Over the past month, developers have successfully leveraged blockchain technology to create automated “smart contract” services. Now, some are looking to tackle the next big practical blockchain application: sovereign identity solutions, which aim to harness blockchain technology to create easy-to-access immutable records of personally identifiable information needed to gain access to services like health care.

Before such solutions can take off, they have to overcome two distinct challenges: making them easy for people to actually use, and handling and storing sensitive information in compliance with a variety of data protection laws. Some government officials and software developers, however, are expressing confidence that there are ways to design platforms to overcome both roadblocks.

Take, for example, MyPass Austin, a pilot project launched in February 2018 and still in development that looks to provide the homeless population of Austin, Texas, with a way to store and access their identifying documents.

The goal of the project, which is a partnership between the Austin-Travis County EMS, Dell Medical School at the University of Texas, and the city of Austin, is to help homeless denizens have access to relevant personal information that various aid organizations, such as homeless care groups and hospitals, need in order to provide them service.

“In Austin, we have upwards of 30 to 40 different entities that may relate to someone experiencing homelessness, so we wanted to think about how a platform could enable [the homeless] to hold on to their own data,” said Kerry O'Connor, chief innovation officer for the city of Austin and former innovation catalyst at the U.S. Department of State.

O'Connor added that MyPass was awarded $100,000 to build a prototype by Bloomberg Philanthropies' Mayors Challenge, and is currently in a competition with over 30 other city-level projects for the chance to win up to $5 million in funding. It is also exploring partnerships and support from the New America Foundation's Blockchain Trust Accelerator, the Hyperledger Project, and others.

Yet in order to work, MyPass Austin has to first figure out how to allow homeless users access to their own information. O'Connor noted that the first ideas were around giving them access via cellphones or assigning them a user name and password through which they could log onto MyPass at a social service location, such as a hospital, to retrieve their data.

But there was skepticism such ideas were feasible. “We know people won't be able to hold onto their phones; we know they may have challenges in remembering user names and password,” O'Connor said.

So at an August 2018 hackathon launched to help design the basic MyPass platform, the project's leaders tasked developers with coming up with easier access processes.

The ideas are still being tested in practice. One includes asking each user to remember a numeric pin code and hold on to a QR code image to gain access to his or her data, or having them remember certain personal contacts, who could then be reached to provide login and password information.

To be sure, for these ideas to work, the platform would first need the trust of its user base, something it likely can't take for granted. “There are a number homeless folks who have a suspicion of giving their details to any kind of governmental authority,“ said Edward Block, an Austin-based associate at Foley & Lardner and the former chief information security officer (CISO) and cybersecurity coordinator for the state of Texas.

But the blockchain project looks to solve that issue by giving data owners say over who can see their information. “You have to grant access for other people to see your information, and you don't have to grant people access if you don't want to,” O'Connor said.

Still, the way MyPass restricts data access will likely also factor into how the platform can comply with state and federal data laws. Because it is handling sensitive personal information, the platform is “likely going to fall under a number of current regulations,” Block said. “For example, if you're trying to maintain health information on individuals, you're going to presumably implicate HIPAA regulations.”

Different personal or health information stored on the blockchain then would be required to have specific types of of security, access and management controls—no easy feat for a project that looks to help homeless denizens access a variety of information.

MyPass, however, aims to bypass some of these requirements by not keeping any documents on the blockchain itself. Instead, O'Connor noted it will only add document metadata to the blockchain, which would refer back to full documents that are kept in databases off the blockchain.

But even with this design, she added there are still some outstanding compliance issues that the project has to address. With regard to HIPAA, for example, the project has to look at how it can “ensure the veracity or integrity” of the metadata and documents, how the application can handle data erasure, and how sensitive data can be “protected both in transit and at rest.”

Suffice it to say, MyPass has its work cut out for it. But some believe these barriers aren't insurmountable, and that out of all the potential uses of blockchain, a solution like MyPass is one of the most practical. “I think we hear a lot about blockchain being the magic bullet for a number of problems and for some of them, it seems kind a stretch,” Block said. “But I think this pilot program is actually a very logical use of blockchain technology.”