Guardtime offices

Guardtime, a cyber-security provider that uses blockchain systems to ensure the integrity of data, is partnering with the Estonian e-Health Authority to secure over a million health care records.

Guardtime uses Keyless Signature Infrastructure (KSI), a blockchain technology that provides massive-scale data authentication without reliance on centralised trust authorities. Unlike traditional approaches that depend on asymmetric key cryptography, KSI uses only hash-function cryptography, allowing verification to rely only on the security of hash functions and the availability of a public ledger.

Healthcare was named as something of a laggard when it comes to blockchain uses in a recent report. There are limitations regarding healthcare that blockchain providers typically run into, explained former US defence security expert Matt Johnson, now chief technology officer (CTO), Guardtime.

Johnson told IBTimes: "The Guardtime KSI blockchain is a bit different than say, the Bitcoin protocol, or the Ethereum protocol. Those blockchain providers have to address patient privacy issues because they literally put a copy of the transaction and the data itself in their blockchain.

"Because they only thing that we are passing is a signature, patient privacy is assured and then the ability to actually extend a keyless signature to customers allows you to do real time tamper and manipulation detection. The rest of the industry hasn't caught up to develop a solution on how you do that with those other two protocols.

guardtime logo

"KSI was focused first on large scale or massive scale data management, and so the protocol and the infrastructure stack is really optimised for this particular use case. It's a problem that we feel we have solved. The re-use for healthcare providers and insurers is something we are particularly excited about."

In Estonia citizens carry a unique identity credential and they can link back to their healthcare record. The blockchain ensures a clear chain of custody for how records are being managed, noted Johnson. "How they are being handled, what doctors are doing with those records, what hospitals and ambulatory service providers are doing with the records, and insuring that everybody who touches those records complies with a service contract on how they treat patient data."

Estonia has been at the forefront of innovation in digital society for the last 20 years and is the only country where a majority of citizens carry a PKI smart card with access to over 1000 electronic government services. Electronic patient records are a critical component of these services.

Johnson said: "There is so much innovation that comes out of Estonia largely because of their completely electronic society. There are a lot of limitations that other governments have because of paper processes, public policy processes and so forth. The entire society in Estonia has been wrapped around electronic governance and so as new services are brought online, it's a natural extension for them to integrate our technology for new citizen services.

"Really we are there as an accountability mechanism to ensure the appropriate data handling of in this case electronic health care records, but indeed all electronic data associated with citizen, corporate and government interaction, with important records.

"It's something they take very seriously. It's a crime in Estonia if you misuse data not in accordance with the subscription contract and so they look to enforcement mechanisms, audit mechanisms and Guardtime's blockchain underpins all of those important interactions."

To secure Estonia's electronic health records meant Guardtime KSI blockchain was integrated into Oracle's database engine – another case where Johnson sees re-use on global scale.

"Oracle is probably the largest database software application deployed globally and so as a commercial database it underpins a number of different services within Estonia. Integration is an essential part of the deployment, at least to this particular use case, and again we are excited at the re-use potential where Oracle underpins other healthcare opportunities across the globe."

The Estonian government and Guardtime began a formal cooperation in 2011, when select government organizations started deploying KSI blockchain to secure both public and internal records and logs to combat insider threat and indemnify the information systems operators. Under the new frame agreement, Estonia will make KSI blockchain available for all government authorities through the RIA-s X-road data exchange platform and increase investment in its existing blockchain competence center to better support public sector KSI implementations.

"Ensuring the integrity of information we process and store is critical to Estonia's eGovernance and way of life," said Taimar Peterkop, the Director General of Estonian Information Systems Authority. "You cannot make mistakes, and solely relying on perimeter security and goodwill of the insiders would be inexcusably naive. We need independent integrity instrumentation, both for the data, as well as for our systems, and the blockchain technology has a lot to give here."