Healthcare data on the blockchain

Patients’ and health care providers’ data are separated by a complex network of relationships between jurisdictions, professional services, specialists, and other providers. And this is before a global pandemic.

The COVID-19 pandemic revealed even bigger inefficiencies in the healthcare system. Health data is stored in institutional, siloed databases that can’t communicate with each other and are inaccessible to individuals and other stakeholders. Specifically, traditional healthcare systems do a poor job sharing patients’ health records across channels and have a slow response registry for medical professionals.

To better illustrate, here are some examples:

If a primary care doctor prescribes a medication for an allergy to a patient, that data will be stored in their database. But, when the same patient needs to go to the emergency room for surgery, the hospital will need to know the patient’s health record including any medication they are taking and allergic reactions. The patient typically needs to set up another paper trail to the hospital because their health records are siloed in the primary care database and lack an efficient way to share information. In reverse, when the patient returns to their doctor, they will need to explain the details of the surgery because they won’t have any records of it. This can be solved if the patient owns their own health data that can be verifiable, and be able to efficiently share their health data with both the doctor and hospital.

Another example of inefficiencies of the registry for medical professionals has to do with human resources. A hospital during the pandemic was in desperate need of epidemiologists. But the current process is too slow for recruiting and onboarding qualified professionals. This challenge is not due to a lack of availability or skillset; it is the inability to efficiently find those professionals when they are outside of your immediate network; ie, from different geographies, hospitals, private practices, and even departments.

This problem too, arises from siloed databases in different jurisdictions that can’t communicate with each other, making it a slow process to verifying a medical professional’s correct credentials and licensing. Glass Bead Consulting calls this the “talent management paradox”. If every professional had verifiable and trusted professional information then we could resolve this talent management paradox and get people to where we need them quicker and more efficiently.

The pandemic stressed the need for better technology to solve inefficiencies in sharing patient data, and, secondly, a faster registry to onboard and recruit medical professionals. One of the technologies that can solve these inefficiencies is blockchain.

Using the blockchain for health data

A blockchain is a distributed, immutable database that can be accessed by many different parties and is not controlled or manipulated by any single party. The information stored on the blockchain is called metadata. Metadata can be anything from identity, transaction details, credentials, etc. Using blockchain and metadata you can create a digital identity.

Digital identities allow patients and healthcare providers to add data from various sources such as health records and vaccines, to certificates and licenses. All the data stored on the blockchain is encrypted and digitally signed for security and authenticity. A healthcare provider can request access to the patient’s medical information and if the patient gives consent, the medical records become available.

Here are some of the top reasons blockchain can improve health data management:

  1. The blockchain allows health data and identity to be owned and controlled by the owner themselves. It also allows this data to be shared with third parties if the owner chooses to do so.
  2. Since the user is the owner of their data - rather than the health providers or insurance companies - the blockchain can offer a system that incentivizes the users to share their private data with clinicians and governments.
  3. This solution allows for a distributed skills and talent registry of medical professionals to be accessed by companies looking to hire qualified people.

Alright, so Blockchain increases the “fluidity” of data. Let’s take a look at how secure that more fluid data is.

How the blockchain is secure

When using a blockchain-based digital identity solution for health data in addition to making health data more accessible and efficient it must be secure and private. Here are five ways the blockchain is secure:

Decentralized: The benefit of a blockchain being decentralized is it’s not in control of a single entity. A single entity can sell personal information or prevent individuals from accessing their data, and even shut down their accounts without permission.

Instant Verification of Authenticity: Credentials are instantly verifiable from anywhere via the blockchain, removing the need for third-party verification services.

Secure record of information: Metadata attached to a transaction and confirmed on the blockchain is immutable. This means no one can change or tamper with it.

Timestamping: Details on when an action occurred, such as the last doctor’s appointment or vaccination date, are timestamped automatically and cannot be changed or adjusted.

Difficult to hack: Since the blockchain is a distributed database a hacker needs to hack into all the nodes and change the information simultaneously. Just to illustrate how difficult it is to hack the Cardano blockchain, a hacker would need to control 51% of the resources of a ~US$60 Billion network. It has never happened and as the Cardano network grows it becomes more difficult.

(If you’d like to know more on metadata on the Cardano blockchain, click here for a getting started article)

So: data becomes more fluid, and data is at least as secure on a blockchain as in siloed-off, proprietary solutions. But is it as private as current processes, or can it be privacy-enhancing?

Privacy using a digital identity

Digital identity can be pseudo-anonymous. Meaning you can share information without revealing your full identity. For example, think about showing your driver’s license to get into a bar. All they need to know is whether you’re old enough to enter. But, we give them our home address, weight, whether or not you’re an organ donor, etc. With a digital identity, users can choose to only provide the necessary information, in this case, age.

How Cardano can help

From sharing patients’ health records across channels and having a registry for medical professionals while enhancing privacy and being more elegant in what data you share: Cardano is building solutions.

Atala PRISM is a decentralized digital identity solution built on the Cardano blockchain. Using PRISM users can create their own digital identity. From patient health records and vaccinations to professional credentials and certificates. By leveraging blockchain technology, users have full control of their data but with their consent can share their data across different channels. Since users can build cohesive and current profiles, governments or clinicians can get the best dataset to tell who is vaccinated or which credentials they have. A dataset that is impossible to tamper with, nor is it corruptible.

Let’s look at how Atala PRISM can help in real-life situations. Due to the outbreak of COVID-19, places with a large gathering of people may require proof of vaccination. Using Cardano’s PRISM, a person can verify they’re vaccinated simply by using a smartphone. And since the information is stored on the blockchain we know it is secure and authentic. And going back to the original example, both the doctor and hospital will know that a patient is vaccinated simultaneously.

Using PRISM, we can also resolve the talent management paradox for medical professionals. The blockchain can be a distributed and transparent registry of medical professionals’ skills and credentials. It can be accessed by HR departments and allow faster processing. In addition, it will streamline coordination among different geographies more efficiently and transparently to get people where we need them.

Interested in reading more on verification? Check out more from Atala PRISM. Interested to build great things on Cardano? Check out the resources at, or enter our Plutus pioneer program


I like this direction a lot more than Chainlink advertising how they can help Health Insurance companies - they actually framed it as a way to help patients get better premiums by allowing health insurance companies to verify physical activity, for instance. But in fact, that gives more centralized power to the Health Insurance industry and suggests somehow that premium hikes are the fault solely of unhealthy patients rather than utter greed and inefficiencies that exist within the health insurance industry and, as this article points out, within the entire healthcare ecosystem. By the way, there are so many more places within the ecosystem that the blockchain can solve. Would love to find out more about this project and any others.

This is a great concept and I hope it works. Most electronic medical records (EMR) or Hospital information systems (HIS) have interoperability standards for portability of data known as HL7 and more recently FHIR. They can and do talk to each other if stye have agreements between each other.

In the USA the three main systems are EPIC, Cerner and Meditech along with Athenahealth and Allscripts having the lions share of the market. These systems have patient portal modules (PHR) that allow them to log on remotely just for the purpose of reviewing their historical medical record for other health care providers to review such records as in the scenario mentioned above. In essence … the patient owns the data but the hospital owns the paper according to HIPPA privacy law in the USA. Hospitals will never allow patients to gain full access to their medical records without submitting a request to the corporate privacy officer for informed consent verification. Also … they de-identify patient data and use it for data analytics and to sell to upstart artificial intelligence companies looking for large databases to train and test convolutional neural network algorithms to improve diagnosis in such disciples such as radiology. It’s a rev stream for hospitals and they all do it.

EMR/HIS databases are RDBMS but also in NOSQL based on the daily flow and size of non-tabular patient data that needs to be visualized. While I agree that blockchain can be better utilized and adopted by EMR/HIS companies, the elephant in the room is getting them to agree to partner with Atala PRISM instead of using their own blockchain solution. This will take a huge marketing push … not to mention getting these siloed, secretive EMR/HIS vendors to agree and allow “all” patient data to be available to the patient. It’s all about economic protectionism in the medical record world.

1 Like

While I do not disagree with the challenges presented, I would like to look at the solutions rather problems.
First, hospitals really own medical records with EHR platforms ‘owning’ the way the data is accessed or shared. However patients have a right to receive a copy of their data. With recent interop legislation, access to patient records will hopefully become easier with APIs.

It means that basically we need to make sure there is an easy, default way for patients to claim their data copy - this can be done with an app, that connects to an EHR through the interop API and bridging it with the Blockchain. If that is made easy enough eventually patients will have more control of their data and hospitals will be motivated to at least read the data from Blockchain rather than requesting it from another provider. I can also imaging a hybrid approach where hospitals manage it in Blockchain directly in encoded form hence retaining some control of what they share and with whom. One layer that needs to be thought of is consent management. This will basically bridge who can access what part.

I may be a derp who misses part of the point, but could you have full Vaccine histories as well, wrapped in the health data? In terms of having vaccine requirements for travel or entry to certain countries, I would imagine this could fit the bill?