Posted 3 weeks ago | by @devadmin

University-born health tech venture, Pracs and IOST core developer, EverSystem have developed a prototype and completed the first phase of the introduction of the Personal Health Record (PHR), a system that allows users to manage their own health information. This project aims to manage personal health data as a health handbook using blockchain technology and share it with medical professionals.

For the uninitiated, on June 8, 2020, IOST announced a partnership with Japan-based Medical Health Tech Venture “Pracs.” This partnership aims to promote blockchain technology in the healthcare industry by developing a blockchain-enabled secure, transparent, and tamper-proof-on-chain medical record platform, with the first project being the Disease Management Notebook.

Figure 1

Below are the technical details of the progress with the Pracs project

Overall System Configuration

The project’s system is a combined database and blockchain system with users and medical facilities as actors, as shown in Figure 1. Here, public-key cryptography is used both inside and outside the blockchain. The important point is that the raw, unencrypted health data is kept only in the user’s hand on the phone.

Figure 2: Overall System Configuration

Verification Environment Configuration

As shown in Figure 2, the API server is built in the Amazon AWS cloud on EC2 on a Docker basis, and runs in a private net to avoid direct access to the server. To ensure security, it is accessed via HTTPS protocol via a load balancer with a certificate. The server is Nest.js+TypeORM, implemented in the TypeScript language. For the database, it used the MySQL-based AWS Aurora database, and the blockchain is IOST private chain. The health data storage API implements two phases of committing: storing encrypted data in the database and storing the hash value of the data in the blockchain.

System Access Procedure for Users (see Figure 3)

  1. The user launches the smartphone application.
  2. If the user does not have an account, he or she signs up. At this stage, an account is created and a private key is generated and stored in the local storage (storage in the smartphone).
  3. The private key is generated and stored in the local storage (the storage in the smartphone). Log in with Auth0 using OAuth or your email address and password. In this case, the account will be the one in the local storage.
  4. When you enter your body temperature on the temperature input screen or blood pressure on the blood pressure screen, the data will be encrypted and stored in the local storage and then sent to the server.
  5. After authenticating the access token, the server stores the transmitted data in a database and the hash value of the data in a blockchain.
  6. The smartphone displays the data in a graph, including the past data.

Figure 3: System Access Procedure for Users

The verification was conducted from February 15, 2021, to February 19, 2021. Five general users and two engineers participated in the verification. In the first phase, we placed operability and security as the evaluation axis and verified user-side applications and server data as a demonstration experiment using pseudo data.

The Result of Proof of Concept

Security Verification

The stored database data contains encrypted data, hash values, and signatures for verification. The blockchain stores the hash value of the health data for each latest data item (body temperature, blood pressure, etc.), and the receipts on the blockchain record the history of the data. The data on the blockchain storage is the final result, but the receipt is written each time the data on the blockchain is updated and is left behind forever.

These data cannot be decrypted without a private key. The team also confirmed that the stored database data and blockchain data were correctly decrypted by the client application.


Through this PoC, the team was able to confirm the effectiveness of the delivery of confidential health information. However, although the usability of the client application was not a problem, it is realized that it is important to set up the client application after hearing the requests of the users and the medical professionals to whom the information is to be handed over, such as the items of data, based on the responses to the questionnaire.

As for the point about security due to the trust of medical professionals in the engineers, although it can be solved by re-encrypting the data itself, it is essentially a matter of re-examining the positions of the users and medical professionals, and this is an issue to be discussed in the next phase.

The Promising Outlook of Blockchain in the Healthcare Industry

The use of blockchain technology in the healthcare space is expected to balloon significantly in the coming years. Evidently, according to research by Global Market Insights Inc., the R&D of DLT for data management in precision medicine and patient care will eclipse €1.6 billion by 2025. The versatility of DLT makes it a force to reckon across a wide array of industries, including finance, banking, and supply chain management, among others.

IOST, being one of the world’s four largest public chains, continues to commit to fostering the use of DLT across various industries. The alliance with Pracs is a testimony to IOST unyielding commitment to its “innovation chain, application chain, value chain” goal.

Original article published on IOST Medium.