Iryo is the world’s first participatory, blockchain driven healthcare economy built on decentralising access to medical records. Iryo Token is designed as a gateway cryptocurrency that enables patients, research institutions and clinics to participate in Iryo’s global participatory healthcare network, ensuring patient privacy, leverage and cross-network collaboration.
Token driven incentives promote elevated levels of medical research.
Iryo Network is a zero-knowledge health record storage platform, with an anonymous query interface. It uses blockchain permission controls for patient record access and tokens to incentivise end users consent enabling artificial intelligence (AI) research.
The healthcare industry is expected to generate more than 500 exabytes of data with an expected annual growth rate of 48%. This presents a looming challenge in data management. Although multiple standards try to address this issue, a lot of that data is still stored inside local silos in proprietary formats. As such reusability of the data and interoperability between different actors is often too expensive or even impossible. To make our data as open and as meaningful as possible we decided to use openEHR's approach to data modeling and exchange.
At the core of openEHR are simple and exchangeable archetypes that link values to their actual meaning (blood pressure as an example). Simple and widely used archetypes can then be linked together in more complex structures to support various types of procedures required by clinics. Archetypes don't only solve data storage problems but are also used in openEHR's Archetype Querying Language (AQL) where archetypes can be reused in building and running extensive queries across the data.
The openEHR community (in collaboration with doctors and clinicians) have been preparing specifications and collecting archetypes for the last 15 years and have already been chosen as a level of standard in nation-wide data exchange programs in some European Union countries. Taking this into consideration, we deem it the best option to manage patient data with vendor independence by using openEHR.
Iryo Network - Zero Knowledge Storage
The Iryo Network is a global repository of openEHR data. Since few people are prepared to provide their medical data to a “GoogleEHR”-type of capture and shameless reaping of all the medical data for commercial purposes, Iryo has decided to give up it’s access to plain data. Iryo perceives the medical data it holds as a “toxic asset”, because we believe that holding too much data in one place presents too large a liability risk.
The solution to managing this risk is zero-knowledge data storage which is resistant to all attacks, including state-actors or “inside jobs’’. This works by way of users encrypting their data on their mobile device(s) with a public key. A private decryption key remains on the patient’s device. Whenever someone wants to access patient data (a doctor or researcher, for example) the patient has to approve their access. This will be done by the patient clicking “yes’’ in their IryoEHR app. This gives a re-encryption key to the doctor’s public key. You can read more under the “Private key management section” to understand the details of this process and the application to the edge cases.
Iryo Anonymous Query Interface
Since health data doesn’t decrypt itself without patient consent, a new approach needs to be devised to allow for machine learning and AI capabilities. There are many complicated ways, from both a development and resource standpoint, to query encrypted data (e.g. multi-party computation and proxy re-encryption). Fortunately, there is an actual ‘trusted device’ in the Iryo Network end-user device. This could be a phone, tablet or personal computer. Since these devices need to be able to read all health data in plain text, they would also be able to execute the queries across the same data.
A process to deliver queries to end-user without breaking its anonymity or given consent needs to be defined. Iryo has a solution to this process gap.
1) First Iryo would verify research institutions to make sure they are legitimate and not attempting to commercialize confidential information by re-selling the collected data.
2) Researchers would receive the Iryo Research Portal software which they can use to send queries to the Iryo Network, using the ‘Archetype Query Language’ (AQL), and openEHR specification.
3) When they do, Iryo would verify the query first. This is to check that the query is not too broad or asking for information repetitively which could indicate an attempt to reconstruct records (if done over an extended period of time).
4) The patient's own device verifies that the patient meets the query criteria. If the verification is successful, the query details with the name of the research institution and the amount of tokens to be received by a patient is shown on the device pending approval.
In actual implementation, the patient's device will receive a silent notification which will wake up a background process to query the requested criteria i.e. female, 30-35 years old with diabetes. If a patient does not fall within the defined parameters, the silent notification disappears. It will do so without providing a report to the requester thereby keeping patient-users anonymous. If the patient meets the criteria, a notification would be shown on the patient’s device.
The notification would include the name of the research institution, the justification for the query requested i.e. the aim(s) of the research, and the number of tokens available as an incentive to allow query results to be sent back. Iryo envisions three types of opt-out, anonymous requests that present various potential implications for privacy which would require distinct user consent. These types are identified as a pseudo anonymous query, an anonymous query used for AI validation across a dataset and an anonymous query to deliver patient value.
Immutability of medical data
The first line of defense is offered by zero-knowledge encryption itself. It is easier to defend data integrity when a potential attacker doesn't know what to change since everything is encrypted in the first place. The second line is offered by redundant storage nodes and saved medical data checksums on patient devices support immutability. If anything is changed, a user will know.
The final line of defense is to find out which node was changed. All storage nodes would provide cryptographic proofs to patients, by writing hashes in the EOS blockchain. Patients would be able to independently verify that the provided proof was really there with a blockchain receipt. That way, if the checksum verification fails, the compromised storage node can be easily identified and replaced. To reduce the number of hashes, aggregation into a Merkle tree will be used. Clients receive a blockchain receipt which they can use to independently verify the blockchain proof.
In the spirit of the bitcoin, Iryo Network removes the need for (patient) identity, replaces it with mathematical control over his medical data. This allows Iryo Network to bypass traps associated with stolen identity, phishing attacks and avoids liability with verification of the identity (false positives, false negatives, missing the data on the patient).
Patient > Doctor > Clinic dynamics keep the system honest. Secure and private and allows the system to finally scale over international borders bringing an unprecedented network effect to fruition. This historically fragmented industry can finally start building on top of open Iryo Network and start serving patients instead of going through yet another round of interoperability nightmares.
Source : https://iryo.network/iryo_whitepaper.pdf