Data security startup Guardtime has announced a partnership with the Estonian eHealth Foundation that will see it deploy a blockchain-based system to secure over 1 million patient healthcare records.
Under the deal, the foundation will integrate Guardtime's keyless signature infrastructure (KSI) blockchain into the foundation's Oracle database engine to provide "real-time visibility" into the state of patient records.
Estonia has become notable for its e-government system, which was established in 1997. This is enabled by a chip-embedded ID card that gives the nation's citizens access to over 1,000 e-government services, such as filing taxes and voting, almost instantly and via just one website.
Also included in the system are electronic patient records, which the rollout of Guardtime's technology is aimed to protect with an "independent forensic-quality audit trail". The company claims this will make it impossible to alter the information, illicitly or otherwise, without it being noticed.
A spokesperson for the company told CoinDesk:
"In guarding sensitive records, the danger is that they could be altered, deleted, improperly changed or updated, affected by hackers, malware, system issues, etc. The blockchain in this case can prove the integrity of the record, and everything that has happened to it over time."
Margus Auväärt, who heads the eHealth Foundation, said that Guardtime will allow it to maintain real-time awareness of health records.
"It enables us to react to any incidents immediately, before potentially larger-scale damages can occur,"Auväärt said.
Launched in 2011, Guardtime originally marketed itself as a provider of "keyless signatures" that would help prove data validity, with members reportedly contributing Estonia's Digital Signature Act and ID card in the late 1990s.
Perhaps owing to its longstanding work in the cryptography space, Guardtime said its KSI blockchain has been running continuously since before bitcoin in April 2008.
"[Bitcoin]'s built out of ideas that have been around for a while, and has a lot of similarities with our blockchain. I would say that bitcoin is a ledger and blockchain. Hyperledger [and] Ripple are ledgers without blockchains. KSI is a blockchain without a ledger," a spokesman for the company said.
He continued by stating that the system files and signs data, in a method similar to blockchain startup Factom. Every time a file changes, a new signature is generated and stored in the firm's blockchain.
"So the records themselves aren't stored there – just a series of hash values that show every time a file was updated," he said.
By signing key digital assets that protect a digital infrastructure, such as application components, log files and firmware, the system can provide real-time alerts to any compromises (eg: hackers or malware), "allowing organizations to identify and manage breaches in real time".
Unlike other approaches that depend on asymmetric (or public) key cryptography – bitcoin being the most famous example – KSI uses only hash-function cryptography, the company said.
Image via Shutterstock