You want e-health? Solve the issue of privacy first!
The e-health market is on the rise with more and more companies and governments developing new solutions and practices that include information technology.
The biggest challenge? Solving the question of patient digital privacy.
We have already covered some of the alarming cases that originate in the way the medical data is currently stored and processed in the digital sphere and with the rising investments in this field the amount of leaks is only going to get worse.
The problem lies in the intricate way of data storage which is not changing. We are still talking about a centralised databases which suffer from vendor lock-in, unqualified support and most importantly — a single point of failure.
Attack vectors may vary from hardware and software errors to phishing to simple physical break-ins but the one thing they have in common is that once you are able to hack the database, all of the data is yours.
Databases are horses in the time of cars
The databases were developed because that was the only way the users could access a huge amount of information.
From the times of punch cards and computers that filled the hallways the logic behind databases has not changed much. In the end you are still talking about a centralised way of data collection which in turn means that once you have the keys to the storage room, everything is up for grabs.
Databases are usually protected with usernames and passwords. Although the development of one-time passwords and two-step authentication has been popularised lately, we are again seeing that these are not bulletproof solutions since they are still protecting the same thing — access to a database full of user data.
First game-changer is the appearance of zero knowledge databases. Zero knowledge means that the owner of the database does not know what data is stored in a specific part of the database if it does not have a username and password for that part. One of the most widely known zero knowledge database storage is the US cloud provider SpiderOak.
Second game-changer is the abolishment of username and passwords for permission-based system. Permissions allow the user to control the access to the data without having to fear that somebody might guess or phish the username and password.
Market demands privacy-first!
Cambridge Analytica and the more recent CubeYou incidents revealed how companies are gathering up all of our data without providing adequate protection of it. Quotes from Facebook executives are showing an alarmingly ignorant culture which puts innovation before our privacy and security.
More and more users are realising their data is being misused without their knowledge and consent. This in turns means that the market is actively demanding privacy-first products and services which was not true just a few years ago.
Iryo: Rethinking e-health from the ground up
Iryo network combines permission based data access with zero knowledge encryption and uses the blockchain technology for allowing access to your medical data. At the same time, it decentralizes the data on user devices, making it easier for the user to have actual control over it.
This means the user knows exactly how and when his data is being used. At the same time it is impossible to view, edit or manipulate the data in any way if the user does not give its explicit consent.
We are also purposing an alternative way of data economy with embedded privacy. Since most of the data exchanges these days are plagued with privacy-violating features, Iryo network offers a unique way of handling data request via approval system. Which is the exact opposite of what Facebook was caught doing recently.
And finally, we are developing Iryo with openEHR standards which assure the maximum interoperability and practically guarantee protections from common plagues of software development — vendor lock-in, incompatibilty and abandonment.
