Request a Call


  • Hidden

Business Overview

Business Overview

Our client is a global company that provides the healthcare sector with multiple technology-powered software solutions. These solutions are designed to help medical organizations by responding to arising market challenges and improving their processes, such as optimizing costs, reducing risks, and supporting compliance standards.

One of these challenges emerged with the appearance of ‘CMS Interoperability & Patient Access Rules’ requiring the processing of patient information—including its sharing with third parties—only with the patient’s consent. Striving to help medical companies meet new data processing standards, our client decided to create a special API-based SaaS solution.

Despite having their own in-house resources, they felt the need for additional professional assistance and therefore turned to our NIX team as proven experts in medical software development.

business overview_600h405

Project Scope

NIX’s task was to create a special API service, available to healthcare companies on a subscription basis, so that they could use it to integrate a custom solution into their digital ecosystems and thus ensure protected and regulated patient data exchange and management.


The solution had to comply with HIPAA standards, which meant increased security requirements, including storing protected health information (PHI).


We discussed our roadmap with the client and formed a development plan. Within this plan, the NIX team created a Rest API service powered by blockchain, which allowed storing information in an unchanged and undeletable form. 

Medical institutions can integrate this service with their IT systems to manage and track user consent requests and securely share data with third parties under the latest privacy regulations.



We built a blockchain network using a managed IBM blockchain platform based on Hyperledger Fabric: a framework for distributed ledger solutions that has a modular architecture and provides a high level of privacy, resilience, and flexibility. Our team also used Kafka, a distributed software message broker chosen for its high performance and good scalability.

The selected tech stack allowed us to deliver an easy-to-integrate and efficient-to-use solution.


User Flow

After subscribing, the user—a medical company—gets access to the Rest API service with all the explanatory documentation and can add functionality for processing patient data to their website or application.

How does it work?

A hospital employee enters information about the patient’s consent to data processing into the system and thereby sends a corresponding HTTPS request to the REST API. This consent request is recorded and stored in the blockchain in an immutable form for as long as the network exists.
Also, the user can find out the consent status of a particular patient by sending the appropriate request, as well as view the consent history if needed. Thus, Patient Access Rules are fully respected.


Data Security & Immutability

The medical company receives its private blockchain network accessible exclusively to its employees. This network is highly protected and considers data valid only if it matches each other for most blockchain nodes, which makes attempts to manipulate some of them useless for potential cyber-attacks.

We use two databases to enhance information security:

  • The blockchain network itself serves as the first database and stores anonymously labeled data regarding patient consent statuses
  • IBM Cloudant works as the second database. Complying with HIPAA standards, it contains decrypted PHI records

System Components

  • API Gateway processes all incoming consent requests and sends them to the queue
  • The de-identifier encrypts PHI records when writing a request to the blockchain and decodes them when extracting data from there
  • Consent Manager contains the business logic of the service and runs on Go, the most suitable language for the IBM Blockchain Platform and Hyperledger Fabric

Main Benefits

  • 01

    The ability to dynamically create and manage consent & data sharing requests

  • 02

    An immutable audit trail of consent & data access history for managers

  • 03

    Single source of truth for consent & data sharing statuses within the organization

  • 04

    Full solution compliance with complex regulatory requirements and HIPAA standards

  • 05

    Support for IBM Cloud to ensure the service is always available and secure

  • 06

    Multitenancy support with the ability to share one common cloud solution for several medical organizations




Our cooperation resulted in creating a HIPAA-compliant, blockchain-powered REST API service for managing user data in the healthcare area. The client provides it to medical companies as a SaaS solution, along with initial integration to simplify the onboarding process.

Thus, in addition to expanding the list of software solutions provided, the client covers the healthcare market’s need for secure and regulatory-compliant patient data processing.


8 experts (Tech Lead, 3 JS Developers, Go Developer, QA, DevOps, PM/BA)

Tech Stack:

JavaScript, IBM Cloud, Kafka, GO, IBM Cloudant, IBM Blockchain Platform


Related Success Stories

View all success stories

FITHOOD: Mobile App for a Seamless Fitness Experience

Wellness & Sport

Success Story FITHOOD: Mobile App for a Seamless Fitness Experience image

Enterra: E-commerce Solution for the Agriculture Market


Retail & eCommerce

Success Story Enterra: E-commerce Solution for the Agriculture Market image

Next-Gen eLearning Platform for Medical Schools



Success Story Next-Gen eLearning Platform for Medical Schools image

Fotoware: Mobile App For Digital Asset Management

Internet Services and Computer Software

Success Story Fotoware: Mobile App For Digital Asset Management  image

Contact Us

Accessibility Adjustments
Adjust Background Colors
Adjust Text Colors