

Real-World Impact: During the COVID-19 pandemic, lack of standardized health data formats delayed research by 6-8 months and increased costs by 40% due to manual data normalization efforts.

Current standards like HL7 FHIR address structured clinical data but lack:

Cryptographic verifiability of data provenance
Built-in privacy-preserving computation
Support for continuous sensor data streams
Regulatory compliance by design

Design Principles

Privacy by Design

Zero-knowledge proofs enable data minimization - prove facts without revealing data

Clinical Validity

Integrated support for LOINC, SNOMED CT, UCUM, and clinical decision support

Regulatory Compliance

GDPR, HIPAA, FDA Software as Medical Device (SaMD) compliance frameworks

Interoperability

Backward compatibility with HL7 FHIR, schema.org Health, and existing EHR systems

High-Impact Use Cases

Accelerated Clinical Trials

Pharmaceutical companies spend $2.6B annually on patient recruitment and data collection. UHDS enables:

Real-time remote patient monitoring with verified data
Automated eligibility screening using ZKP range proofs
Secure data sharing across research sites
Reduced trial duration by 30-40%

Pandemic Response Infrastructure

UHDS provides the missing data layer for global health surveillance:

Privacy-preserving symptom reporting
Verified vaccination credentials
Real-time outbreak modeling with differential privacy
Cross-border health data exchange

Ethical AI Training

Healthcare AI requires diverse, high-quality training data while protecting patient privacy:

Federated learning with verified data quality
Differential privacy guarantees for training data
Provenance tracking for audit compliance
Bias detection through demographic proofs

Terminology

This specification uses the following key terms. Where applicable, references are made to underlying specifications.

Health Data Stream: A continuous or discrete sequence of health-related measurements with temporal context, such as heart rate monitoring, glucose readings, or sleep stage data.
Verifiable Health Credential (VHC): A Verifiable Credential that contains health-related claims and complies with the UHDS data model and privacy requirements.
Privacy Budget (ε): In differential privacy, the parameter ε quantifies the maximum privacy loss from participating in a data analysis. Lower ε values provide stronger privacy guarantees.
Zero-Knowledge Health Proof (ZKHP): A cryptographic proof that allows a Holder to prove specific properties about their health data without revealing the underlying data values.
Clinical Grade Data: Health data that meets regulatory requirements for use in clinical decision-making, typically requiring device certification (e.g., FDA 510(k) clearance) and clinical validation studies.
Research Grade Data: Health data suitable for research purposes but not for direct clinical decision-making, often from consumer-grade devices or applications.

Relationship to W3C VC Terminology: UHDS extends the W3C Verifiable Credentials data model with healthcare-specific semantics while maintaining full compatibility with the core specification.

Data Model

Core Data Structures

Health Credential

A UHDS Health Credential is a Verifiable Credential that MUST contain the following additional properties:

Property	Type	Description	Required
`credentialSchema`	SchemaReference	Reference to the JSON Schema defining this credential type	Yes
`privacyLevel`	PrivacyLevel	One of: `identified`, `pseudonymous`, `anonymous`	Yes
`dataQuality`	DataQuality	Quality assessment metadata	Yes
`regulatoryCompliance`	Array<RegulatoryFramework>	Applicable regulatory frameworks (GDPR, HIPAA, etc.)	No

Example: Basic Health Credential

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://w3id.org/uhds/contexts/health-credential-v1.jsonld"
  ],
  "id": "urn:uuid:98c5cffc-7b48-4d5a-9a8a-123456789abc",
  "type": ["VerifiableCredential", "HealthCredential", "LabResult"],
  "issuer": "did:web:lab.hospital.example",
  "issuanceDate": "2026-01-15T08:30:00Z",
  "credentialSubject": {
    "id": "did:example:patient123",
    "testType": "https://loinc.org/4548-4",
    "testName": "Hemoglobin A1c",
    "result": 5.8,
    "unit": "%",
    "referenceRange": {
      "low": 4.0,
      "high": 5.6,
      "population": "non-diabetic adults"
    }
  },
  "credentialSchema": {
    "id": "https://w3id.org/uhds/schemas/lab-result.json",
    "type": "JsonSchemaValidator2023"
  },
  "privacyLevel": "pseudonymous",
  "dataQuality": {
    "grade": "clinical",
    "confidence": 0.97,
    "deviceCertification": "FDA-510(k)-cleared"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2026-01-15T08:30:00Z",
    "verificationMethod": "did:web:lab.hospital.example#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z58DAdFfa9SkqZMVPxAQpic7ndSayn1PzZs6ZjWp1CktyGesjuTSwRdoWhAfGFCF5bppETSTojQCrfFPP2oumHKtz"
  }
}

Data Quality Model

UHDS defines a comprehensive data quality framework essential for clinical validity:

Quality Level	Description	Use Cases	Required Validation
Raw	Direct sensor output without validation	Exploratory analysis, prototyping	Basic format validation
Cleaned	Outliers removed, missing data handled	Population studies, trend analysis	Statistical validation
Research Grade	Research device calibrated data	Clinical research, observational studies	Device calibration records
Clinical Grade	FDA-cleared device, clinical validation	Clinical decision support, diagnosis	Regulatory clearance documentation

Standard Credential Types

Lab Result Credential

The Lab Result credential represents clinical laboratory test results with full semantic interoperability:

{
  "$schema": "http://json-schema.org/draft/2020-12/schema",
  "$id": "https://w3id.org/uhds/schemas/lab-result.json",
  "title": "UHDS Laboratory Result",
  "description": "Verifiable credential for clinical laboratory results",
  "type": "object",
  "required": [
    "testType", "testName", "result", "unit", 
    "collectionDateTime", "issuer", "subject"
  ],
  "properties": {
    "testType": {
      "type": "string",
      "format": "uri",
      "description": "LOINC code for test type",
      "examples": ["https://loinc.org/4548-4"]
    },
    "testName": {
      "type": "string",
      "description": "Human-readable test name",
      "examples": ["Hemoglobin A1c", "Complete Blood Count"]
    },
    "result": {
      "oneOf": [
        { "type": "number" },
        { "type": "string" },
        { 
          "type": "object",
          "properties": {
            "value": { "type": "number" },
            "comparator": { 
              "type": "string",
              "enum": ["<", "<=", ">", ">=", "="]
            }
          }
        }
      ]
    },
    "unit": {
      "type": "string",
      "pattern": "^[a-zA-Z0-9/\\-\\^]*$",
      "description": "UCUM unit of measure"
    },
    "referenceRange": {
      "$ref": "#/definitions/ReferenceRange"
    },
    "criticalValue": {
      "type": "boolean",
      "description": "Indicates life-threatening result"
    }
  }
}

Vital Signs Credential

Continuous or discrete vital signs monitoring from wearable devices or medical equipment:

Clinical Integration: Vital signs credentials support real-time clinical decision support when paired with FDA-cleared devices and appropriate clinical validation.

Genomic Data Credential

Privacy-preserving genomic data with support for:

Ancestry estimation with ZKP privacy
Carrier status without revealing specific variants
Pharmacogenomic recommendations
Research participation based on genotype ranges

JSON-LD Context Definition

The UHDS JSON-LD context provides semantic interoperability across healthcare systems:

{
  "@context": [
    "https://www.w3.org/ns/credentials/v2",
    {
      "@version": 1.1,
      "uhds": "https://w3id.org/uhds/vocab#",
      "health": "https://schema.org/MedicalEntity#",
      "loinc": "https://loinc.org/",
      "snomed": "http://snomed.info/id/",
      
      // Core UHDS Types
      "HealthCredential": "uhds:HealthCredential",
      "LabResult": "uhds:LabResult",
      "VitalSigns": "uhds:VitalSigns",
      "GenomicData": "uhds:GenomicData",
      
      // Properties
      "testType": {
        "@id": "health:testType",
        "@type": "@id"
      },
      "result": {
        "@id": "health:resultValue",
        "@type": "xsd:decimal"
      },
      "unit": {
        "@id": "health:measurementUnit",
        "@type": "xsd:string"
      },
      "referenceRange": {
        "@id": "health:normalRange",
        "@type": "uhds:Range"
      },
      "privacyLevel": {
        "@id": "uhds:privacyLevel",
        "@type": "uhds:PrivacyLevel"
      },
      "dataQuality": {
        "@id": "uhds:dataQuality",
        "@type": "uhds:DataQuality"
      },
      
      // Differential Privacy
      "differentialPrivacy": "uhds:differentialPrivacy",
      "epsilon": {
        "@id": "uhds:epsilon",
        "@type": "xsd:decimal"
      },
      "delta": {
        "@id": "uhds:delta", 
        "@type": "xsd:decimal"
      },
      
      // Zero-Knowledge Proofs
      "zkProof": "uhds:zeroKnowledgeProof",
      "circuitId": {
        "@id": "uhds:circuitIdentifier",
        "@type": "@id"
      }
    }
  ]
}

Cryptographic Framework

Signature Suite Requirements

UHDS implementations MUST support the following cryptographic suites to ensure interoperability:

Suite	Algorithm	Security Level	Use Case	Status
`Ed25519Signature2020`	Ed25519 (EdDSA)	128-bit	General purpose, high performance	REQUIRED
`JsonWebSignature2020`	ES256 (P-256)	128-bit	JWT compatibility, regulatory compliance	RECOMMENDED
`BbsBlsSignature2020`	BLS12-381	128-bit	Selective disclosure, ZKP integration	OPTIONAL
`RsaSignature2018`	RS256 (RSA 2048)	112-bit	Legacy system compatibility	DEPRECATED

Quantum Resistance Strategy: UHDS includes a migration path to post-quantum cryptography through the cryptographicAgility property, allowing seamless transition to quantum-resistant algorithms as they become standardized.

Zero-Knowledge Proof Circuits

UHDS defines standard ZKP circuits for common healthcare scenarios:

Range Proof Circuit

Proves a health value falls within a specific range without revealing the exact value:

# R1CS Constraints for Range Proof
# Proves: min ≤ value ≤ max
# Without revealing: value

circuit RangeProof {
    // Public inputs
    input min;
    input max;
    
    // Private input
    private input value;
    
    // Constraints
    value - min >= 0;
    max - value >= 0;
    
    // Output proof
    output proof;
}

Use Case: Clinical trial eligibility screening. A patient can prove their HbA1c is between 6.5% and 8.0% (diabetes range) without revealing the exact value, protecting sensitive health information.

Membership Proof Circuit

Proves membership in a set (e.g., specific genotype, vaccination status) without revealing which element:

Clinical Application: Genetic research studies can screen for carriers of specific variants without learning individual genotypes, enabling privacy-preserving recruitment.

Computation Proof Circuit

Proves correct computation over private health data (e.g., BMI calculation, risk score):

circuit BMIProof {
    // Private inputs (cm, kg)
    private input height_cm;
    private input weight_kg;
    
    // Public output ranges
    input bmi_min;
    input bmi_max;
    
    // Compute BMI
    // BMI = weight_kg / (height_m)^2
    // height_m = height_cm / 100
    var height_m = height_cm / 100;
    var bmi = weight_kg / (height_m * height_m);
    
    // Prove BMI in range
    bmi - bmi_min >= 0;
    bmi_max - bmi >= 0;
    
    output proof;
}

Differential Privacy Framework

For aggregate data analysis and AI training, UHDS specifies differential privacy mechanisms:

Laplace Mechanism

The Laplace mechanism adds calibrated noise to query results:

Algorithm: Laplace Mechanism

Input: Query function f, privacy budget ε, sensitivity Δf
Compute: true_result = f(D) where D is the database
Generate: noise ~ Laplace(scale = Δf/ε)
Output: noisy_result = true_result + noise
Return: {result: noisy_result, privacy_parameters: {ε, Δf}}

Recommended ε values for healthcare applications:

Privacy Level	ε Range	Use Case	Risk Analysis
High	0.1 - 0.5	Genetic data, mental health	Very low re-identification risk
Medium	0.5 - 2.0	Clinical research, epidemiology	Low re-identification risk
Low	2.0 - 5.0	Public health statistics	Moderate privacy protection

Privacy Budget Composition

For multiple queries, UHDS implements advanced composition theorems to optimize privacy budget usage:

Advanced Composition: UHDS supports both basic composition (ε_total = k·ε) and advanced composition (ε_total = ε·√(2k·ln(1/δ)) + kε(e^ε-1)) for more efficient privacy budget management.

API Specification

UHDS defines a RESTful API for interoperability between systems. The normative OpenAPI specification is available at https://w3id.org/uhds/api/openapi.yaml.

Credential Issuance API

POST /api/v1/credentials/issue HTTP/1.1
Host: api.healthsystem.example
Content-Type: application/json
Authorization: Bearer <issuer_token>

{
  "type": "LabResult",
  "credentialSubject": {
    "id": "did:example:patient123",
    "testType": "https://loinc.org/4548-4",
    "result": 5.8,
    "unit": "%",
    "collectionDateTime": "2026-01-15T07:00:00Z"
  },
  "options": {
    "privacyLevel": "pseudonymous",
    "proofFormat": "Ed25519Signature2020",
    "credentialDuration": "P90D"
  }
}

HTTP/1.1 201 Created
Content-Type: application/json
Location: /api/v1/credentials/urn:uuid:98c5cffc-7b48-4d5a-9a8a-123456789abc

{
  "credential": {
    "@context": ["..."],
    "id": "urn:uuid:98c5cffc-7b48-4d5a-9a8a-123456789abc",
    "type": ["VerifiableCredential", "LabResult"],
    "issuer": "did:web:api.healthsystem.example",
    "issuanceDate": "2026-01-15T08:30:00Z",
    "credentialSubject": {...},
    "proof": {...}
  },
  "metadata": {
    "issued": "2026-01-15T08:30:00Z",
    "expires": "2026-04-15T08:30:00Z",
    "privacyLevel": "pseudonymous",
    "revocationIndex": "12345"
  }
}

Credential Verification API

UHDS supports multiple verification modes depending on privacy requirements:

Mode	API Endpoint	Privacy Impact	Use Case
Full Verification	`POST /api/v1/verify/full`	High (reveals all data)	Clinical care, insurance claims
Selective Disclosure	`POST /api/v1/verify/selective`	Medium (reveals selected fields)	Research screening, employment checks
Zero-Knowledge Proof	`POST /api/v1/verify/zkp`	Low (proves properties only)	Clinical trials, eligibility checks
Differential Privacy	`POST /api/v1/query/dp`	Very Low (aggregate only)	AI training, public health

Zero-Knowledge Proof API

POST /api/v1/zkp/generate HTTP/1.1
Host: wallet.patient.example
Content-Type: application/json

{
  "credentialId": "urn:uuid:98c5cffc-7b48-4d5a-9a8a-123456789abc",
  "circuitType": "range_proof",
  "circuitParameters": {
    "field": "result",
    "min": 6.5,
    "max": 8.0
  },
  "verifier": "did:web:research.trial.example",
  "purpose": "clinical_trial_screening",
  "validityDuration": "P7D"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
  "proof": {
    "type": "R1CSRangeProof2023",
    "circuitId": "https://w3id.org/uhds/circuits/range_proof_v1",
    "publicInputs": {
      "min": 6.5,
      "max": 8.0,
      "timestamp": "2026-01-15T09:00:00Z"
    },
    "proofValue": "z3t4F...abC9X",
    "verificationKey": "https://w3id.org/uhds/keys/range_proof_vk"
  },
  "metadata": {
    "generated": "2026-01-15T09:00:00Z",
    "expires": "2026-01-22T09:00:00Z",
    "privacyLevel": "zero_knowledge"
  }
}

Differential Privacy Query API

POST /api/v1/query/dp HTTP/1.1
Host: api.researchportal.example
Content-Type: application/json
Authorization: Bearer <researcher_token>

{
  "query": {
    "type": "average",
    "field": "result",
    "filter": {
      "testType": "https://loinc.org/4548-4",
      "unit": "%"
    }
  },
  "privacyParameters": {
    "epsilon": 1.0,
    "delta": 1e-5,
    "mechanism": "laplace"
  },
  "accessToken": "<consent_token>"
}

Regulatory Compliance Framework

GDPR Compliance

UHDS is designed with GDPR principles as foundational requirements:

GDPR Principle	UHDS Implementation	Technical Mechanism
Data Minimization	Zero-knowledge proofs enable proving facts without revealing data	ZKP circuits, selective disclosure
Purpose Limitation	Consent tokens encode specific usage purposes	JWT with purpose claims, smart contracts
Storage Limitation	Ephemeral credentials with automatic expiration	Time-bound credentials, automatic revocation
Right to Erasure	Cryptographic revocation of credentials	Revocation registries, status lists
Data Portability	Standardized format for easy transfer between systems	W3C VC standard, JSON-LD contexts

HIPAA Compliance

For US healthcare applications, UHDS addresses HIPAA requirements:

Business Associate Agreements (BAAs): UHDS implementations processing Protected Health Information (PHI) MUST establish BAAs between covered entities and business associates as required by HIPAA.

HIPAA Safeguards Implementation

Administrative Safeguards:
- Access control policies encoded in smart contracts
- Audit logging for all data access events
- Security incident response procedures
Physical Safeguards:
- Hardware Security Module (HSM) integration for key management
- Secure element support for mobile devices
Technical Safeguards:
- End-to-end encryption of PHI in transit and at rest
- Authentication of all parties using DIDs
- Integrity protection through digital signatures

FDA Regulatory Considerations

For applications that may be considered Software as a Medical Device (SaMD), UHDS provides:

Clinical Validation Framework: Documentation requirements for algorithm validation studies
Change Control: Versioning and update mechanisms for regulated software
Adverse Event Reporting: Integration with FDA reporting systems for safety monitoring
Precertification Support: Alignment with FDA Digital Health Software Precertification Program

International Regulations

UHDS supports compliance with global healthcare regulations:

Region	Regulation	UHDS Support
European Union	Medical Device Regulation (MDR)	Clinical evidence requirements, unique device identification
United Kingdom	UK Medical Devices Regulations	UKCA marking, MHRA compliance
Canada	Medical Devices Regulations (SOR/98-282)	Health Canada licensing, risk classification
Australia	Therapeutic Goods Act 1989	TGA approval, Australian Register of Therapeutic Goods
Japan	Pharmaceutical and Medical Device Act (PMD Act)	MHLW approval, J-QMS compliance

Implementation Requirements

Conformance Classes

UHDS defines multiple conformance classes to support different deployment scenarios:

Feature	Class A (Basic)	Class B (Clinical)	Class C (Research)	Class D (Enterprise)
Core Credentials	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED
Ed25519 Signatures	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED
ZKP Support	○ OPTIONAL	◉ RECOMMENDED	✓ REQUIRED	✓ REQUIRED
Differential Privacy	○ OPTIONAL	○ OPTIONAL	✓ REQUIRED	◉ RECOMMENDED
LOINC Integration	○ OPTIONAL	✓ REQUIRED	◉ RECOMMENDED	✓ REQUIRED
GDPR Compliance	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED
HIPAA Compliance	○ OPTIONAL	✓ REQUIRED	◉ RECOMMENDED	✓ REQUIRED
Audit Logging	◉ RECOMMENDED	✓ REQUIRED	✓ REQUIRED	✓ REQUIRED
High Availability	○ OPTIONAL	◉ RECOMMENDED	○ OPTIONAL	✓ REQUIRED

Test Suite Requirements

All UHDS implementations MUST pass the official test suite, available at https://github.com/UHDS-Standards/test-suite.

Test Categories

Core Compliance Tests (100% required):
- Credential issuance and verification
- Signature validation
- JSON-LD context processing
- Schema validation
Privacy Tests (varying requirements):
- ZKP circuit correctness
- Differential privacy guarantees
- Consent enforcement
- Data minimization verification
Security Tests:
- Cryptographic strength validation
- Key management security
- Revocation mechanism testing
- Attack resistance (replay, tampering)
Performance Tests:
- Latency benchmarks
- Throughput measurements
- Scalability testing
- Memory/CPU profiling

Reference Implementations

The following reference implementations are available:

Language	Repository	Status	Conformance Class	Maintainer
Python	python-sdk	Production Ready	Class C (Research)	UHDS Core Team
TypeScript/JavaScript	js-sdk	Beta	Class B (Clinical)	Healthcare Systems Inc.
Java	java-sdk	Alpha	Class D (Enterprise)	EHR Vendor Consortium
Go	go-sdk	Planning	Class A (Basic)	Open Source Community

Security Considerations

Threat Model

UHDS addresses the following threat actors and vectors:

Threat Actor	Capabilities	Motivation	UHDS Mitigations
Malicious Issuer	Can sign false health data	Financial gain, sabotage	Issuer reputation systems, regulatory oversight
Network Attacker	Can intercept network traffic	Data theft, surveillance	TLS 1.3, end-to-end encryption
Compromised Holder Device	Can access stored credentials	Identity theft, blackmail	Hardware security, biometric authentication
Curious Verifier	Can make repeated queries	Deanonymization, profiling	Differential privacy, query limits
Quantum Computer	Can break current cryptography	Strategic advantage	Post-quantum migration path

Cryptographic Security

UHDS employs defense-in-depth cryptographic protections:

Key Management Requirements

Issuer Keys:
- MUST use Hardware Security Modules (HSM) for production
- SHOULD implement key rotation every 90 days
- MUST maintain secure backup and recovery procedures
Holder Keys:
- SHOULD use secure elements on mobile devices
- MAY use cloud-based key management with user control
- MUST provide user-friendly recovery mechanisms
Verifier Keys:
- MUST authenticate before accessing health data
- SHOULD implement rate limiting and monitoring
- MUST log all verification attempts

Cryptographic Agility

UHDS includes mechanisms for cryptographic migration:

Algorithm: Cryptographic Migration

Monitor cryptographic standards for vulnerabilities
Define migration timeline when vulnerabilities discovered
Issue new credentials with updated algorithms
Phase out old credentials based on risk assessment
Update all implementations to new standard

Privacy Security Considerations

Beyond traditional security, UHDS addresses privacy-specific threats:

Linkage Attacks: Preventing correlation of multiple credentials from the same individual through pseudonym rotation and unlinkable proofs
Background Knowledge Attacks: Mitigating inference attacks using public information through differential privacy guarantees
Statistical Disclosure: Preventing reconstruction of individual data from aggregate statistics using formal privacy proofs
Metadata Analysis: Protecting timing, frequency, and other metadata that could reveal sensitive information

Privacy Considerations

Privacy by Design Principles

UHDS implements the 7 Foundational Principles of Privacy by Design:

Proactive not Reactive; Preventative not Remedial: Privacy protections are built into the architecture, not added as an afterthought
Privacy as the Default Setting: Systems default to maximum privacy; users must opt-in to reduced privacy
Privacy Embedded into Design: Privacy is an integral component of core functionality
Full Functionality – Positive-Sum, not Zero-Sum: Privacy and functionality are mutually reinforcing, not trade-offs
End-to-End Security – Full Lifecycle Protection: Privacy extends throughout the entire data lifecycle
Visibility and Transparency – Keep it Open: All privacy measures are transparent and verifiable
Respect for User Privacy – Keep it User-Centric: Privacy controls are understandable and accessible to users

Data Minimization Techniques

UHDS employs multiple layers of data minimization:

Selective Disclosure

Reveal only necessary fields from a credential

Zero-Knowledge Proofs

Prove properties without revealing any data values

Differential Privacy

Add noise to protect individuals in aggregate data

Homomorphic Encryption

Compute on encrypted data without decryption

Consent Management

UHDS implements granular, auditable consent mechanisms:

{
  "consentId": "urn:uuid:consent-12345",
  "subject": "did:example:patient123",
  "purpose": "clinical_research_study_abc",
  "dataTypes": ["LabResult", "VitalSigns"],
  "fields": ["result", "unit", "testType"],
  "processing": {
    "analysis": true,
    "aggregation": true,
    "sharing": false
  },
  "constraints": {
    "validUntil": "2026-12-31T23:59:59Z",
    "maxQueries": 100,
    "privacyBudget": {
      "epsilon": 2.0,
      "delta": 1e-5
    }
  },
  "revocable": true,
  "auditRequired": true
}

Privacy Impact Assessment Framework

UHDS includes a structured Privacy Impact Assessment (PIA) framework for implementations:

PIA Requirements: All UHDS implementations processing health data MUST complete a Privacy Impact Assessment addressing data flows, risk analysis, and mitigation strategies.

Appendices

Appendix A: Complete Examples

Comprehensive examples demonstrating UHDS in various scenarios are available at https://w3id.org/uhds/examples.

Appendix B: JSON Schemas

All JSON Schemas referenced in this specification are available at https://w3id.org/uhds/schemas.

Appendix C: Implementation Guide

Step-by-step implementation guidance for different deployment scenarios is available at https://w3id.org/uhds/implementation.

Appendix D: Change Log

Version	Date	Changes	Editor
1.0.0-draft	2026-01-01	Initial Editor's Draft	Amir Hameed Mir

Appendix E: Acknowledgments

The editor would like to thank the following individuals and organizations for their contributions to this specification:

W3C Healthcare Schema Community Group for foundational work
HL7 International for clinical data model expertise
Google Health Team for privacy-preserving computation insights
Mayo Clinic Platform for clinical validation guidance
MIT Digital Currency Initiative for cryptographic review
EU Commission DG SANTE for regulatory alignment
FDA Digital Health Center of Excellence for safety considerations

This specification builds upon decades of work in healthcare informatics, cryptography, and web standards. We stand on the shoulders of giants.

References

Normative References

[VC-DATA-MODEL-2.0]: Verifiable Credentials Data Model v2.0. Manu Sporny et al. W3C. URL: https://www.w3.org/TR/vc-data-model-2.0/
[DID-CORE]: Decentralized Identifiers (DIDs) v1.0. Manu Sporny et al. W3C. URL: https://www.w3.org/TR/did-core/
[JSON-LD11]: JSON-LD 1.1. Gregg Kellogg et al. W3C. URL: https://www.w3.org/TR/json-ld11/
[RFC2119]: Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. URL: https://tools.ietf.org/html/rfc2119
[RFC7519]: JSON Web Token (JWT). M. Jones et al. IETF. URL: https://tools.ietf.org/html/rfc7519
[RFC8259]: The JavaScript Object Notation (JSON) Data Interchange Format. T. Bray, Ed. IETF. URL: https://tools.ietf.org/html/rfc8259

Informative References

[HIPAA]: Health Insurance Portability and Accountability Act of 1996. U.S. Congress. URL: https://www.hhs.gov/hipaa/index.html
[GDPR]: General Data Protection Regulation. European Parliament and Council. URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
[FDA-SaMD]: Software as a Medical Device (SaMD). U.S. Food and Drug Administration. URL: https://www.fda.gov/medical-devices/digital-health-center-excellence/software-medical-device-samd
[LOINC]: Logical Observation Identifiers Names and Codes. Regenstrief Institute. URL: https://loinc.org
[SNOMED-CT]: Systematized Nomenclature of Medicine -- Clinical Terms. SNOMED International. URL: https://www.snomed.org
[UCUM]: Unified Code for Units of Measure. Regenstrief Institute. URL: https://unitsofmeasure.org
[HL7-FHIR]: HL7 Fast Healthcare Interoperability Resources. Health Level Seven International. URL: https://www.hl7.org/fhir/
[DIFFERENTIAL-PRIVACY]: Differential Privacy: A Primer for a Non-technical Audience. Cynthia Dwork and Aaron Roth. URL: https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf
[ZERO-KNOWLEDGE]: How to Explain Zero-Knowledge Protocols to Your Children. Jean-Jacques Quisquater et al. URL: https://pages.cs.wisc.edu/~mkowalcz/628.pdf