A client-server prototype illustrating prospective DApp operation principles for self-sovereign medical data. Private/Public key cryptography and encryption-decapsulation technologies offer a promising solution to the problems of medical record-keeping systems which are currently centralizsed and insecure. It's possible to push ownership of health records from centralized service providers to individuals.
Decentralised Patient-Controlled electronic health records (PCEDR) can be buil using
- blockchain with arbitrary code execution capabilities (smart-contracts) like Ethereum
- decentralised global content-addressable storage like swarm/ipfs or/and channels/queues/messengers like plasma/whisper/libp2p transports
- decentralised cryptography-based access-control and key management layer with incentivised reencryption engines.
We use Django web framework for modeling the components mentioned above.
It's a Django webserver with pythonic API and RESTful HTTP interface illustrating abstract call flow for record-keeping, access-control and reencryption. Tests cover the following case:
- Patient and Recepient register their entities (public keys) in the framework
- Patient populates its medical records encrypted with its public key
- Upon receiving disclosure request Patient approves it giving the permission to read
- Recepient gets the data recapsulated for its private key
- Recipient now able to extract plaintext from the capsule
Some screenshots of REST client you can find here
docker -t pcehr build .
docker run -it pcehr test -v 3
docker run -p 8000:8000/tcp -it pcehr
API endpoints (opens with browser, thanks Django Rest Framework tool)