WellSpr.ing Clinical Exchange Standard
WCES 1.0

An open, HIPAA-compliant protocol for clinical data exchange — designed for patient sovereignty, practitioner-to-practitioner consultation, and zero vendor lock-in.

Overview

WCES is an open clinical exchange standard developed by the WellSpr.ing network. It defines seven document types for encrypted, structured clinical data exchange between practitioners and patients. WCES is implemented by LiteEHR (reference implementation) and is freely available for any EHR to implement.

WCES uses a Two-Zone Architecture that separates patient identity (PII) from clinical data. PII stays in the originating EHR and never travels the wire. Clinical data is de-identified through a six-pass pipeline before exchange.

Two-Zone Architecture

Zone 1 — Identity
PII stays local
Patient names, DOB, contact info, addresses. Stored only in the originating EHR. Never transmitted over the clinical exchange layer.
Zone 2 — Clinical
De-identified data travels
SOAP notes, vitals, medications, diagnoses, allergies. Transmitted only after six-pass de-identification. HIPAA Safe Harbor compliant (§164.514(b)).

Six-Pass De-Identification Pipeline

Every WCES case_briefing document is processed through this pipeline before transmission:

1
Name removal — Patient names replaced with [PATIENT]
2
DOB generalisation — Date of birth converted to age bracket (e.g., 40-49)
3
Provider identifier stripping — Provider names and NPI numbers removed or replaced with role labels (e.g., "naturopathic physician")
4
Medication detail removal — Lot numbers, NDC codes stripped (generic names and doses preserved for clinical value)
5
Geographic generalisation — ZIP codes, full addresses replaced with [LOCATION]
6
Document marking — Output tagged as wces_document_type: case_briefing, wces_deidentified: true

Document Types

case_briefing
De-identified case summary for peer review. Output of the six-pass pipeline.
full_record
Complete identified record. Requires explicit patient consent (share token with anonymous=false).
peer_response
Structured clinical opinion from a consulting practitioner.
patient_intake
Referral data from AI ambassadors and intake systems.
consent_record
Patient consent documentation — share token grants and revocations.
outcome_report
Treatment outcome tracking. Contributes to anonymised population health data.
audit_log
Compliance and access audit trail. HIPAA-required for covered entities.

Patient Sovereignty — The LiteEHR Flow

WCES is designed around patient control. The reference implementation (LiteEHR) implements this flow:

1
Upload
Patient uploads full EHR to LiteEHR via POST /api/ehr/ingest (WCES) or POST /api/ehr/import/fhir (FHIR R4). Data is encrypted, linked to patient's API key. No provider access yet.
2
Anonymous share (case_briefing)
Patient generates a share token with anonymous=true. Provider receives the token and fetches a WCES case_briefing — de-identified clinical data for pre-consultation review. PII never disclosed.
3
Full consent grant
When the patient commits, they generate a full share token (anonymous=false). Provider fetches the full identified record and imports it into their EHR via FHIR R4 export.
4
Revoke anytime
Patient revokes the share token. Provider access ends immediately. Patient retains complete ownership.

Case Briefing Schema (WCES 1.0)

{
  "wces_document_type": "case_briefing",
  "wces_version": "1.0",
  "share_token": "shr_...",
  "anonymous": true,
  "issued_at": "2026-04-28T00:00:00Z",
  "clinical_data": {
    "patient": {
      "given_name": "[PATIENT]",
      "family_name": "[PATIENT]",
      "age_bracket": "40-49",
      "sex": "F"
    },
    "encounter": {
      "date": "2026-04-15",
      "type": "office_visit",
      "chief_complaint": "Fatigue and brain fog",
      "subjective": "Patient reports 6-month history of fatigue...",
      "objective": "Well-appearing adult female...",
      "assessment": "Suspected hypothyroidism, evaluate for autoimmune etiology",
      "plan": "Order TSH, free T4, TPO antibodies..."
    },
    "vitals": {
      "bp_systolic": 118, "bp_diastolic": 76,
      "heart_rate": 68, "temp_f": 97.8, "weight_lbs": 142
    },
    "medications": [
      { "name": "Levothyroxine", "dose": "50 mcg", "frequency": "daily", "status": "active" }
    ],
    "conditions": [
      { "code": "E03.9", "name": "Hypothyroidism, unspecified", "status": "active" }
    ],
    "__wces_deidentified": true,
    "__wces_document_type": "case_briefing",
    "__wces_version": "1.0"
  }
}

LiteEHR API Reference

The LiteEHR reference implementation exposes WCES-compatible REST endpoints and MCP tools:

Patient Ingest

Patient-Controlled Sharing

Provider Access (no auth — token is the consent)

MCP Tools

Full MCP interface at POST https://liteehr.com/api/ehr/mcp: create_share_token, revoke_share, fetch_shared_record, list_shares, and all ingest tools.

Ecosystem

License & Governance

WCES is an open standard. Any EHR vendor may implement the document types and API patterns described here. The specification is maintained by WellSpr.ing under the WellSpr.ing Commerce License 1.1.

Reference implementation (LiteEHR) is MIT-licensed. Implementations that transmit patient data must comply with applicable local privacy law (HIPAA in the US, GDPR in the EU).