🌐

The Health Memory Association

Health memory apps are where email was in 1990 — data locked in silos, no portability, no standard. The world needs its IMAP moment for personal health data.

📧

The IMAP Moment — An Analogy

How email escaped the silo problem — and what health memory needs to do the same

▼

In the early 1990s, email was locked in silos. Your messages lived inside whichever application you used — Lotus Notes, CompuServe, early Outlook. If you switched apps, you left your mail behind. If the company went under, your history was gone. Every system was an island.

Before IMAP: your email was trapped in whichever app you used. After IMAP: one open standard let any app access your mail. Health memory needs the same transition.

Then came IMAP — the Internet Message Access Protocol. A single open standard that separated your mail from any particular application. Suddenly your messages lived in a canonical format, accessible to any client that spoke the protocol. Switch from Outlook to Thunderbird? Your mail came with you. The app became interchangeable. Your data became yours.

Health memory is exactly where email was in 1990. Your diary entries live in J4H. Your fitness data lives in Apple Health or Fitbit. Your chronic condition notes live in an app that may shut down next year. Your doctor's notes live in an EHR you can't access. None of it talks to anything else. None of it is truly yours. We are waiting for our IMAP moment.

🏛️

What Exists Today — and Why It's Not Enough

Adjacent organizations that don't quite solve the problem

▼

Several organizations work on health data interoperability, but none focus on the patient as the primary actor — the person who owns and carries their lifelong health memory.

Organization	What they do	What's missing
HL7 / FHIR	Defines the global standard for health data exchange between provider systems (hospitals, EHRs, labs)	Designed for institutions exchanging data, not individuals owning it. No personal health diary model. No encryption or consent standard.
CommonWell Health Alliance	Promotes health data sharing between provider networks in the US	Provider-to-provider only. Patient is a passive recipient, not the primary data owner.
The Sequoia Project	Health information exchange policy and governance in the US	Policy-focused, US-centric, no standard for personal apps or patient-held records.
Apple Health / Google Health	Aggregate health data on your device from wearables and apps	Proprietary. Locked to a platform. No narrative diary model. No open export standard. Apple Health data cannot move to Android.
W3C Solid / Inrupt	Personal data pods — you own a URL where your data lives, apps get permission to read/write it	General-purpose, not health-specific. No clinical vocabulary. Technically promising but adoption is near-zero.
Patient advocacy groups	Disease-specific communities (e.g. PatientsLikeMe) that help patients share experiences	Siloed by condition. Typically require surrendering your data to a company. Not portable.

The gap: No organization exists that focuses specifically on standardizing personal health memory apps — the format, the encryption, the portability, the consent model, and the certification of apps that implement the standard correctly. That gap is exactly what a Health Memory Association would fill.

📐

What the HMA Would Standardize

Six layers — from data model to certification

▼

Like IMAP defined six things that made email portable (server protocol, message format, folder structure, authentication, status flags, multi-client sync), a Health Memory Association would standardize six layers:

Six standardization layers — from the lowest (data model) to the highest (certification). Apps implement all six to earn the HMA badge.

Data Model. The minimum fields a health memory entry must contain to be portable: date, narrative (free text), severity (0–10 numeric), body_location, context (activity, environment). Plus optional structured extensions for vitals, medications, photos, family history. Every compliant app must be able to export and import this model.
Portability Format. A standard file format — either an HMA-defined JSON schema or a FHIR Bundle profile — that any compliant app can read and write. Like .mbox for email. Export from J4H, import into any future HMA-certified app. No data left behind.
Encryption Standard. OpenPGP for the portable archive (proven, 30+ years, open). AES-256-GCM for at-rest storage. PBKDF2 or Argon2 for key derivation. No proprietary encryption schemes. Any implementation using these primitives is interoperable.
Identity Protocol. A cryptographic keypair that represents you across apps and decades — not an account tied to a company. Based on W3C Decentralized Identifiers (DIDs) or a simpler open keypair standard. Your health identity travels with you when companies shut down, merge, or change terms.
Consent API. A standard HTTP API that any app or provider can call to request access to specific subsets of your health memory. You grant time-limited, purpose-limited, revocable tokens. The orthopedist gets your knee entries for 30 days. The cardiologist gets nothing about your knee. Cryptographically enforced.
Certification. Apps that implement all five layers earn the "Health Memory Certified" badge. This is the trust signal that tells users their data is portable, encrypted to the standard, and will not be held hostage. Like "Energy Star" for appliances, or "HTTPS" for websites.

🔗

The IMAP Parallel — Side by Side

How the solutions map exactly onto each other

▼

Email (solved)	Health Memory (unsolved)
Mail locked in Lotus Notes, AOL, CompuServe — no portability	Diary locked in J4H, Apple Health, Fitbit — no portability
Switch email clients, lose your history	Switch health apps, lose your history
Provider shuts down, mail gone	App shuts down, health data gone
IMAP: standard protocol — mail lives in a canonical format, any client can access it	HMA format: standard schema — health memory lives in a canonical format, any certified app can access it
SMTP for sending, IMAP for reading — app-agnostic	FHIR for provider exchange, HMA format for personal archive — app-agnostic
S/MIME and PGP for email encryption — open standards	OpenPGP + AES-GCM for health data encryption — already proven
You can use Gmail, Outlook, Thunderbird interchangeably — your mail is always there	You should be able to use any certified health memory app — your history is always there
Solved in 1996 by RFC 2060	Not yet solved. No RFC. No association. No standard. The gap waiting to be filled.

The key insight from IMAP: the breakthrough was not technical — the protocol itself is simple. The breakthrough was agreement. Enough organizations agreed to implement the same standard that network effects kicked in and proprietary formats became unacceptable. A Health Memory Association exists to create that agreement.

⚖️

How an HMA Would Work

Governance, membership, and the certification path

▼

The model already exists in adjacent domains. The Internet Engineering Task Force (IETF) standardizes internet protocols. The World Wide Web Consortium (W3C) standardizes web formats. PCI-DSS certifies payment security. The HMA would follow a similar governance model but focused on a specific domain.

🏛️ Standards body

An independent nonprofit — not controlled by any app vendor, insurer, or provider system. Members include patient advocates, app developers, clinicians, privacy researchers, and policymakers. Decisions made by public RFC process, not by corporate vote.

📋 Certification program

Apps submit for certification against the published standard. Open-source test suite verifies export/import compatibility, encryption correctness, and consent API compliance. Annual re-certification. Badge displayed in app stores and on websites.

🔓 Open specification

The full standard is published under a Creative Commons or IETF-style license. No royalties. Anyone can implement it. A small app developer in any country can build an HMA-certified app. This is how IMAP worked — open specification, any implementer.

🤝 Provider recognition

Health systems and EHR vendors that accept HMA-format imports earn "HMA Provider" status. Incentive: patients arrive at appointments with structured, machine-readable histories. Less time taking history. Better clinical decisions.

The real barriers are not technical. The standard could be written in six months by a small working group. The hard part is getting the first ten major apps to implement it — because until multiple apps support it, portability has no value. This is the classic chicken-and-egg problem of network standards. It was solved for IMAP by the IETF making it an RFC. It could be solved for health memory by a single credible standard-setting body.

🗺️

A Plausible Roadmap

From first RFC draft to global standard

▼

Year 1 — Foundation

A working group publishes HMA v0.1: the data model and portability format. Reference implementation open-sourced (J4H is a natural candidate). First 3–5 apps implement experimental support. Feedback loop begins.

Year 2 — Encryption & Identity

Encryption standard and identity protocol finalized. Patient advocacy organizations and privacy researchers join the working group. HMA v1.0 published. First formal certification program opens.

Year 3 — Consent API & Provider Adoption

Consent API specification finalized. First EHR vendors add HMA import support. Patients begin arriving at appointments with certified portable health memories. Clinical pilots demonstrate reduction in history-taking time.

Year 5 — Network Effects

Enough certified apps exist that portability has real value. Patients expect HMA certification when choosing a health app — like they expect HTTPS on a website. Regulators in multiple countries reference the standard.

Year 10 — The IMAP Moment

Non-certified health apps become unacceptable, the way HTTP-only websites are today. Your health memory travels with you across apps, devices, countries, and decades. The standard is as unremarkable — and as essential — as IMAP.

🔬

J4H as a Reference Implementation

How J4H maps to the HMA standard today

▼

J4H was not designed to implement the HMA standard — the HMA doesn't exist yet. But looking at what J4H already does, it maps remarkably closely to what the standard would require.

HMA Layer	J4H Today	Status
1. Data Model	date, narrative (content), severity (pain_level 0–10), location, patient context	✓ Core fields present
2. Portability Format	OpenPGP .asc export of JSON entries — importable, readable by any PGP tool forever	✓ Open format, durable
3. Encryption Standard	AES-256-GCM client-side + OpenPGP .asc export. PBKDF2 key derivation.	✓ Matches HMA baseline
4. Identity Protocol	Currently a shared passcode (8903) — not a personal cryptographic identity	⚠ Needs per-user keypair
5. Consent API	FHIR integration exists — structured provider exchange is already the architecture	⚠ Needs formal consent token model
6. Certification	N/A — the certifying body does not yet exist	— Would certify on day one

J4H is 4 of 6 layers already. The data model, portability format, and encryption standard are already aligned with what the HMA would require. Identity and consent are the remaining gaps — and both are on the roadmap. This makes J4H a natural candidate to be the first reference implementation when the standard is written.

A reference implementation matters for standards adoption. When IETF published IMAP RFC 2060, the University of Washington's c-client library served as the reference implementation that other developers could study and verify their work against. J4H could play that role for the HMA standard — open source, fully documented, and already in production.

IMAP did not make email better. It made email free — free from any single vendor, free to move, free to persist across decades. No one company controls your inbox today because of a decision made in 1996 to publish an open standard.

A Health Memory Association exists to make that same decision for health data. Not to build the best health app. To make the data free.

Your health history belongs to you. It should follow you through every app, every device, every country, every decade — as naturally and reliably as your email does today.