MediPact Docs← Back to App

Data Flow

Complete data flow from EHR export to marketplace purchase and revenue distribution.

Complete Data Flow with Hedera Integration

This diagram shows the complete flow from data upload to revenue distribution, highlighting all Hedera integration points.

Hedera Integration Levels

MediPact uses Hedera at four distinct levels, each providing critical functionality:

Level 1: Hedera Consensus Service (HCS)

Purpose: Immutable storage of consent proofs and data provenance records

  • Consent Topic: Stores consent records with anonymous patient IDs, timestamps, and data hashes
  • Data Topic: Stores provenance records containing:
    • Storage Hash (H1) - Stage 1 anonymization proof
    • Chain Hash (H2) - Stage 2 anonymization proof
    • Provenance Proof - Links both hashes together
    • Transformation Proof - Verifies H2 derived from H1
  • Cost: ~$0.0001 per message
  • Verification: All messages publicly verifiable on HashScan

Level 2: Smart Contracts (Hedera EVM)

Purpose: Automated consent management and revenue distribution

  • ConsentManager Contract:
    • Records patient consent with anonymous IDs
    • Validates consent before data access
    • Immutable consent history
  • RevenueSplitter Contract:
    • Automatically splits revenue: 60% Patient, 25% Hospital, 15% Platform
    • Handles multi-hospital datasets correctly
    • Direct HBAR transfers to Hedera accounts
  • Cost: Low gas fees (~$0.01 per transaction)
  • Verification: All contract calls verifiable on HashScan

Level 3: Hedera Accounts (Native Accounts)

Purpose: Seamless wallet management for all users

  • Automatic Creation: Accounts created during registration for all users (hospitals, researchers, and patients)
  • Format: Native Hedera Account IDs (0.0.xxxxx)
  • EVM Compatible: All accounts support EVM addresses for smart contract interactions
  • Direct Transfers: HBAR sent directly to account IDs, no complex wallet management
  • User Experience: Users never see private keys - platform manages everything

Level 4: HBAR Payments & Revenue Distribution

Purpose: Instant, low-cost micropayments for revenue distribution

  • Researcher Payment: Researchers pay in HBAR to platform account
  • Payment Verification: System verifies payment using Hedera transaction receipts
  • Revenue Distribution: Smart contract automatically distributes to:
    • 60% to patient Hedera accounts
    • 25% to hospital Hedera accounts (original collectors)
    • 15% to platform Hedera account
  • Cost: ~$0.0001 per transfer
  • Speed: Instant settlement (3-5 seconds)
  • Transparency: All transfers verifiable on HashScan

Processing Pipeline

Step-by-Step Process

1. Data Export

Hospitals export EHR data in FHIR R4 format. The data includes patient records, conditions, observations, and other medical information.

For bulk uploads, each patient must have a unique phone number or email in the system. Phone numbers and emails are never registered twice across patients, ensuring a single contact and payout channel per person.

2. Double Anonymization

The adapter service applies two-stage anonymization for maximum privacy:

Stage 1: Storage Anonymization

  • Removes PII: names, addresses, phone numbers, exact dates of birth
  • Preserves 5-year age ranges (e.g., "35-39")
  • Preserves exact dates, region/district
  • Generates anonymous patient IDs (PID-001, PID-002, etc.)
  • Stored in backend database for researcher queries

Stage 2: Chain Anonymization

  • Further generalizes age ranges (5-year → 10-year)
  • Rounds dates (exact → month/year)
  • Removes region/district (keep only country)
  • Generalizes occupation further
  • Used for immutable blockchain storage

Provenance Records

Both hashes (Storage H1 + Chain H2) are stored together on Hedera with a provenance proof linking them, allowing anyone to verify the transformation chain.

K-anonymity enforced: Minimum 5 records per demographic group at both stages.

3. Hedera Integration

Anonymized data is submitted to Hedera:

  • HCS Consent Topic: Consent proof with anonymous ID, topic ID, and timestamp
  • HCS Data Topic: Provenance records containing:
    • Storage hash (H1) - Stage 1 anonymization
    • Chain hash (H2) - Stage 2 anonymization
    • Provenance proof - Links both hashes together
    • Transformation proof - Chain derived from storage
  • ConsentManager Contract: Records consent with anonymous ID and data hash

Both hashes are stored together, allowing public verification of origin and transformation on HashScan.

When enabled, the adapter can operate in a consent-first mode: it checks the ConsentManager contract on Hedera and only processes patients whose consent is already valid on-chain, refusing to process records without verifiable consent.

4. Dataset Creation

The backend creates a dataset entry with:

  • Dataset metadata (hospital ID, creation date, demographics)
  • HCS topic IDs for verification
  • Query filters (country, date range, conditions, demographics)
  • Pricing information

5. Researcher Query

Researchers browse the marketplace and query datasets:

  • Filter by country, date range, medical conditions, demographics
  • View dataset previews and statistics
  • System validates consent for all records in query results

6. Purchase & Payment Verification

When a researcher purchases a dataset:

  1. Researcher initiates purchase and receives payment request (recipient account, amount in HBAR)
  2. Researcher connects Hedera wallet (HashPack, Blade, etc.) and sends HBAR payment
  3. Researcher provides transaction ID for verification
  4. System verifies payment on Hedera network using transaction ID
  5. Upon verification, revenue is automatically distributed: 60% Patient, 25% Hospital, 15% Platform
  6. HBAR transferred to Hedera accounts (0.0.xxxxx) - accounts created automatically if needed
  7. Researcher gains access to download anonymized data

7. Revenue Distribution & Withdrawal

After revenue distribution:

  1. Patients and hospitals receive HBAR in their Hedera wallets (automatically created)
  2. Balances displayed in USD (primary) with HBAR below
  3. Users can withdraw to bank accounts or mobile money
  4. Automatic withdrawals triggered when balance reaches threshold
  5. Withdrawal notifications sent via email/SMS

Revenue Distribution Flow

How It Works

  1. Researcher purchases dataset (pays in HBAR)
  2. RevenueSplitter contract receives payment
  3. Automatically distributes: 60% Patient, 25% Hospital, 15% Platform
  4. All transactions verifiable on HashScan

Benefits: Trustless, Transparent, Instant, Low fees

Verification & Audit

HashScan Verification

All Hedera transactions are publicly verifiable on HashScan:

  • HCS Messages: View consent and provenance record submissions
  • Provenance Records: Verify both storage and chain hashes, and the transformation proof linking them
  • Smart Contract Calls: Verify consent records and revenue distributions
  • HBAR Transfers: Track revenue distribution to patient, hospital, and platform accounts
  • Account History: View all transactions for any Hedera account (0.0.xxxxx)