Medical data sharing has always been a longstanding challenge. Hospitals operate independently, patients cannot access their original data, and insurance companies secretly adjust their books—these issues have persisted for many years. The current solutions are either fully centralized control or complete transparency, but both extremes are unreliable.

We tried a different approach: building a patient sovereignty-based medical record system on distributed storage. All X-rays and MRI scans are encrypted on the client side before uploading, effectively closing the door to unauthorized access from the source.

The core innovation lies in permission design. We map each medical document to an NFT asset, embedding very granular access logic within a smart contract—patients can specify, for example: "Allow Dr. Zhang to view the 2025 blood report, valid for only 72 hours." Once the time expires or the patient actively revokes access, even if the doctor has the file link, it’s useless because the key has already expired and cannot decrypt the content.

The beauty of this approach is that it completely separates data ownership from temporary access rights, satisfying strict privacy regulations like HIPAA while being fully decentralized—no middleman can bypass the patient's authorization rules.

From another perspective, this also changes the trust model for medical data circulation. Previously, patients had to rely on hospitals or platforms; now, the data is in their hands, and the amount of access granted is entirely up to them. Revoking access is just a matter of issuing a command.