Let me say something that the healthcare industry does not like to say out loud: a password is one of the weakest possible mechanisms we could have chosen to protect the most sensitive data that exists about a human being. Your medical history — your diagnoses, your prescriptions, your mental health records, your genetic predispositions — sits behind the same authentication model used to protect someone's streaming queue. That should alarm all of us.
I have spent the better part of this semester researching blockchain architectures for telemedicine systems, and what I found did not just convince me that we can do better. It convinced me that our current model is not a gap waiting to be filled — it is a structural failure waiting to be exploited. In many cases, it already has been. That research culminated in a formal proposal — Blockchain for Secure Patient Health Records in Telemedicine — in which I designed a hybrid architecture specifically to address these failures. What follows is the argument behind it.
The Actual Problem: Centralisation
To understand why health data security is broken, you need to understand the architecture that underpins it. Most patient records today live in large, centralised databases — electronic health record systems controlled by hospital networks, insurance companies, and government health bodies. These systems are connected to one another through a patchwork of APIs, data-sharing agreements, and legacy integrations that were never designed with security as a first principle.
The result is what security researchers call a honeypot problem. When you store millions of patient records in one place, you do not just create a repository — you create a target. Healthcare organisations have become the most frequently breached sector in cybersecurity, surpassing finance and government year after year. The reason is straightforward: a single successful attack against a hospital system can yield millions of complete patient profiles. Those profiles sell for many times more on the dark web than financial credentials, because unlike a credit card number, you cannot reset your medical history.
"We have built cathedrals of sensitive data and then locked the front door with a padlock. Cryptography offers us something better — a vault where there is no single door to break down."
What Cryptography Actually Offers
Here is where I want to push back on a common misconception: cryptography in this context is not just about encryption in transit. That ship has sailed — HTTPS and TLS are baseline, not solutions. The more transformative application is using cryptographic primitives to fundamentally rethink who holds data, who can access it, and under what conditions.
Zero-knowledge proofs are one of the most underappreciated tools in this space, and one I included in my proposal as an optional privacy layer on top of the core architecture. In a healthcare context, a zero-knowledge proof would allow a patient to prove a fact about their medical record — say, that they have been vaccinated, or that their blood type is O-negative — without revealing the underlying record itself. The verifier learns only what they need to know. Nothing more. That is not a hypothetical — it is a mathematically provable guarantee, and it upends the assumption that sharing information requires surrendering it.
Public-key cryptography reframes the problem of data ownership in an even more fundamental way. Instead of a hospital holding your records and granting you access, you hold a private key. Your records are encrypted against your key. Providers are granted temporary, auditable, revocable access — not permanent custody. The patient becomes the principal, not the passive subject of someone else's database. That is an enormous philosophical and practical shift.
Four cryptographic layers from my proposed architecture:
01 — Zero-knowledge proofs: prove facts about your health without revealing the record
02 — Public-key encryption: patients hold keys; providers hold only what they are granted
03 — Decentralised identifiers (DIDs): patient identity that exists independent of any institution
Where Blockchain Fits In — And Where It Does Not
I want to be careful here, because the word blockchain has been so thoroughly abused by hype that it has become almost meaningless in public discourse. Blockchain is not magic. It is also not a database. It is a specific tool with specific properties — and in the context of health data, some of those properties are genuinely valuable.
The relevant property is auditability without central authority. A blockchain-based health record system does not need to store the full content of patient records on-chain — doing so would be both impractical and inadvisable. What it can store is a tamper-evident log of who accessed what, when, and with whose authorisation. Every time a clinician pulls your record, every time a hospital transfers your data to an insurer, every time a research institution queries your anonymised profile — that event is recorded on an immutable ledger that you can inspect. That is not a feature that any centralised system can credibly offer you today.
In my proposal, I designed exactly this kind of hybrid system. Patient records are encrypted client-side with AES-256 and stored off-chain — in IPFS or a secure cloud environment — while the blockchain holds only cryptographic hash pointers and consent metadata. Nothing identifying lives on-chain. Smart contracts handle the full access lifecycle: a clinician submits a request, the contract evaluates the consent policy, logs the event immutably, and triggers a secure key exchange only if access is approved. Revocation is equally first-class — when a patient withdraws consent, the access key is destroyed and the event is recorded permanently. That kind of auditable, patient-controlled consent trail is something no centralised EHR can credibly offer. And on permissioned chains like Hyperledger Fabric or Quorum, the latency and throughput concerns that plagued early blockchain health experiments are tractable engineering problems, not fundamental ones.
HIPAA Is Not Enough
I am going to say something that will make some people in health policy uncomfortable: HIPAA is a compliance framework, not a security standard. It tells organisations what they must do administratively. It does not tell them how to build systems that are structurally resistant to breach. You can be fully HIPAA-compliant and still be running a centralised, under-encrypted, inadequately segmented EHR system that a competent attacker can walk through.
Policy-based privacy protections depend entirely on the good behaviour of institutions. Cryptographic privacy protections do not. If your data is encrypted with your key and only your key, no policy failure, no insider threat, no negligent administrator can expose it — because the institution does not have the plaintext to lose. That is the difference between trusting a promise and trusting a mathematical proof. I know which one I would choose for my own health records.
The Harder Question: Who Is It Actually For?
The most honest challenge I have had to wrestle with is this: cryptographically sovereign health data is an excellent solution for people who understand cryptography. It is a significant usability barrier for everyone else. A patient who loses their private key does not just lose access to their streaming account — they potentially lose access to their entire medical history. The stakes of key management in a healthcare context are much higher than in any other domain where self-custody is being advocated.
This is not a reason to abandon the architecture. It is a reason to invest heavily in the abstraction layer on top of it. In my proposal, I specifically include a patient identity wallet paired with practical social recovery and custodial escrow mechanisms — precisely because I recognise that the strength of any cryptographic system in a healthcare context is only as durable as its least technical user. Key recovery is not an afterthought. It is a core design requirement. The engineering challenge is real. But it is a user experience problem, not a fundamental one.
What is not acceptable is treating that design challenge as a reason to stay with the status quo — a model where patients have no meaningful visibility into who holds their data, no ability to audit its use, and no recourse beyond hoping that the institution responsible for their records hired a decent security team. We can do better. Cryptography gives us the tools to do better. The question is whether the healthcare industry has the will to use them.
I think it will — not out of idealism, but out of inevitability. The cost of breaches is rising. Regulatory pressure is increasing. And patients, slowly but surely, are beginning to ask the right questions. When they do, the answer had better be more convincing than a password policy and a compliance certificate.