NuCypher x LTO Network: EPD made possible by Live Contracts and re-encryption

Imagine that you have sensitive information that you want to keep private, but you want to be able to share it in some circumstances as well. A simple way would be to store and share it at your disposal. However, actively sharing this information might not always be possible.

Let’s take your medical records as an example. A highly confidential piece of information which you want your doctor, a nurse or any other qualified professional to have access to depending on your circumstances.

Even before the Electronic Patient Dossier (EPD) was introduced in 2010, major concerns arose about the danger of storing large amounts of sensitive data in a central database.(In 2015) The Dutch parliament argued that: ‘the first proposal for the implementation of the EPD was turned down by the Dutch parliament, a majority of health professionals and the Dutch citizens due to the concerns of privacy, as serious doubts of the security of personal medical data existed.’

After the EPD was cancelled in the Netherlands, a new system was introduced in 2013, in which hospitals, caregivers and insurance companies could share data between parties. Unfortunately, we must conclude that decentralization alone isn’t able to solve the issues around authorization and privacy.

Take the story of Samantha de Jong, a Dutch reality star, as an example. While being hospitalized, her medical records were accessed by 85 staff members of the hospital who didn’t have any legitimate reason to do so. As a result, one of these 85 staff members could leak information to the outside world. In a sense the audit system worked, but it did not prevent the irreversible consequences. You don’t want to get to the point of no return when you are dealing with such sensitive, personal information.

With current technology you cannot ensure the safety of that data, so what recourse do we have? This is where NuCypher’s proxy re-encryption and LTO Network’s Live Contracts come into play. Consider the hospital encrypting the data before it was stored, where you as patient would have the only key to decrypt it. This would provide adequate security. However, requiring a patient to actively decrypt the information each time the doctors and nurses need access, is impractical and in some cases impossible. Entrusting your key to the hospital would make the system as vulnerable as before.

NuCypher can re-encrypt your information, so the doctor can decrypt it. This requires the collaboration of many nodes in such a way that the key or information is never exposed. In order to do this re-encryption, there must be consensus on whether or not this action is allowed.

The LTO platform allows you to define a Live Contract; an auditable procedure and ruleset functioning as agreement, secured in the blockchain. By using ad hoc private blockchains, details of a certain procedure are never exposed. These procedures help the NuCypher nodes to reach consensus about a re-encryption task.

The Live Contract might stipulate the following rules;

  1. The requesting party must be a certified caregiver.
  2. The patient must approve access to their data.
  3. In normal circumstances, explicit approval from the data owner is required.
  4. When the owner is unable to give acknowledgement themselves, the contract specifies one or more specific parties (e.g. parents or spouse) that must give approval.
  5. When dealing with a life-threatening situation, first response and emergency caretakers could be granted immediate access. These requests for access get stored, and since the process is auditable there are legal repercussions if the situation was deemed to not have been life-threatening.

NuCypher and LTO Network use blockchain technology and cryptography to improve security, privacy and transparency in a supporting role. We can not hand over control to the rigid logic of smart contracts when human lives are at stake.

This is just one example of how conditional access to sensitive data can be made possible by LTO Network and NuCypher, making a great ground floor for a long-term partnership between humans and machines.

About NuCypher
NuCypher provides a data privacy layer for blockchain and decentralized applications that enforces cryptographic access controls for performant end-to-end encrypted data sharing through the use of proxy re-encryption. Using NuCypher’s technology, applications can ensure that their data remains private, confidential and encrypted while maintaining the ability to share that data with trusted parties.

About LTO Network
LTO Network is a blockchain platform for creating decentralized workflow applications, while maintaining data privacy and GDPR compliance. Developers and enterprises can use the LTO toolkit to either create new, or integrate existing solutions — and run them in a transparent, secure and decentralized way.