Health Vault

Landing Page
Patient Dashboard
Patients Can View Their Schedule
Patients can request refills to Doctor
Doctor's View of Their Patients, with the arrows on the right, when clicked, show further info

Inspiration

As a team, we all have noticed disparities in the healthcare system. Doctors have to go through multiple loops to request patient info from different hospitals. For example, one of our team members experienced a 2 week wait and spent 200 dollars to get an x-ray sent from UCI to his primary physician. Every hospital has its own portal and the entire system is completely fragmented. These disparities should absolutely be addressed, and that is the purpose of HealthVault.

What it does

Health Vault is a patient-controlled medical records portal that lets patients own and share their health data on their terms. Patients connect their MetaMask wallet to access a unified dashboard showing lab results, prescriptions, appointments, imaging, and clinical notes. Doctors request access to specific record categories — and patients grant or revoke it at any time. An AI-powered "Understand this record" panel (backed by UCI's ZotGPT/GPT-4o) explains lab results and medications in plain English, without any diagnostic advice. All records are encrypted end-to-end and stored on IPFS, with access control enforced by a Solidity smart contract on Ethereum.

How we built it

Frontend:

React + TypeScript + Vite + Tailwind CSS + shadcn/ui, split into patient and doctor portals

Smart contract:

Solidity 0.8.28 via Hardhat 3, deployed on a local Hardhat node and Sepolia testnet

Storage:

Encrypted blobs on IPFS (local Kubo or Pinata), with on-chain CID pointers per record category

Encryption:

MetaMask personal_sign → HKDF-SHA256 → secp256k1 ECIES keypair; per-category AES-256-GCM data encryption keys (DEKs) wrapped per provider so grants survive record updates

AI:

Azure OpenAI (GPT-4o) proxied through Vite's dev server so the API key never reaches the browser; privacy-first with explicit user trigger

Challenges we ran into:

Key management without a backend:

Deriving a deterministic ECIES keypair from a MetaMask signature — and safely re-wrapping DEKs for each provider grant — required careful crypto design so existing grants don't break on every write

Collections pattern:

Each IPFS slot holds one encrypted JSON array; every "CRUD" operation means fetch → decrypt → mutate → re-encrypt → re-upload → update on-chain CID, which made optimistic UI updates tricky
IPFS + MetaMask in the browser: Coordinating async wallet signing, IPFS uploads, and contract transactions without race conditions or stale cache keys took significant React Query tuning
AI privacy tradeoff: Making sure the AI summarization feature was opt-in and never leaked raw record data without user intent

Accomplishments that we're proud of:

A fully end-to-end encrypted health records system where patients hold their own keys — no backend, no database, no central authority
A clean dual-portal UI (patient + doctor) built under hackathon time pressure that actually feels polished
AI that explains medical jargon without overstepping into diagnosis — scoped system prompts with strict JSON output
Provider access grants that survive record updates because DEKs are reused, not regenerated

What we learned:

ECIES key wrapping and AES-GCM are surprisingly approachable in the browser with the Web Crypto API once the mental model clicks
IPFS is great for immutable blobs but the "update a record" UX requires careful CID pointer management on-chain
Scoping AI to be genuinely helpful without being dangerous requires deliberate prompt design, not just guardrails shadcn/ui + Tailwind let a small team move very fast on UI without sacrificing quality

What's next for Health Vault

Per-patient record slots:

Move doctor-written records (labs, prescriptions, appointments) into per-patient slots with proper access grants, replacing the current hackathon simplification