Alexis NormandICO team member replied on 12 Nov 2018
Hi Stephen,
Thank you for looking into this. We are laser focused on the US, where our live product is compatible with HIPAA compliant regulations and medical record formats. It is also the biggest life sciences market in the world. This is where we start.
This is our priority because it is perhaps the only country where 90% of people have electronic medical records, thanks to the Meaningful Care act passed in 2008, which subsidized massively the adoption of Electronic Health Records in the US by providers. This means that from a privacy perspective, we must comply with HIPAA regulations, the US norm for protecting electronic personal health information (ePHI), applicable to covered entities (hospitals, payers...) and their business associates (companies performing services on their behalf). In short, anything that can identify you as a patient is considered ephi. It must be stored on a HIPAA compliant server. To make this compatible with a decentralized technology, ePHI such as name & identity must be stored off-chain, with medical data on the blockchain, to allow patient ownership in sharing or in case of compensation.
In France, where we are also beginning to gain traction, regulations that apply are a combination of EU GDPR regulations defining what health data is, and national legislation regarding storage of such data, similar to HIPAA but with slightly different requirements.
Thank you for looking into this. We are laser focused on the US, where our live product is compatible with HIPAA compliant regulations and medical record formats. It is also the biggest life sciences market in the world. This is where we start.
This is our priority because it is perhaps the only country where 90% of people have electronic medical records, thanks to the Meaningful Care act passed in 2008, which subsidized massively the adoption of Electronic Health Records in the US by providers. This means that from a privacy perspective, we must comply with HIPAA regulations, the US norm for protecting electronic personal health information (ePHI), applicable to covered entities (hospitals, payers...) and their business associates (companies performing services on their behalf). In short, anything that can identify you as a patient is considered ephi. It must be stored on a HIPAA compliant server. To make this compatible with a decentralized technology, ePHI such as name & identity must be stored off-chain, with medical data on the blockchain, to allow patient ownership in sharing or in case of compensation.
In France, where we are also beginning to gain traction, regulations that apply are a combination of EU GDPR regulations defining what health data is, and national legislation regarding storage of such data, similar to HIPAA but with slightly different requirements.