APIs include  Data Integrity, GDPR-Compliant Patient Consent, Provenance, FHIR Interoperability and Secure Transport, Patient Identity Mapping, Directory Services and Multi-Party Computation
 Deployments include: Estonian E-Health Foundation, China’s PuTian Hospital Group, UK NHS, Roche and 10 of the world's largest Life Science companies
Applications include: Immunity Passport, Virtualized Clinical Trials, Medication Adherence, Real World Data Evidence based indication and combination pricing, Clinician to Clinician Interoperability, Lab to Patient Data Transfer Automation and Assured Medical AI

Guardtime today announces its HSX API platform for building secure distributed health applications. The platform is built on top of Guardtime's EU-eIDAS certified Trust Service, providing a single source of truth for data and enabling application developers to rapidly integrate features into existing and new health solutions.

COVID-19 has laid bare the urgent need to connect and enable secure and compliant data sharing between citizens, patients, clinicians, life science companies, lab providers and regulators. Guardtime HSX enables this to happen rapidly for developers who can use the APIs to integrate compliance, immutable audit, interoperability, security and multi-party computation. 

Guardtime is working closely with governments and strategic partners to deploy its own solutions on top of the HSX APIs to address COVID-19 related challenges. These include privacy preserving contact-tracing, immunity passports, early warning alerts of medicine shortages and the auditable processing of highly sensitive health and location data.

 In the following sections we list some examples of the APIs available as well as example applications. 

Access APIs here 
Read the Whitepaper here

Data Integrity

The HSX APIs generate evidence of data integrity, provenance and GDPR-compliant patient consent that is auditable, immutable and legally sound, backed up by the world’s first EU-eIDAS compliant blockchain-based trust service. For any health application where there is a need to provide evidence of data integrity – for patient records, lab results, medical supply chain, a developer can provide proof of integrity that does not rely on a trusted authority with a few lines of code, enabling data to be transported and verified across organizational boundaries with a common trust anchor.


The consent API enables developers to implement consent in their applications without needing to understand how consent maps to GDPR regulations. At its most basic the API provides a predefined set of consent types; associated consent reasons and how long consent is being granted so developers just need to choose or match these to their customer requirements and then integrate the API into their application. If more complex consent is required the API is fully configurable, allowing consent chains to be built quickly just by choosing how many consent types should be bound to an individual.

Secure Transport

This API enables developers to take data from one FHIR supported database, encrypt, digitally sign and transport that data across the network to specified location (through directory services) where the data is decrypted, verified and presented to the recipient, all with an immutable audit trail of what happened when.

Patient Identity Mapping

Network wide as well as local identity reconciliation with GDPR compliance built in. Policies define who should see and be able to look up identifiers. Allows a network to have one identifier to reference an individual.


Network directory of organizations with built in KYC checks to form a network of connected and trusted HSX nodes.

Four Example Applications from Around the Globe

Medication Adherence (Instant Access Medical, UK NHS)

This application developed by Instant Access Medical and deployed by the UK NHS enables patient medication adherence via the continuous monitoring and verification of patients to a specific, personalized treatment plan or Personal Care Pathway (PCP). PCPs are critical to maintaining adherence and positive health outcomes for patients, especially those managing long term health conditions. The cost of non-adherence to the NHS, for just diabetes patients alone consumes 80% of the budget allocated to treating that condition. The IAM platform uses the GDPR Consent API to validate permission from a patient to share their NHS data, to prove GDPR compliance to any of the 3 major UK NHS GP systems that hold this data as part of the handshake before requesting / retrieving a patient record. Patient records are signed by the KSI Trust service prior to being pushed to the smartphone application and are cryptographically bound with the consent directive the patient gave. As data is retrieved, the solution builds a National Institute for Health and Care Excellence (NICE) based personal care pathway specific to that patients’ condition, showing the treatments and checks needed for patients to maintain adherence to their plan. 
For further reading see here

Indication and Combination Pricing (10 Life Science Companies)

The pharmaceutical industry and healthcare payers have long been looking to agree pricing based on the value treatments bring to the individual patient and society at large, with pricing reflecting different uses (indication pricing) and use in combination with other medicines (combination pricing). Guardtime’s HSX platform addresses these problems, combining secure multi-party computation (MPC) techniques (where no external actor can see any data used to arrive at an outcome) with KSI Blockchain for data integrity and time guarantees, with sequencing proof back to underlying data for later audit (i.e. provable answers to questions with privacy). 
For further reading see here

Patient Assured Data (PuTian Hospital Group)

Patient Assured Data means ensuring the integrity of the medical records a doctor will use to make treatment decisions. It provides the trust, transparency and integrity for a hospital information system which allows hospitals to collaborate with third parties directly, without burdening doctors or administrators with additional manual processes. It provides an automated, immutable, registration of all critical medical data across all key hospital information systems at source, covering examination results, patient medical files and diagnostic platforms with guaranteed cryptographic proof of its provenance, human or machine giving doctors absolute confidence in the provenance and veracity of patient data which any third party can independently prove with the KSI Trust Service. 
For further reading see here

Assured Medical AI (Estonian and Hungarian Governments)

Assured AI provides different institutions a method to offer reliability testing of artificial intelligence algorithms before they are used in medicine. In particular, security and transparency ensuring that all incoming data is reliable and unbiased, outputs are controlled to ensure the protection of personal health data, and that data is processed end-to-end only for the agreed purposes. The  integrity API ensures that for any training run the required checks are performed prior to feeding the data to the algorithm and guarantees the integrity of the results, tied to the provenance chain and KSI trust service. When submitting the results of any algorithm a full provenance and data integrity check is provided to an ethics dashboard so any research can be independently verified. 
For further reading see here