Securing patient data with Blockchain for an EDI provider

Krithika S

October 9, 2020

Within the Healthcare ecosystem, there are several touch points between patients’ and healthcare systems (Hospitals, Clinics, Labs, Doctors and more) where Blockchain can be implemented.

Our team was exploring blockchain for a healthcare technology provider who is innovating in the patient’s data storage space. Our client was more than happy to explore Blockchain to see how it can help, differentiate and build capabilities.

Foundation of a new healthcare IT system lies in the creation of a platform that allows interoperability, safe storage of patient data, and efficient exchange of information securely between stakeholders. Privacy of data and user-based access control is critical, this can be achieved using blockchain.

Medical data generated from a doctor’s examination note or patients wearable device or when the patient uploads his existing medical records, a digital signature is created for verification. This data is then encrypted and sent to the cloud (encrypted) storage, with a unique pointer being created in the blockchain along with the user’s unique ID.

When a patient’s data is requested, the unique pointer on the blockchain is used to retrieve the data from the encrypted storage. It is decrypted and displays on the relevant devices. The patient will be notified every time data is added (to the blockchain), or when a request to access data is received. Users can manage access on multiple levels of their data using their web or mobile apps. Private keys can be stored on patient’s behalf or it can be put on offline storage at the patient’s convenience.

The data of a patient is further split as private and public data to enable a wider visibility to other parties in the consortium like governments and Insurers. The public data in Client’s Datasets can be used by the government and other insurance providers to analyze and gain insights from the market.

Our client is a decentralized platform that enables secure, fast and transparent exchange and usage of medical data. We introduced utilization of blockchain technology to store patient health records and maintain a single version of the patient’s true data. It will enable different healthcare agents such as doctors, hospitals, laboratories, pharmacists, insurers, and government to request permission to access and interact with medical records. Each interaction is auditable, transparent, and secure and will be recorded as a transaction on client’s distributed ledger. Moreover, no privacy is lost in this process as every data transfer happens only with the consensus of the patient; It is built on the permission-based Hyperledger Fabric architecture which allows varying access levels; patients control who can view their records, how much they see and for what length of time.

Why did we build it on blockchain?

The healthcare industry has more data breaches than any other sector and 95% of medical institutions polled said they had been victims of a cyber attack. Medical records are being stolen and sold on darknet markets where they are 10 times more expensive than credit card data.

Sometimes the threat to your privacy isn’t outside the healthcare system, but from within it. Over a million patients’ health records attending London hospitals run by the NHS Royal Free Trust are being analyzed and mined by Google with little transparency and no option for withdrawal.

Whether the threat is from the inside or the outside, it is clear that in increasingly digitized and widespread healthcare systems there are more opportunities than ever for your records to be accessed without your permission. The patient has little autonomy to defend themselves against this and legacy healthcare systems are not properly prepared to protect patients’ data.


  • Data can only be accessed by the patient’s private key, even if the database is hacked, the data will be unreadable.
  • A patient will have full control over accessing their healthcare data. The patient will control who sees their data and what they see (Public data is visible to everyone; private data is a restricted data)
  • Instantaneous transfer of medical data. Every member in the distributed network of the healthcare blockchain would have the same data of the patient’s record.

Learning curve involves:

  • Patients will have to learn how to use their private key properly. They may wrongly assume these can be easily changed.
  • Stakeholders will need to learn how to use blockchain technology.
  • Legacy systems will either have to be tweaked or remade

As our journey with Blockchain begins exploring various use cases that can create more security and transparency for businesses, we look forward to empowering our clients with Blockchain in other industries.


Krithika S

Assistant Project Manager

Related articles

Modern Perspective to Modernization

As the tech world continues to gravitate toward digital modernization, cloud-based platforms, and consistently updated applications, businesses of all shapes and sizes need to take

DevSecOps and Data Science

Before understanding DevSecOps and how it pertains to data science, it’s crucial to grasp the concept of DevSecOps and how it differs from DevOps. DevSecOps

Want to work with us?