◆ For healthcare

HIPAA-grade records
on a real chain.

Patient-owned, encrypted, fully auditable. Khromosome anchors record hashes on chain; the file bytes are AES-GCM encrypted in the patient's browser before they ever reach our servers. Your compliance team can attest the chain of custody from origination to disclosure without ever seeing a single byte of PHI.

01

The compliance posture.
What's verifiable about Khromosome that lawyers actually care about.

PHI at rest

Server never sees plaintext

Files are encrypted in the patient's browser with AES-256-GCM. The master encryption key is derived from a wallet signature — it lives only in the browser tab, never transmitted, never persisted server-side. The vault API serves presigned URLs to ciphertext only. A subpoena of the server returns useless bytes.

Audit trail

Tamper-evident, append-only

Every record creation, amendment, disclosure, and access event is anchored to the chain via the AuditLog primitive. Merkle-chained entries — you can prove an audit log hasn't been retroactively edited (cryptographic, not just policy). Regulators can verify the chain of custody without our cooperation.

Consent gating

Patient grants and revokes

Every scope a patient shares with a clinician or AI agent is a signed on-chain token — expirable, revocable, visible to the patient forever. Nothing flows downstream without a signature. No data broker sits between the patient and the entities they trust.

02

The clinical workflow.
From "new patient" to "disclosure for litigation" — six steps, all signed.

01

Patient creates an identity

Email signup at app.khromosome.network, then connect a wallet (Trezor, Ledger, or MetaMask). The wallet IS the identity — one signing key, every record, for life. Switch clinics or move countries: the namespace follows them.

02

Clinic is registered as a Producer

Your clinic obtains a Producer entry in the on-chain OperatorRegistry — KYC'd, jurisdiction-tagged, with the BAA hash anchored. Your signing key is generated in an HSM you control. Records the clinic writes are signed by this key + countersigned by the patient.

03

Patient grants the clinic a write scope

Signed on-chain consent: "Clinic X may write records of type Y on my behalf, for duration Z." Revocable any time. Every grant + revocation is in the AuditLog. The clinic literally cannot write a record without this scope.

04

Clinic writes the record

Lab result, visit note, imaging study — encrypted client-side, file uploaded to the patient's Vault, manifest hash anchored to KhromeChain. The clinic's Producer signature + the patient's identity anchor sit on chain forever. The clinic NEVER holds the encryption key.

05

Patient runs (or shares) an AI agent

Records-summary agent · diagnosis-second-opinion · billing-code reconciler. Each one receives a scoped consent token, processes inside the patient's Vault context, returns an attestation. The agent never gets raw data the patient hasn't explicitly scoped.

06

Disclosure for litigation / audit

Patient signs a single time-bounded disclosure token. Auditor receives the manifest hashes from KhromeChain, fetches ciphertext from the Vault, and the patient's key unwraps it for the disclosure window. After the window: re-encrypted with a new key. Every step is in the AuditLog — provable, but unforgeable.

03

What's verifiable today.
Every claim above corresponds to a live, source-verified contract on-chain.

Records anchor

KhromeChain

0x37dd…e951 · Sourcify-verified exact match. The contract that anchors record hashes, enforces signed entries, and emits the audit trail. Read it before you sign anything.

Encrypted vault

KhromeVault

0x9346…C187 · Anchors per-file manifests + storage keys. The bytes themselves live in encrypted MinIO buckets the patient's key can unwrap.

Tamper-evident log

AuditLog

0x8aee…015D · Append-only Merkle-chained log. Any HIPAA-relevant event your application emits — creation, access, disclosure — can be anchored here and re-verified by any auditor.

Operator KYC

OperatorRegistry

0x0609…8182 · The list of who runs validators and producer signing keys — KYC'd, jurisdiction-tagged. Live page.

Formal proofs

Halmos: 15/15 invariants proven

Every bridge invariant — no-replay, only-relayer, conservation, pause — formally verified by Halmos SMT solver. Bridges are the #1 hacked surface in crypto; ours are math, not faith. Read the report.

SOC 2

In progress (Vanta)

SOC 2 Type II observation window starts on signup with Vanta; expected report by Q4 2026. HIPAA Compliance Officer designation by Q3. BAAs available for pilot deployments today (DunnMed LLC entity, FL-incorporated).

04

Run a 90-day pilot.
If you have records that need a tamper-evident trail, this is the next call.

For clinical research orgs, self-insured employers, regional health systems

$25k · 90 days · production-ready.

We onboard your team, stand up a dedicated Vault tenant in your jurisdiction, register your clinical sites as Producers in the OperatorRegistry, and integrate with your existing EHR via FHIR. Your compliance officer gets a real document trail for SOC 2 / HIPAA / 21 CFR Part 11.

  • Dedicated Vault tenant — your buckets, your KMS keys, your jurisdiction
  • Producer onboarding for up to 5 clinical sites (BAA included)
  • White-glove integration: FHIR import, custom audit log categories, encrypted backup
  • Your team trained on KhromeChain primitives + the SDK
  • End-of-pilot: production tier from $5k/month, or you walk away with the data you brought in
Book a pilot call →
Not in healthcare? See: For fintech → For investors → Full pitch →