At our annual hackathon, we put together a proof of concept (PoC) in 36 hours to tackle the challenges of EHR. The project was called 'A State of You'.

This article explores Cyber-Duck's landscape analysis of Electronic Health Records (EHR) and our attempt at creating tangible interfaces and use cases within the context of a hackathon we ran.

The team introduces 'The State of You'.

As part of this hack, we developed a blockchain prototype and defined its suitability as a platform. Over two days, we immersed ourselves in articles, literature and inspiration from Silicon Valley to India, Estonia and the UK. Whilst we were empowered by existing knowledge, we very much took Albert Einstein’s view that imagination is more powerful than knowledge when trying to tackle a colossal challenge like this.

Introducing electronic health records (EHR)

The quest for creating universally accepted EHR is a global problem. Many governments and organisations are trying to standardise and create a standard for EHRs that work across trusts, cities and even countries.

In 2005, during George Bush’s presidency the Republicans empowered the National Health Information Technology Coordinator to create a state-wide EHR infrastructure. They stumbled with data ownership, security, accessibility, portability, compatibility and integration as well as funding.

Meanwhile in the UK, the last Labour government spent £10bn of taxpayers’ money on a health record programme that is widely regarded as the biggest IT disaster of all time. The Tories then pledged that the NHS would go paperless by 2018. Sadly, the government missed the target.

Introducing our vision for 'The State of You'.

But Matt Hancock, the Minister of Health, then came in with a new programme in 2018. He pledged a technology revolution for the NHS, including collaboration with start-ups and new funding for technology to the tune of £500m. Things look promising in the UK. Some hospitals like the Cambridge University Hospitals' NHS Foundation Trust have implemented electronic patient records within their ‘silos’. But there is a very tall ladder to climb to make the initiative ‘connected’ nationally.

Picture2Introduced in 1972, electronic health records (EHRs) are supposed to give doctors a fast, reliable and secure access to patient medical histories, prescription records and past test results.

Other economies have taken further steps to digitise their health records. In India, tech-savvy entrepreneurs and the government have worked together to ensure citizens have a personal Biometric Card. With over 1.2bn people registered using iris scan and fingerprint biometrics, each citizen has not only their medical ID but their driving licence and other important documents stored on a universal ID card. On one hand, the system allows millions of ordinary Indians to access health services. On the other hand, there is an outcry that the system is failing users and it is being defrauded regularly. Biometric data that is stored centrally by governments and without the right security can be easily hacked.

A shining beacon of an electronic society

One government that has progressed much further is Estonia. This tiny country has benefited from a coordinated governmental effort to establish a truly digital society through its system X-Road.

X road estoniaX-Road from Estonia provides a promising look at the future.

Now, everything from health, voting, banking and policing is under pinned by X-Road. People can vote from their laptops. Meanwhile, there are supposedly no doctors' forms to fill-in and data is not centrally held. Additionally, each medical practice holds data locally on secure services (to avoid Experian-like hacks), with data moving through encrypted pathways.

User access to Estonia’s digital system is secured with both a pin and signature login through a physical biometric card. Finland has also begun to use X-Road, with prescription data being linked between nations. X-Road also has ‘walled gardens’ meaning that health data is separated from financial records. Doctors can specify access levels to other medical practitioners.

A tenant of the system is that an in individual owns all their data recorded on it. As part of X-Road, Estonian paramedics can even use an e-ambulance app to access a patient’s latest ECG cardiology report as soon as they’re called to an emergency scene. Each time a practitioner accesses a patient’s data, they are tagged for auditing and follow-up purposes to find out why they needed to access the patient’s records. The system even scans for drug clashes and raises red flags.

The challenges for larger nations

As we have seen, E-Estonia’s system X-Road extends beyond EHR. It also encompasses:

  • Identity verification
  • Birth records
  • Tax
  • Education
  • Voting
  • And much more

Unfortunately, I don’t think this model can be emulated in a large bureaucracy like the UK. We don’t have national ID cards and couldn’t agree on how to standardise a universal citizen ID, killing off the idea before it began in 2010.

On this note, it took four consecutive governments 12 years to agree on whether we need one extra runway at Heathrow... so making a disruptive decision about EHR will probably take decades at a national level.

Heathrow new runaway

It has taken four governments and 12 years to agree whether to greenlight an extra runway at Heathrow. How can governments solve an even greater problem like electronic health records?

The issue of building effective EHR is compounded by the lack of standardised ID or biometric cards. Large governments have failed to implement EHR projects in the Western world.

Do innovative Silicon Valley companies have the answer?

Is Google’s DeepMind AI subsidiary better placed to solve the EHR bane for governments (and on behalf of citizens)?

Working with The Royal Free Hospital in London, DeepMind’s 'Verifiable Data Audit' plans to build a digital ledger that records every interaction with patient data in a cryptographically verifiable manner. This means that any edit or access of the patient data would be viewable.

Demis deep mindDoes the answer in EHR lie in AI? Photo of Demis Hassabis from DeepMind. Photograph from The Verge.

DeepMind’s technology is loosely based on blockchain. But its main difference is that it isn’t decentralised. DeepMind’s view is that EHR data should be federated between groups of healthcare providers and data processors, which makes decentralisation an unnecessary component of the system.

Medical negligenceTragically, we think that bad systems will contribute towards undeliberate medical negligence and getting systems right, is a matter of life or death in some instances.

One of the main criticisms of this system was the differentiation between using the data for the actual care versus research. This arguably points back to data ownership and large organisations driving data ownership. As much as this technology sounds impressive, Google’s track record on data privacy puts a question mark on whether it is suitable to be the main driver of this initiative. 

The cost of not solving the problem

We discussed how different organisations and nations are approaching EHR. But it’s worth noting the cost of not providing medical professionals with a streamlined, standardised and efficient digital solution.


We targeted UK medical practitioners on Twitter during the hackathon and received feedback that the vast majority feel that medical records are not synchronised effectively. 

Studies have shown that 250,000 people die in America every year due to medical errors by practitioners. Another report puts this number at 440,000. The numbers are alarming, and these reports suggest that medical negligence is the third highest cause of death in the USA.

Exploring the state of EHR in the NHS.

Whilst it’s always easy to blame a system for a tragic death, computer breakdowns and mix-ups with medications or a lack of system analysis can cause fatal errors in patient care. If hand written notes are not understood, recorded properly or visible at the right time, practitioners will struggle to provide care and will waste precious time.

Note: We cannot verify that all respondents in the Twitter poll were qualified medical practitioners.

Talking to practitioners 

Not only do medical professionals struggle to get EHR data from doctors to nurses on shifts, patients and their relatives often have no visible records themselves (besides verbal information). When the patient has no access to their records or visibility on what is wrong with them, they are less informed. Dr David Classen, professor of medicine at the University of Utah, USA said that “Any tools that enable patients to manage their health care needs will be a game changer”. The reason for this is because ‘knowledge is power’.

What our hackathon aimed to solve

Our 36-hour hackathon aimed to deliver a proof of concept (PoC) that deals with EHR data ownership and universal access by health care professionals. We wanted to make sure that they can easily access and share patients’ EHR in both a clinical and research environment.

Privileges, access to data in emergencies, privacy and security were paramount within our PoC. Another primary goal was to explore data standards/semantics to transfer data from one practitioner or surgery to another. We also wanted to explore the interoperability of the data between service providers.

Ultimately, we wanted to develop a technical PoC and accompanying interfaces to prove that our hypothesis worked from a user, usability and technical perspective.

Exploring the EHR landscape analysis. 

Our mission statement for the project was that we wanted to “develop a way for health practitioners to manage and synchronise EHR whilst giving people visibility, ownership and control of their health data, including access delegation”.

Landscape analysis

Before really delving in to the personas, we wanted to analyse the landscape and try as much as possible to find competing products. The founder of Alibaba Jack Ma, famously said: "forget about your competitors, just focus on your customers". Paradoxically, he also said that you should learn from your competitor but never copy. If you copy, you die! At Cyber-Duck we always pride ourselves on being as original as possible.

We looked at the landscape and explored three very different competitors:

Exploring the standards for the EHR.


A platform that empowers people to take charge of their own health underpinned by blockchain. It includes tracking medical bills and insurance information. Whilst we liked the concept of the app from how it was described, it seemed to be a lot more about lifestyle tracking than emergency care access, after viewing the screenshots and reading into the detail.

Whilst they are HIPAA compliant, we did not understand what standards they use for EHR and how it would connect to national healthcare providers. It did say that this is in their pipeline which looks positive. 

Coral Health

Coral Health is another application (also HIPAA compliant) that we found that is underpinned by blockchain to make personalised medicine. It aims to create a platform where patients could securely and easily share their health records with health care professionals for personalised medical care.

After reviewing screenshots of the app on their website, our understanding was that the product is USA-focused. We did not understand how, for example, an ambulance driver would access a patient in an emergency or how family members would give their relatives access to their records. 


Medicalchain is another startup that profess to use blockchain technology to store health records. Different organisations and healthcare professionals can request permission to access a patient’s record to ‘serve their purpose’.

We liked their proposition and focus on Telemedicine and how users can manage appointments to see practitioners. What we could not find is what standard the system would use for international interoperability and how users would be able to move their health data from one country to another. Similar to the previous players, we could not find use cases of how medical professionals would access patients EHR in the event of an emergency for example.

Note: The above is not meant to be a critique of the businesses but merely framing their proposition against our one in the hackathon. 

Standards of interoperability

Whilst we looked at the landscape and the standards of storing medical data in the UK and USA, one thing struck us as being absent: standards of interoperability.

Luckily, we stumbled across the Standard Health Record (SHRC), an open-source, health data interoperability effort driven by the MITRE Corporation, an American not-for-profit organisation based in Bedford, Massachusetts. The focus for this project is on both patients and practitioners. Each entity or asset – whether a patient, practitioner, medicine, procedure or condition – possesses a semantical standard.

We were impressed with the breadth and logical meta data. What impressed us further was that all the nodes and data were available as a download on Github. Moreover, we saw that the project is sponsored by the Department of Health and Human Services (HHS) and was recognised in one of the NHS Digital white papers.

Persona research

From the very outset, we identified numerous personas. Because we found that the landscape was very B2B focused, we wanted to focus mainly on the user.

Diving into the personas we made for the EHR.

To do that, we ran field research with healthcare professionals through face-to-face conversations with doctors, Twitter surveys and a more in-depth survey. We also ran guerrilla interviews with staff who acted as ‘end users’ to talk about their experience both in the NHS and in other countries.

What was apparent when speaking to one of the end users is that their experience in the NHS was chaotic from an EHR perspective. Every time they visited hospitals or clinics, all the notes were hand-written and other practitioners struggled to understand or read the previous health professionals' handwriting. Referral letters from a health care practitioner to another normally took weeks to arrive from one department to another. These persona frustrations and motivations helped to shape our hypothesis. 

Interface design

Fuelled by the persona research, user interviews and our landscape analysis, we started sketching the rudimentary user interfaces for our EHR platform. We backed our designs with a strong rationale of what key tasks practitioners and users need to perform. Our UX research led to the following key interfaces:

  • Medical events - We want A State of You to let users view all of their medical events regardless of which country, hospital, practice or doctor recorded the event. Due to that, we created a Medical Event screen. Each event would have its own screen detailing what procedure or analysis was performed on the user.
  • Appointments On the interface, we also decided that it is important to let users request new appointments, requests follow-ups, renew prescriptions and see a timeline of their medical history.
  • Messaging / notifications – Due the features we were building such as events and appointments, we added messaging functionality between patients and practitioners, although we did not focus on this for the PoC.
  • Who accessed my data – Another tenant of this interface is giving users the transparency of seeing “who accessed their data and when” on this screen.
  • My ‘conditions’ A central feature of the user interface is a ‘my conditions’ part which allows users to see any conditions or diseases that they have, including the history of prognosis, any medication or procedures performed, links to any referrals, and links to events that relate to the condition.
  • Relative management Under the user profile, we also developed interface elements like a ‘power of attorney’ function (so users can appoint a trusted person to manage their interface), manage children feature and emergency point of contact information.

Due to the sensitive nature of healthcare, we would imagine that A State of You should be synchronised with some sort of citizen verification API to ensure it is not misused. In the UK for example, it could be synchronised with a Government Gateway ID; in the USA, with Social Security numbers.

State of youThe interface design for the dashboard we came up with as part of electronic health record (EHR) solution.

Finally, the interface includes notifications and email/SMS functions to push any use of patient data to the user through email and SMS. Using services like Twillio, push notifications could even work with WhatsApp.

About blockchain

From the very outset of the hackathon we knew that we wanted to use blockchain. Read our previous article for a short introduction to the technology; we've produced BlockAid, which was nominated for a Best Use of Emerging Technology Wirehive 100 Award.

We wanted “State of You” to focus on you, the user. We wanted to give the user ownership and control of your data in any country, anywhere in the world.

According to Wikipedia, the definition of blockchain is “…a growing list of records, called blocks, which are linked using cryptography. Each block contains a cryptographic hash of the previous block a timestamp, and transaction data (generally represented as a merkle tree root hash).” Simplifying that, if we were to write 5 words to explain what blockchain is at its simplest functional level, we would say that blockchain is: “A way to store records”.

how does blockchain work

A graphic from G2 Crowd that explains how Blockchain works.

The theory with blockchain is that it is distributed, immutable and that data is not owned by any corporation or saved in a centralised database, like of a health ministry for instance.

Blockchain uses a very clever method called hashing to ensure that all data (one medical note or an entire essay on a patient) can fit into 256 characters. Following this, blockchain uses private keys to encrypt or safeguard the data. Public keys are then used to decrypt (or unlock) the data. In theory, this would allow an emergency medical professional like a paramedic to unlock and view the EHR of a patient.

Once a record is created (in our case an electronic health record), it then joins a ‘chain’ to include the previous hash of the prior record within the new hash. Hence the ‘chain’ within blockchain! Of course, more advanced use cases would emerge such as introducing smart contracts between a patient and a private healthcare provider. We did not focus on these for our PoC though.

Showing the demo of our EHR solution.

Note: While we agree that the data should not be owned by a government (but a user) we felt that it is pertinent to have committees (or a trust) in each country at government and practitioner level to oversee the integrity of the data; deal with issues and private key matters; audit medical professional usage of patient records; and ensure interoperability.

Our solution (UX and Tech)

We chose BigchainDB because of its API-driven connectivity and the fact that we could code the application on Node.js (see below). For development and prototyping, we can use instantly the BigchainDB online test network including storing and retrieving data via their API. A Node.js module allowed us to easily make that connection from our app. Later on, it's possible to deploy and run your own BigchainDB node.

The first thing to understand about BigchainDB is how they structure data. Traditional SQL databases structure data in tables. NoSQL databases use other formats to structure data such as JSON and key-values, as well as tables. BigchainDB structures data as assets. Anything can be represented as an asset. An asset can characterise any physical or digital object that you can think of like a car, a data set or an intellectual property right. 

When developing with BigchainDB, you don’t focus on processes but on assets (e.g. a client order can be an asset that is then tracked across its entire lifecycle). This switch in perspective from a process-centric towards an asset-centric view influences much of how you build your applications.

We liked how that with BigchainDB we could create our own private network with custom assets, permissions and transparency. We also appreciated BlockDB’s rich permissions management concept to ensure a clear separation of duties and enforce selective access across healthcare professionals. 

For the front-end user experience, we needed to use a powerful front-end framework. We chose Angular 7.0, a cross-platform web development framework. It includes Web Workers and server-side rendering to improve performance and can offer smartphone native-like performance. This was important given that many patients and health practitioners will be using mobile devices to access health data.

To interface between BigchainDB and Angular, we opted to use Node.js to code the main application which is running A State of You. Node.js is an asynchronous event-driven JavaScript runtime engine. Node.js is designed to build scalable network applications so it could totally support our vision for A State of You!


It is clear our vision is ambitious but we must be bold to succeed. We want to work with partners to make this dream come true! 

Vision and roadmap

Our vision is to work with government partners and make electronic health records (EHR) a global reality for billions of people.

We feel that innovative digital agencies like Cyber-Duck that specialise in service design, UX and software development are able to conceive probable solutions from the ground up.

We cannot do it alone and would love to work with partners – whether governments, AI firms or healthcare providers – to make our dream a reality. Is that you? Get in touch today.

potato party photoTeam Potato created the EHR blockchain prototype over a weekend.

Want to learn more about our hackathon? Catch up on the other proof of concepts we developed here: