Healthcare data on the blockchain

Patients’ and health care providers’ data are separated by a complex network of relationships between jurisdictions, professional services, specialists, and other providers. And this is before a global pandemic.

The COVID-19 pandemic revealed even bigger inefficiencies in the healthcare system. Health data is stored in institutional, siloed databases that can’t communicate with each other and are inaccessible to individuals and other stakeholders. Specifically, traditional healthcare systems do a poor job sharing patients’ health records across channels and have a slow response registry for medical professionals.

To better illustrate, here are some examples:

If a primary care doctor prescribes a medication for an allergy to a patient, that data will be stored in their database. But, when the same patient needs to go to the emergency room for surgery, the hospital will need to know the patient’s health record including any medication they are taking and allergic reactions. The patient typically needs to set up another paper trail to the hospital because their health records are siloed in the primary care database and lack an efficient way to share information. In reverse, when the patient returns to their doctor, they will need to explain the details of the surgery because they won’t have any records of it. This can be solved if the patient owns their own health data that can be verifiable, and be able to efficiently share their health data with both the doctor and hospital.

Another example of inefficiencies of the registry for medical professionals has to do with human resources. A hospital during the pandemic was in desperate need of epidemiologists. But the current process is too slow for recruiting and onboarding qualified professionals. This challenge is not due to a lack of availability or skillset; it is the inability to efficiently find those professionals when they are outside of your immediate network; ie, from different geographies, hospitals, private practices, and even departments.

This problem too, arises from siloed databases in different jurisdictions that can’t communicate with each other, making it a slow process to verifying a medical professional’s correct credentials and licensing. Glass Bead Consulting calls this the “talent management paradox”. If every professional had verifiable and trusted professional information then we could resolve this talent management paradox and get people to where we need them quicker and more efficiently.

The pandemic stressed the need for better technology to solve inefficiencies in sharing patient data, and, secondly, a faster registry to onboard and recruit medical professionals. One of the technologies that can solve these inefficiencies is blockchain.

Using the blockchain for health data

A blockchain is a distributed, immutable database that can be accessed by many different parties and is not controlled or manipulated by any single party. The information stored on the blockchain is called metadata. Metadata can be anything from identity, transaction details, credentials, etc. Using blockchain and metadata you can create a digital identity.

Digital identities allow patients and healthcare providers to add data from various sources such as health records and vaccines, to certificates and licenses. All the data stored on the blockchain is encrypted and digitally signed for security and authenticity. A healthcare provider can request access to the patient’s medical information and if the patient gives consent, the medical records become available.

Here are some of the top reasons blockchain can improve health data management:

  1. The blockchain allows health data and identity to be owned and controlled by the owner themselves. It also allows this data to be shared with third parties if the owner chooses to do so.
  2. Since the user is the owner of their data - rather than the health providers or insurance companies - the blockchain can offer a system that incentivizes the users to share their private data with clinicians and governments.
  3. This solution allows for a distributed skills and talent registry of medical professionals to be accessed by companies looking to hire qualified people.

Alright, so Blockchain increases the “fluidity” of data. Let’s take a look at how secure that more fluid data is.

How the blockchain is secure

When using a blockchain-based digital identity solution for health data in addition to making health data more accessible and efficient it must be secure and private. Here are five ways the blockchain is secure:

Decentralized: The benefit of a blockchain being decentralized is it’s not in control of a single entity. A single entity can sell personal information or prevent individuals from accessing their data, and even shut down their accounts without permission.

Instant Verification of Authenticity: Credentials are instantly verifiable from anywhere via the blockchain, removing the need for third-party verification services.

Secure record of information: Metadata attached to a transaction and confirmed on the blockchain is immutable. This means no one can change or tamper with it.

Timestamping: Details on when an action occurred, such as the last doctor’s appointment or vaccination date, are timestamped automatically and cannot be changed or adjusted.

Difficult to hack: Since the blockchain is a distributed database a hacker needs to hack into all the nodes and change the information simultaneously. Just to illustrate how difficult it is to hack the Cardano blockchain, a hacker would need to control 51% of the resources of a ~US$60 Billion network. It has never happened and as the Cardano network grows it becomes more difficult.

(If you’d like to know more on metadata on the Cardano blockchain, click here for a getting started article)

So: data becomes more fluid, and data is at least as secure on a blockchain as in siloed-off, proprietary solutions. But is it as private as current processes, or can it be privacy-enhancing?

Privacy using a digital identity

Digital identity can be pseudo-anonymous. Meaning you can share information without revealing your full identity. For example, think about showing your driver’s license to get into a bar. All they need to know is whether you’re old enough to enter. But, we give them our home address, weight, whether or not you’re an organ donor, etc. With a digital identity, users can choose to only provide the necessary information, in this case, age.

How Cardano can help

From sharing patients’ health records across channels and having a registry for medical professionals while enhancing privacy and being more elegant in what data you share: Cardano is building solutions.

Atala PRISM is a decentralized digital identity solution built on the Cardano blockchain. Using PRISM users can create their own digital identity. From patient health records and vaccinations to professional credentials and certificates. By leveraging blockchain technology, users have full control of their data but with their consent can share their data across different channels. Since users can build cohesive and current profiles, governments or clinicians can get the best dataset to tell who is vaccinated or which credentials they have. A dataset that is impossible to tamper with, nor is it corruptible.

Let’s look at how Atala PRISM can help in real-life situations. Due to the outbreak of COVID-19, places with a large gathering of people may require proof of vaccination. Using Cardano’s PRISM, a person can verify they’re vaccinated simply by using a smartphone. And since the information is stored on the blockchain we know it is secure and authentic. And going back to the original example, both the doctor and hospital will know that a patient is vaccinated simultaneously.

Using PRISM, we can also resolve the talent management paradox for medical professionals. The blockchain can be a distributed and transparent registry of medical professionals’ skills and credentials. It can be accessed by HR departments and allow faster processing. In addition, it will streamline coordination among different geographies more efficiently and transparently to get people where we need them.

Interested in reading more on verification? Check out more from Atala PRISM. Interested to build great things on Cardano? Check out the resources at, or enter our Plutus pioneer program


I like this direction a lot more than Chainlink advertising how they can help Health Insurance companies - they actually framed it as a way to help patients get better premiums by allowing health insurance companies to verify physical activity, for instance. But in fact, that gives more centralized power to the Health Insurance industry and suggests somehow that premium hikes are the fault solely of unhealthy patients rather than utter greed and inefficiencies that exist within the health insurance industry and, as this article points out, within the entire healthcare ecosystem. By the way, there are so many more places within the ecosystem that the blockchain can solve. Would love to find out more about this project and any others.

1 Like

This is a great concept and I hope it works. Most electronic medical records (EMR) or Hospital information systems (HIS) have interoperability standards for portability of data known as HL7 and more recently FHIR. They can and do talk to each other if stye have agreements between each other.

In the USA the three main systems are EPIC, Cerner and Meditech along with Athenahealth and Allscripts having the lions share of the market. These systems have patient portal modules (PHR) that allow them to log on remotely just for the purpose of reviewing their historical medical record for other health care providers to review such records as in the scenario mentioned above. In essence … the patient owns the data but the hospital owns the paper according to HIPPA privacy law in the USA. Hospitals will never allow patients to gain full access to their medical records without submitting a request to the corporate privacy officer for informed consent verification. Also … they de-identify patient data and use it for data analytics and to sell to upstart artificial intelligence companies looking for large databases to train and test convolutional neural network algorithms to improve diagnosis in such disciples such as radiology. It’s a rev stream for hospitals and they all do it.

EMR/HIS databases are RDBMS but also in NOSQL based on the daily flow and size of non-tabular patient data that needs to be visualized. While I agree that blockchain can be better utilized and adopted by EMR/HIS companies, the elephant in the room is getting them to agree to partner with Atala PRISM instead of using their own blockchain solution. This will take a huge marketing push … not to mention getting these siloed, secretive EMR/HIS vendors to agree and allow “all” patient data to be available to the patient. It’s all about economic protectionism in the medical record world.


While I do not disagree with the challenges presented, I would like to look at the solutions rather problems.
First, hospitals really own medical records with EHR platforms ‘owning’ the way the data is accessed or shared. However patients have a right to receive a copy of their data. With recent interop legislation, access to patient records will hopefully become easier with APIs.

It means that basically we need to make sure there is an easy, default way for patients to claim their data copy - this can be done with an app, that connects to an EHR through the interop API and bridging it with the Blockchain. If that is made easy enough eventually patients will have more control of their data and hospitals will be motivated to at least read the data from Blockchain rather than requesting it from another provider. I can also imaging a hybrid approach where hospitals manage it in Blockchain directly in encoded form hence retaining some control of what they share and with whom. One layer that needs to be thought of is consent management. This will basically bridge who can access what part.

1 Like

I may be a derp who misses part of the point, but could you have full Vaccine histories as well, wrapped in the health data? In terms of having vaccine requirements for travel or entry to certain countries, I would imagine this could fit the bill?

1 Like

Why not? This is the really exciting thing about Atala Prism. As Mike B mentioned above … you would take an SDK or API and interface it to a public health department immunization record system where it would have an “export immunization history” or “export page” QR code to sync to the Atala PRISM app and store on a smartphone or even an air gapped storage method. It solves a problem everybody has and wants. This eventually as it becomes more accepted & adopted will add value to the Cardano ecosystem.

Fantastic. Let’s get started. Let’s solve Global Health by working together. I am a doctor. Most of you are engineers and coders. Is there anybody out there also interested in creating Healthcare for the People? Let’s start!


Keep in mind, just securing your identity and credentials is not enough. Let’s take healthcare further by incorporating all aspects of healthcare delivery, including payment, treatment verification, past medical history and pre-authorizations. Whether on the same chain or para-chains, they can all be linked in interconnected with verified timestamps, securely. No insurance company needed. That is the most vital aspect of Healthcare for the People using crypto-blockchain processing. Direct patient-physician communication without the complicated bureaucracy and payor profiteering. Anyone?

1 Like

I am planning something on similar lines but scope of my research goes beyond the patient centered data alone. While researching, I have found few pain points in implementing a solution for the healthcare based on the cardano system. I would be grateful if someone can throw some light on these.

  1. Storing additional information such as images will take lot of data and we cannot use metadata for these purposes. So is there any way?
  2. Making a transaction requires a minimum of 1 ada and in this case, we cannot ask users to pay 1 ada for every data they bring into the system. This applies even if we are minting a token based on Cardano I guess.
  3. How do we query these kind of meta data on a global level. For example. If a research organisation wants to find list of patients who is greater than 25 years old? How can we achieve this securely?

These are the lingering questions on my mind currently and hoping to find some answers for the same.


Praveen, I can answer 1 & 3. If you are talking about X-ray images then sure it’s doable. If you are talking about MRI/Ultrasound/Digital Pathology image sets then no. There would have to be a bridge to a Cardano data repository for that form of image upload & retrieval in the petabyte size.

For the metadata question, because of patient privacy laws in North America at least (PHIPA/PIPEDA/HIPAA) the owner of the data would have to explicitly consent to de-identification of their data for use in academic, pharmaceutical or epidemiological research data sets.


Thanks @EMR_Guru for responding. I think we can even store the MRI/Ultrasound/Digital Pathology image sets in a decentralised solutions like IPFS nodes.

Now my question about the data ownership is important and I would like to expand on the same.
Most of the international frameworks till date conflict between privacy and maximising and resuable of the anonymised data for research. Almost all the regulations have decided that truly anonymising the data is fucntionally impossible. This is the main reason that calls for the explicit user consent for data sharing. This is exact functionality that decentalised systems does well. Since these assumptions are inherent in these laws, its important to take a step back for them to think about it and It can happen only when we can build such solutions using blockchain solutions.

1 Like

De-identification usually begins in the source system such as an EMR or HIS solution via application of a patient alias, from there the metadata can be further scrubbed in an OLAP EDW if need be. You could program an A.I. algorithm to do this as a third layer of confidence, train it, then test it. The main issue as I see it is convincing a hospital or clinic CPO to send you this de-identified data. Explainability is key here. I’m not sure if there are explicit/implicit health data privacy laws in Europe, Asia or India as a start but this is definitely a project worth exploring. You would have to map out the “how” and the “where” and start off small. A simple disclaimer on a DaPP registration won’t cut it. Is this something that medicalchain or patientory is trying to accomplish?


I completely agree to you on deidentifying the data and its explainability.
Europe has the better version of the patient information management laws whereas Asia and India are not so obvious.

Medicalchain is exactly opposite of what I am trying to say but they mainly created a trust and permission system that provides control of the data to the user.
Patientory is doing something similar on the lines of collective data and clinical trial recruiting. It would be definitely worth exploring them to understand how they manage to anonymise the data for collective intelligence and then once the targets are identified, how they were able to recruit the users as they need some pointers back to the user here.

1 Like

This is an excellent idea

As a patient I have questions:

Will I be able to remove/retract consent?
What if my doctor “accidentally” annotates a mis-diagnosis? How is this appended to the record?
Will I be able to view my records at any time in a convenient manner?

To Cardano:

How large is a block (how much identifiable data can it hold as in records)? The last time I requested a medical record printout at a Veterans Affairs facility I ended up with 3 reams of documents…10 years ago.

Instead of how much data is in a block, how many transactions would be required to put my entire record on a blockchain? My last transfer from an exchange was $0.22. That’s not a lot but that’s one tx of x-bytes.

Suggestion (not a developer…yet):

I’m having a hard time with this. I still think there would have to be a repository holding the records and professional licensure/qualifications using Cardano as the highway, of sorts.

Or maybe I’m just missing it all.

One thing is certain, medical systems should have the capability to communicate with each other in a timely, efficient, cost-effective manner that is beneficial to the patient and professional regardless of location. Even as a patient the current set up is a burden

1 Like

@FL13S. I will try to add my responses assuming that such system will be created in the future on top of Cardano.

Will I be able to remove/retract consent? -

Yes this is possible with Smart Contracts.

What if my doctor “accidentally” annotates a mis-diagnosis? How is this appended to the record? -

The data on blockchains are immutable so it becomes a permanent record.
Will I be able to view my records at any time in a convenient manner? - Yes. Your wallet/account should have access to this.

Instead of how much data is in a block, how many transactions would be required to put my entire record on a blockchain? -

Even though we can store some amount of data in Metadata but this is just 16KB at the moment. So the actual medical data might have to be offloaded to an external blockchain systems.

One thing is certain, medical systems should have the capability to communicate with each other in a timely, efficient, cost-effective manner that is beneficial to the patient and professional regardless of location. Even as a patient the current set up is a burden -

You are right. There are a number of healthcare projects on blockchain in the recent years, but the real problem is they are fragmented at the moment. It requires lot of experts to come together and adapt it in enterprise levels something similar to Healthcare Special Interest Group in Hyperledger which I am part of as well.

1 Like

Exactly. This is another area that needs serious thought. I actually had a non-mental-health provider annotate that I was suicidal. Serious errors like these need a method of correction. Understandably this is minute in scale and I’m just brainstorming.

Would you be able to provide current and relevant peer-reviewed, conference and or research papers on the subject from a broad perspective?

Thank you for the timely response as well.


Welcome to the community!

1 Like

I have this designed for groups that choose to self-fund, self-insure the medical service fees.

1 Like

As the patient, you retain all rights to your data - this is beyond what HIPAA currently allows. Example of the worst is Epic which takes ownership of the data and you have to contact Epic to get any quality access of data and cannot build apps without their involvement - too closed for future value.
Ultimately, you can manage your rights based on check boxes - either keep a simple version, yes/no; or a more advanced one - yes to doctors, no to research and no to companies and marketing. I have heard ICP may have an advantage with MS account being accessible - so if a unique ID whether it be on Atala Prism or ICP, or Cardano app, then one could individualize the needs of the one.
Medical systems do not communicate well until recently, sort of, because everyone cares about proprietary access from the company perspective, instead of the patient. The patient comes first, period.