Making a more secure, accessible medical system with zero-knowledge
Patients already trust their providers with their health, but what about their data? From the very first appointment, patients create a trail of data that is shared between a cacophony of health practitioners, insurance providers, and others. Whether we want to or not, most of us trust those charged with protecting our physical health to secure our digital safety, too.
That’s probably not a great bet, given that 385 million patient records have been exposed from 2010 to 2022 in the United States alone — and that’s just the cases that federal investigators know about, meaning there could be countless more unreported medical data leaks. Plus, the challenge of protecting your medical data is only getting more difficult as more and more healthcare companies adopt digital systems for processing records.
More secure systems could help reduce successful attacks against healthcare providers, but they must be constantly updated to protect against ever-evolving cyber attacks from bad actors.
Instead, what if healthcare companies could still verify critical health data without having to store and safeguard that data themselves, protecting patients better and reducing their risk of data breaches?
Zero-knowledge technologies are emerging as a possible alternative for privacy. With zPass on the Aleo blockchain, you can prove you meet specific criteria without revealing anything more — giving developers the ability to help address a major problem for the $12 trillion global healthcare industry and the billions of people it serves.
The power of zero-knowledge proofs in healthcare
Zero-knowledge proofs (ZKPs) are a form of cryptography that allows one party (the prover) to prove the information to another party (the verifier) without revealing anything beyond what is proven.
In medical settings, both patients and providers could benefit. Patients would have more control over their medical data, with the ability to selectively choose which information to disclose to their providers, and healthcare professionals could get the information they need to make informed medical decisions for their patients without having to store that data within their own digital systems, mitigating their risk of costly cyber attacks.
Here are two case studies of how ZKPs could be used in real-life medical scenarios using zPass on the privacy-focused blockchain Aleo.
Scenario 1: Sharing your vaccine status
Schools or employers may require proof of certain vaccinations, but students or employees might be reluctant to share their medical history.
Through zPass, doctors could generate a signed vaccination record they provide their patients. The patients could use this record as a private input to an Aleo program. The program, which operates on the patient’s device without ever being exposed to the web, could verify the record's authenticity, ensuring it complies with the required vaccines — and produce a zero-knowledge proof.
The verifying party — in this case, the school or employer — would not receive a copy of the signed vaccination record.
Instead, the verifier would receive confirmation from the program that the individual has passed the approval process — in this case, that they have received the vaccines and met any other requirements — and only need to verify the zero-knowledge proof to be sure the requirements are satisfied.
Versions of this are already being built. For example, the European Union created CoronaCheck to allow patients to share specific diagnoses and conditions to verify their vaccination states while adhering to European Digital Identity standards of selective disclosure.
By being built on the Aleo blockchain, zPass can achieve even greater security than those alternatives. That’s because the blockchain allows decentralized validator nodes to receive the proof in a transaction, verify the proof, and then add it to a verifiable ledger. By sidestepping intermediaries, zPass ensures that personal data remains in safe hands.
Scenario 2: Telemedicine and decentralized health data
Many people, particularly those in rural areas, lack consistent access to medical care. However, current systems make maintaining medical records or accessing telemedicine resources difficult, particularly when working across geographic and sociopolitical borders.
By shifting to ZK systems like zPass, providers could help patients feel more confident that their information is private and secure, allowing them to use digital systems to easily access medical care, recommendations, and advice from their providers.
Telemedicine can use data sets to train decision tree models. These models can then be represented in Aleo programs, where users can provide specific symptoms or information to the program, producing an output that signifies some potential ailment or a recommendation for urgent care. This can happen without seeing what inputs were involved. With Aleo, doctors and patients can protect the privacy of their inputs and still reach a recommended medical output.
These systems could also better connect rural people to healthcare by securely tapping into decentralized blockchain networks to share information between providers.
For instance, the international nonprofit WaterAid knows that there is significant overlap between communities that lack access to clean water and communities that don’t have access to traditional healthcare services.
By uploading its datasets to the blockchain through zPass, WaiterAid could help healthcare nonprofits understand where there might also be gaps in healthcare access – without revealing any private information about their service communities to the public.
In this video, we'll detail how zPass secures patient identity in medical records.
A more secure and accessible medical system is possible
Previously, the transparency of decentralized systems made them unsuitable for healthcare due to significant and valid privacy concerns.
However, zPass, and more broadly, Aleo, can serve as a solution by helping patients carry their health data securely while giving providers just enough information to treat them effectively without bearing the liability of storing that data.
Just a third of patients have “a great deal of trust” that their doctors can protect their data, and just a quarter believe their hospitals can.
By owning their data and having greater control over who has access to it, more patients might be willing to engage with the healthcare industry — making it more accessible and leading to healthier outcomes for everybody, from patient to provider.
Explore zPass to see how we’re making privacy — including financial privacy — the new normal.
Apply for a Request for Proposal (RFP) for a Proof of Useful Work Blueprint Grant to contribute to real-world change — and get rewarded for it.
Our blog features the stories of developer and privacy advocates building a better internet with zero knowledge.
About John Reynolds
John Reynolds is a Product Manager at Aleo, focusing on the strategy and development of identity solutions. Prior to Aleo, he was a Deployment Lead at Blend Labs supporting them through their IPO. John also held cybersecurity roles in the U.S. Air Force where he served as a Cyber Operations Officer.
For further information contact us at firstname.lastname@example.org