[verdverm]

What if a patient loses their encryption key?

How do doctors get access to history?

HIPAA? EMR system integration?

blockchain is toxic, most people do not want to deal with the hassle of lose your keys, lose your money (data here)

[SERSI-S]

When a patient loses their private key, it’s a very serious mistake, but I’ve thought this through carefully, and yes, your key is split into three or more parts using SSS (Shamir’s Secret Sharing) or another key-sharing method one for your mother, one for your father, and one for your sibling with each family member keeping one part. So, if you lose your key, you can recover it using the parts kept by your family members.

Regarding blockchain, this isn’t actually mandatory, but I believe blockchain plays a crucial role in the hashing process. When you receive your IFPS ID, you must save it and record it this feels very slow. In my opinion, using blockchain makes sense if you can incorporate RSA key exchange into your data so that your medical history data is encrypted and distributed via IFPS, and it is this IFPS ID that is sent to the blockchain; the advantage of blockchain is its immutable and unalterable nature.

[phillipseamore]

FFS this all falls apart in an emergent situation. Tattoo the PKS on your ass (or whatever part you wouldn't normally leave exposed in public).

[SERSI-S]

That’s a good point; I hadn’t thought of it that far. Maybe I’ll think more deeply about what it’s like when family members are far away and the key-sharing feature doesn’t work.

At first I thought about a biometric SDK, but in a more severe situation like if a finger were severed—it might be even more of a challenge.

[SERSI-S]

Doctors must scan or request the patient’s sharing key (RSA) after the patient has given consent and verify that the treating doctor is indeed a licensed professional. This ensures that sensitive data can only be accessed after the patient approves the doctor’s request.

Regarding HIPAA, I haven’t considered it yet, but you can take your EMR with you anytime, anywhere, as it is protected by three keys: one for your IFPS, one for your personal data, and one for your medical data. An attacker would have no choice but to guess the key for each encryption two RSA and one AES. When you go to London for treatment, you only need to use your RSA key—that is, share that key with the doctor and then approve the doctor’s access to your medical history. No administrative procedures are needed; for example, if you’re treated in London, you don’t have to pay anything the hospital asks for just to access your data. That doesn’t sound logical, does it?