KEY FEATURES OF PATIENTORY

• Allows patients to instantly access their health information.
• Allows hospitals to store patient information on the secure blockchain and run their node
• AI-powered technology stores data onto the blockchain network
• Patients are able to interact with the blockchain via a mobile app which enables access and provides features such as messaging
• Coordinated patient care via a blockchain HIE essentially alleviates unnecessary services and duplicate tests
• The patients or users can buy tokens from main public Ethereum Blockchain as per their storage needs
• Can be interconnected with any EHR system and enable doctors, care providers and everyone in the ecosystem to communicate on a single easy to use platform
• Encrypted middleware to meet the high-volume demands of modern day Health IT
• APIs with Electronic Health Records for fast medical information transfer
• HIPAA-compliant protected health information storage that adheres to region-specific regulatory guidelines
• Use Big Data to gain valuable insights for clinical care teams with actionable analytics

PROJECT CHALLENGES

• It was required to fetch the database from the existing EHRs which belong to the providers, in order to do so we worked on the third-party front to carry out the EHR synchronization.
• Since blockchain supports data privacy to strengthen the privacy of EHRs, we used HIPAA compliance so as to prevent the data leak.
• There were no public nodes so we had to run a private blockchain. We used Quorum blockchain node (private) only to connect with hospital systems.
• This also runs on every hospital infrastructure and each instance of it connects with the existing EHR System of hospital Like Epic through a wrapper service(Sansoro) to fetch all the data files. Here, each instance only connects with one EHR System. It fetches data files of all registered patients in the background, encrypts all data files and further takes steps to get the file stored on IPFS and then writes the IPFS hashes of files in the blockchain.

USER ONBOARDING AND EHR ACCOUNT PAIRING

• The user provides his mobile number on the Patientory app and the app sends the mobile number to RPC Server.
• RPC Server requests Core Service to find out if a patient record exists on any of the Hospital EHR Service.
• Core Service connects with one of the Patientory Hospital Infrastructure to find such user inside. The Patientory infrastructure EHR-Sync service connects with Hospital EHR System and tries to find a user. If found it returns the patientID to Core Service and Core Service returns the patientID to RPC Server.
• RPC Server generates a registration_reference_id and sends it to the mobile device. Along with it, an SMS OTP is also sent to the provided mobile number.
• Now Pationtory app will send registration_reference_id and OTP to the RPC server.
• RPC server now verifies the OTP and registration_reference_id, if it gets verified RPC will send signup_reference_id to the Patientory app.
• Now to register the user on the Patientory, the mobile app will generate a 12-word mnemonic and let user note it down somewhere safe.
• With the mnemonics, the device will generate following things
  • ECDSA public/ private key pair along with wallet address
  • RSA public/private key pair
  • RSA private key will be encrypted with 12-word mnemonics using AES encryption. Let’s call it encryptedRSAPrivateKey.
  • ECDSA private key will be encrypted with 12-word mnemonics using AES encryption. Let’s call it encryptedECDSAPrivateKey.
  • Now the wallet address will be treated as data and the signature for this data will be generated using ECDSA Private key. Let’s call this signature ecdsa_verification_signature.
• Similarly, treating wallet address as data, another signature will be generated using RSA private key let’s call it rsa_verification_signature.
• Now the device will send the following things to RPC Server.
  • signup_reference_id
  • Wallet Address
  • ECDSA Public Key
  • RSA Public Key
  • encryptedECDSAPrivateKey
  • encryptedRsaPrivateKey
  • ecdsa_verification_signature
  • Rsa_verification_signature
• RPC Server will validate everything sent by the device by matching signatures and SMS OTP with registration_reference_number.
• If all validations go well, RPC Server will now again fetch the patientID by performing the same steps mentioned in point 2 and 3.
• Now RPC Server will generate a transaction (Using RPC-Server-Private-Key) for blockchain that will create a new instance of User Smart Contract that will have all the details including patientID encrypted_private_kets etc. and will set the owner of this contract to the address provided by the mobile device.
• RPC Server will create a user record on Postgres database.
• access_token and refresh_tokens will be generated and will be sent to the user device.
• In the background, RPC Server will faucet the user wallet with few ethers to allow the user to perform actions on his Smart Contracts.
• Now user needs to grant permission to one of the Hospitals (Currently there is only one) to write user data on his FileVault Smart Contract. To do so the device will call an API with the wallet address of hospital and the RPC Server will generate a raw transaction on the behalf of a user and will be sent back to the user device.
• On the device, this raw transaction will be signed with user’s ECDSA private key and will be sent to RPC Server.
• RPC Server will forward this signed transaction to blockchain and on being mined the hospital will get the write permission to user FileVault Smart Contract.

MITIGATING THE ISSUE OF SINGLE POINT OF FAILURE

We ran multiple instances of RPC Server Service, Core Service, and the Postgres was also run in a distributed manner with master-slave configurations.