Privacy & Compliance

Your Privacy is at the Heart of Our Platform

Built for healthcare institutions that demand the highest standards of data protection and compliance.

Compliance Standards

HIPAA Compliant

Full compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations

FHIR R4 Standard

Industry-standard Fast Healthcare Interoperability Resources (FHIR) R4 format

GDPR Ready

Designed with General Data Protection Regulation (GDPR) principles in mind

HITRUST Ready

Architecture designed to meet HITRUST Common Security Framework requirements

Data Handling Process

1
Collection

Hospitals upload patient data via secure FHIR R4 interface. All data is encrypted in transit using TLS 1.3.

2
Anonymization

Advanced anonymization process removes all personally identifiable information (PII):

  • Names, addresses, phone numbers, email addresses
  • Date of birth (replaced with age range)
  • Social security numbers, national IDs
  • Any other direct identifiers

Medical data (diagnoses, treatments, lab results) is preserved for research value.

3
Tokenization & Storage

Anonymized data is tokenized and stored in encrypted databases. All data at rest is encrypted using AES-256 encryption.

4
Blockchain Verification

Consent and data authenticity are recorded on Hedera Consensus Service (HCS) for immutable proof. All transactions are visible on HashScan for complete transparency.

Consent & Withdrawal

Patient Consent

Patients provide explicit consent before their data can be used for research. Consent is:

  • Recorded on Hedera blockchain for immutable proof
  • Stored in FHIR Consent resource format
  • Transparent and verifiable on HashScan

Withdrawal Process

Patients can withdraw consent at any time:

  • Withdrawal request recorded on blockchain
  • Future data sales are blocked immediately
  • Previously sold data cannot be recalled (already anonymized)

Security Measures

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Encryption keys are managed securely.

Blockchain Security

Built on Hedera Hashgraph, one of the most secure and energy-efficient blockchain networks.

Access Controls

Role-based access controls ensure only authorized users can access specific data and features.

Audit Trails

All data access and transactions are logged and visible on HashScan for complete transparency.

Frequently Asked Questions

Can buyers re-identify patients?

No. By design, all personally identifiable information (PII) is removed during anonymization. The anonymization process is irreversible, and buyers receive only anonymized data with no way to re-identify patients.

How is consent verified?

Consent is recorded on Hedera Consensus Service (HCS) for immutable proof. You can verify any consent record on HashScan using the transaction ID. Consent is stored in FHIR Consent resource format for interoperability.

What happens if I withdraw consent?

Your withdrawal is immediately recorded on blockchain. Future data sales will be blocked. However, data that was already sold and anonymized cannot be recalled, as it no longer contains any identifying information.

How can I verify my data is secure?

All transactions and consent records are visible on HashScan. You can view your consent records, revenue distributions, and data access logs. The blockchain provides complete transparency and auditability.

Have More Questions?

Contact us for more information about our privacy and security practices