Summary: There are some great real-world examples showcasing how blockchain is making a real difference in healthcare at the moment. Your training covers a wide array of topics, like keeping national records accurate in Estonia and tracking drugs with the DSCSA. You've even got insights into projects such as MediLedger and collaborations with big names like IBM and Merck. Here are a few more examples: there's the Synaptic Health Alliance, which works to enhance the quality of data between payers and providers. Then there's PharmaLedger, focused on providing global electronic product information. And let's not forget Singapore HealthCerts, which helps create verifiable health certificates. In this post, I'm going to dive into what’s really worked, what’s flopped, and the game plans that leaders should keep in mind for 2026.

Blockchain Development for Healthcare: Real “Blockchain Healthcare” Case Studies (Non-Social Sources)

Healthcare buyers are really starting to lose patience with all the proof-of-concept performances. Below, you'll find some genuine production deployments and pilot projects that have the backing of regulators. We gathered all this info from a mix of government sources, standards organizations, healthcare groups, and several businesses. Also, we’ve added some new strategies that we believe startups and big companies should keep in mind when they’re mapping out their plans for 2026.

---

Case study 1 -- Estonia’s KSI blockchain for national e‑Health: database‑level integrity at country scale

What happened

So, back in 2016, Estonia really made waves by bringing in Guardtime’s KSI blockchain to enhance the eHealth Foundation’s Oracle databases. It was a major move for the country! This initiative was all about setting up a super secure, tamper-proof audit trail for more than a million patient records. Instead of simply throwing personal health info (PHI) onto the blockchain, Estonia got really smart about it. They actually anchored cryptographic proofs, or hashes, right at the data layer. Pretty clever, right? That way, any changes that aren’t approved will be noticed immediately. If you're curious and want to dive deeper into this, check it out here. It's definitely worth a look!

• But KSI didn’t just call it quits there. Eventually, it snagged the title of being the very first blockchain-based trust service to get accredited under the EU eIDAS framework. Pretty cool, right? This was a total game changer! It really laid down some solid legal groundwork for cryptographic proofs all over the EU. That's super useful when it comes to turning auditability into rock-solid evidence. For more info, feel free to click here!

Why It Matters to Builders

• Pattern: You can think of it more like anchoring integrity, not just a place to stash data. It's really important to keep your Protected Health Information (PHI) secure in those reliable EHR or database systems we already trust. Plus, it’s necessary to sign off and document all sorts of states and events along the way.
• Governance: Estonia has really nailed it when it comes to syncing its KSI operations with national cybersecurity standards (ISKE) and the current PKI/eID systems. It's pretty impressive! What this tells us is that blockchain control planes can definitely play nice with government identity systems and IAM (Identity and Access Management). Want to dive deeper into this? You can find more details here.

What to Copy

You can go straight to the database or message-bus level by tapping into CDC or transaction logs. This way, you can maintain a complete and reliable system without needing to overhaul your EHRs completely.

• Make sure to connect those anchors with your incident-response playbook. If you spot any differences between the recalculated hash and the KSI proof, don’t just jot it down--let the ops team know right away!

---

Case study 2 -- U.S. DSCSA: blockchain for interoperable drug traceability at the package level

Regulatory Backdrop You Need to Know in January 2026

Hey there! So, the FDA has decided to give us a little breathing room with the whole DSCSA "enhanced drug distribution security" thing--yeah, that’s the unit-level, electronic, interoperable tracing stuff we’re all trying to keep up with. Originally, we were all gearing up for things to be finalized by November 27, 2024, but now they’ve extended that timeline a bit. They’ve made a few updates and pushed back some important deadlines into 2025, depending on what kind of trading partner you are. Alright, let me break it down for you:

• Manufacturers: So, mark your calendars for May 27, 2025!
• Wholesale Distributors: Just a heads up, the date to remember is August 27, 2025.
• Dispensers with 26 or more full-time employees: November 27, 2025.
• Small Dispensers: Available starting November 27, 2026.

Hey, just a heads-up to plan ahead! If you want more info, definitely swing by the official details on the FDA website. It’s all laid out there!

Two Key Industry Design Pilots

• MediLedger FDA Pilot (2019-2020): So, back between 2019 and 2020, a cool coalition of 25 companies teamed up--think heavy hitters like Pfizer, Genentech, Cardinal, McKesson, Walgreens, and Walmart. Their mission? To dive into a decentralized and confidential way of tracking ownership changes that meets the requirements of the DSCSA. Sounds pretty innovative, right? The final report pointed out that being careful about privacy in our queries, along with on-chain governance, can really help us trace things easily, all while keeping our competitive data spread out instead of crammed into one central location. Feel free to take a look at it here!
• IBM/Merck/KPMG/Walmart FDA Pilot (2019): This project really explored the potential of Hyperledger Fabric. It not only met but actually exceeded the FDA's requirements for tracing and verification interoperability. Pretty impressive, right? The results were included in what the FDA learned from their overall program. If you're looking for more info, you can check it out here. There's a lot of interesting stuff on what Merck, IBM, KPMG, and Walmart are doing together in the world of blockchain to keep our meds safe and sound!

Standards and Community Blueprints You Need to Align With

So, GS1 EPCIS is pretty much the foundation for sharing serialized event data. It's like the framework that makes it all happen! The buzz in the industry is that everyone should at least be getting on board with EPCIS R1. So, we've got 2 for the DSCSA, and then there’s a plan in the works to move over to R1. So, somewhere around late 2026 to 2027, we’re looking at a timeline here. To break it down a bit: you can expect Dispensers popping up in Q3 of 2026, then Wholesalers rolling in by Q4 of 2026, and finally, Manufacturers should come into play in Q1 of 2027.
If your solution isn't able to generate and manage EPCIS in line with these standards, then it just won’t play nice with the rest. Take a look at this: (gs1us.org). You might find it pretty interesting!

The Partnership for DSCSA Governance (PDG) has created some key blueprint documents that lay out the must-have business and functional requirements. These include things like credentialing, TI/TS exchange, verification, and tracing schemas. In 2025, PDG is planning to hold some town hall meetings with the FDA. This is a great way to help folks navigate the transition after the exemption, making things a bit easier for everyone involved. Hey, now's a fantastic opportunity to loop in your architects! Check out all the details here: (dscsagovernance.org).

What We Recommend for DSCSA Builds

You can think of blockchain like a shared “resolver” and a kind of audit system. It's all about decentralization and keeping things transparent. It’s a smart move to have event payloads stored in EPCIS repositories that each partner can easily handle on their own.

• Get your Verifiable Credential-based B2B identity set up for your trusted trading partners right at the API level (make sure to take a look at PDG Ch.). 6). It's really important to have strong cryptographic credentialing and a reliable way to revoke access, especially as you scale up. (dscsagovernance.org). Get ready for a mashup of networks! You’ve got some people leaning towards EPCIS hubs, while others are all about those blockchain-resolver vibes. And then there’s a handful who prefer sticking with VRS for their saleable returns. It’s going to be quite the mix! Don’t forget to create some adapters to take care of these different variations!
• Check for compliance: A bunch of vendors are looking into getting GS1 US EPCIS conformance trustmarks. It’s a great way to tackle those pesky interoperability challenges. When you’re out there making purchases, be sure to ask for proof that things meet third-party standards. It's a smart move. (tracelink.com).

---

Case study 3 -- Synaptic Health Alliance: fixing provider directories with a permissioned ledger

What Happened

So, a bunch of founding members--Aetna, Humana, UnitedHealthcare/Optum, Quest Diagnostics, and MultiPlan--teamed up to set up a permissioned blockchain. This technology really helps them handle public provider info way better, which means they can save on those costly, repetitive outreach efforts and avoid mistakes. Those errors can really mess with network availability and access for members, so this makes a big difference! Synaptic’s been busy validating millions of public provider records every single day. And get this--MultiPlan is raking in an incredible 500% return on investment each year! How amazing is that? For more info, take a look here: synaptichealthalliance.com. You’ll find all the details you need!

The Alliance recently released a white paper that dives into how they’re using permissioned smart contracts to handle updates and keep track of changes in a really efficient way. It's pretty interesting stuff! They're aiming to set up a multi-payer "provider data exchange" that helps tear down those walls around shared demographic info and directory details. If you're interested, you can check out the entire paper right here: (synaptichealthalliance.com). Happy reading!

What to Copy

Kick things off by diving into non-competitive stuff that tends to change a lot, like directory demographics, sanctions lists, and making sure addresses are all lined up correctly. Hey there! Just a quick reminder to stay in line with the HL7 Plan-Net and payer directory rules. But here’s a cool idea: why not use blockchain to create a shared state? It offers that awesome write-once audit trail while steering clear of storing any PHI. Sounds pretty efficient, right? Think outside the box when it comes to rewarding people for their contributions. One idea could be to give credits when other people make use of your updates. It’s a great way to acknowledge their contributions while encouraging collaboration! Synaptic has taken a closer look at the whole idea of data-sharing incentives. (businesswire.com).

---

Case study 4 -- PharmaLedger Association (PLA): global ePI and AstraLabel

What happened

So, back in 2023, PLA launched this cool thing called “ePI by PharmaLedger.” This awesome service makes it super easy for both patients and healthcare providers to get their hands on official electronic Product Information straight from the Marketing Authorization Holder (MAH). All you have to do is scan the product’s GS1 GTIN/serial code, and voilà! They've added blockchain technology to ensure that those scans are directed to the correct MAH. And don't worry--absolutely no patient data is being collected in the process! Jump to 2025, and guess what? This solution has leveled up to meet GxP standards! It's now accessible in 46 countries and available in 29 different languages, with even more markets on the way. How exciting is that? (pharmaledger.org).

So, fast forward to October 2025, and PLA rolled out AstraLabel--a pretty cool SaaS platform (you’ve got Core, Solo, and Edge options) that aims to really amp up digital labeling and ePI worldwide. They've got some exciting plans in the works for the next-gen Product Trust Platform 2! Hey there! Just a heads-up, the rollout is set to start in January 2026. Exciting times ahead! (pharmaledger.org).

Why it Matters

ePI really addresses a big safety problem we've had for ages with those old-school paper leaflets. It offers a dependable way to manage recalls, keep track of expiry dates, and update labels. Plus, it totally respects user privacy by not gathering any personal data. Pretty neat, right?

• On top of that, it meshes really well with GS1 identifiers, such as GTINs and batch or serial numbers. Plus, it’s super cool to see the new ePI pilot programs launching in the EU, isn’t it? It sees blockchain as more than just a way to store data; it’s actually the main communication center. (gmp-compliance.org).

What to Copy

Hey, just a heads up! To prevent any spoofing issues, it’s super important to use chain-anchored resolution along with digitally signed content from your source systems, like RegOps or Labeling. Trust me, it’ll make your life a lot easier and keep everything secure! So, to start off, let’s keep it simple: set everything up so that there’s “no analytics on user scans” by default. Only add those privacy-friendly telemetry options when the rules and consent guidelines actually say it’s okay.

---

Case study 5 -- Singapore HealthCerts: verifiable, privacy‑preserving health certificates at border scale

What happened

So, GovTech Singapore teamed up with the Ministry of Health to launch something pretty cool called HealthCerts. This open standard is built on OpenAttestation, an open-source framework that has the backing of the government. It leverages blockchain technology to safely store cryptographic proof for health documents, such as COVID-19 lab results. Here’s the neat part: they actually verify the identities of issuers, so you know it’s legit. The content? Totally tamper-proof. Plus, all that gets stored on the chain are hashes--no personal info floating around! Take a look at this: tech.gov.sg. You might find it pretty interesting!

Why it matters

HealthCerts has rolled out these cool “verifiable documents” that let you choose what information to share. Plus, they’ve teamed up with a government-run notarization service called Notarise to make everything official. This system is really focused on making sure different health records can work together smoothly. It’s a great example for things like lab results and sick notes, all while keeping personal health information (PHI) decentralized. No need to pile everything into one central place! Check it out here.

What to copy
If you're looking for open verification options, check out platforms like OpenAttestation or W3C VC 2. They're pretty solid choices! 0 + JOSE/COSE. This makes it easy for verifiers to stay efficient and open about what they do.

• Just make sure to link revocation status and proofs to either a public blockchain or a consortium chain. For everything else, make sure to send the documents off-chain, using FHIR/JSON format, and don't forget to include the signatures!

---

Related initiative -- Workforce credentials: lessons from the NHS Digital Staff Passport

So, the NHS Digital Staff Passport just launched some cool new W3C-style verifiable credentials, thanks to Microsoft Entra Verified ID/Authenticator. This is a big deal because it’s going to make staff transfers way easier and save everyone from having to go through the same checks over and over again! This service was active and got regular updates until December 5, 2025, when it officially came to an end. That said, the technical trust framework and its implementation docs are still really handy for any health workforce credentialing projects. Feel free to take a look at it here: production-like.nhsd.io. It’s a pretty handy resource!

Key Takeaways for Similar Programs

• When you’re doing employment checks and verifying training, it’s super important to use credentials that you can actually verify.
• Take a moment to really think about how you're going to handle the entire life of those credentials. It's also super important to consider how revoking them will work in different wallet apps when it comes to user experience. Hey, just a quick tip--it's super helpful to keep a record of the gateway patterns that really click with OIDC/OAuth. It can save you a lot of time down the road! If you want to dive deeper into this, head over to digital.nhs.uk for more info!

---

Emerging practices we now recommend (2026 playbook)

Identity, credentials, and selective disclosure

• Jump in and explore the W3C Verifiable Credentials Data Model v2! 0, which officially got the thumbs up as a W3C Recommendation on May 15, 2025. This version introduces Bitstring Status Lists, which really helps to make revocation more scalable and friendly to your privacy. This is a total game-changer! You can actually verify stuff like having an "active DEA license," being "board certified," or being an "authorized trading partner" without needing to lay out all your personal info. How cool is that? Check it out here!.
• Get on board with OpenID for issuing Verifiable Credentials (OID4VCI) 1. So, it was officially given the green light as an OpenID Final Specification on September 16, 2025. Your IAM team will definitely be on board with this one because it matches the processes they already know well. And hey, get ready for a wave of vendor support coming your way from issuers, wallets, and verifiers throughout 2026! You’ll definitely see a lot more collaboration and help coming in, so it should be a pretty exciting time. If you want to dig a bit deeper, you can check out the details here. Enjoy exploring!

Data Architecture and Privacy

• Steer clear of putting any personal health information (PHI) on the blockchain. Instead of that, why not use cryptographic commitments, such as hashes? Also, consider including credential statuses and some pointer/resolver data. And don’t forget about having policies in place, too! Store the actual payloads off-chain in FHIR/EPCIS repositories, and just remember to have them signed right at the source. This way, you ensure everything's secure and trustworthy! That's exactly how Estonia and PharmaLedger were able to grow so successfully! (e-estonia.com).
• Always go for open standards when it comes to signatures and data exchange. It just makes things smoother and more compatible for everyone! When dealing with clinical data, go ahead and use HL7 FHIR R4 or newer versions. Just make sure to include detached JOSE or COSE signatures for added security. When it comes to the supply chain, try to hit at least the GS1 EPCIS R1 standard. It's a solid goal to strive for! Alright, let's gear up for the R1! The rollout is happening based on the guidance provided by GS1. (gs1us.org).

Governance and Compliance

Hey, make sure to take a look at the consortia governance playbooks, also known as the PDG Blueprint. They're super helpful for figuring out who gets to write which parts, how we verify identities, and what to do if there are any exceptions that pop up. It's a good resource to keep everything running smoothly! Here are the docs that your QA and Legal teams are definitely going to want to check out. (dscsagovernance.org).

Getting third-party assurance, like SOC 2 Type II, for your network operator components is definitely a wise choice! A bunch of healthcare blockchain networks have been through regular audits, so it's a good idea to add auditability to your backlog. (prnewswire.com).

Security Engineering

• **Keys > Chain. Hey, just a heads up--make sure you're looking into HSM-backed key management. On top of that, it's super important to have strong rotation and recovery processes in place for both issuers and validators. It's all about keeping things secure!
• Incident Response Design: When it comes to reissuing and re-anchoring credentials or documents, it’s super important to have a solid routine in place. This shouldn’t just be something we scramble to do when a crisis hits; it should be second nature for us.

Interoperability Checklists (What to Ask for in RFPs)

When you're diving into your RFPs, here are a few important things to keep in mind:

• Identity and Access: Just a heads up, keep an eye out for OIDC/OAuth 2 when you’re searching! You're all set with zero for APIs, OID4VCI for issuing credentials, and you've got support for W3C VC 2! You're all set with JOSE and the Data Integrity suites! If you want to dive deeper into this topic, feel free to check it out here. There’s a lot of interesting stuff to explore!
• Data: Don't forget to request EPCIS R1! It's a key piece of information. We're currently at stage 2, and we have a solid plan in place to move on to R1. 3 set for 2026-2027. Oh, and make sure to bring up FHIR R4 when you can, especially those signature profiles. And don’t skip over the GS1 GTIN/GLN identifiers--they fit in really well when the context calls for it! If you're looking for more info, check out this link. It’s got all the details you need!
• Governance: It's important to make sure you’re on the same page with PDG and the industry standards. You’ll need strong credentialing policies in place, a straightforward way to deal with disputes and exceptions, plus a solid plan for keeping records and evidence safe over time. If you’re looking for more details, you can check it out here.

---

Pitfalls we still see (and how to avoid them)

• Try to steer clear of putting any personal identifiable information (PII) or protected health information (PHI) on the blockchain. Once it’s done, there’s no going back, and it could definitely lead to some serious legal issues. Instead, let's shift our attention to anchor proofs instead of payloads. Estonia and Singapore are definitely showing us how it's done! They've set some pretty impressive standards for others to follow. Take a look at this: e-estonia.com. You won't want to miss it!
• Avoid thinking of blockchain as just a database. Just stick with your current EHR, data lake, or whatever repository you're using as your main source of truth. How about using blockchain to keep everything secure, help sort out any issues, and track credential statuses instead? It’s a pretty smart way to make sure everything stays legit! Learn more at (pharmaledger.org).
• Make sure you pay attention to those important dates for the standards. You won’t want to miss them! If your DSCSA solution isn't up to speed with EPCIS standards and doesn’t match up with PDG, you’re definitely going to run into some headaches with partner exceptions and a ton of extra work when the 2025-2027 transition rolls around. Trust me, you’ll want to get this sorted out before it becomes a bigger issue! You can check out the details right here: gs1us.org. Got some pesky B2B identity issues? Don't worry, we can tackle that together! When it comes to DSCSA and payer/provider networks, we really need to be using cryptographic, revocable credentials instead of just relying on shared keys and IP allowlists. It’s all about having that extra layer of security, you know? When it comes to security, you definitely want to stick with verifiable credentials, mTLS, and role-based policies. They’re great options to ensure everything stays safe and sound! Want to dive deeper? Check out more info at dscsagovernance.org. Happy exploring!

---

A 90‑day delivery plan we use at 7Block Labs

• Weeks 1-2: Mapping Out Regulations and Standards. Alright, let's dive into what we need to check out. First off, we have the DSCSA - that's definitely on the list. Then there's EPCIS/PDG, and we can't forget about ePI. Oh, and we should also consider GS1/PLA along with Directory and Credentialing, since that all connects to W3C VC 2. It's a lot to take in, but we’ll get through it! 0 and OID4VCI. Make sure to whip up a signed architecture decision record (ADR) to clearly lay out the boundaries for on-chain and off-chain. It’s super important to have that documented! Take a look at the info over at (dscsagovernance.org). You’ll find all the details you need!
• Weeks 3-6: Putting the Plan into Action. Alright, let’s dive in! You can either fire up a permissioned chain, or if you’d rather go for something more open, why not choose a public chain that still respects your privacy? This will serve as our resolver or status layer. Don't forget to link it up to an EPCIS/FHIR repository using JOSE/COSE signatures! We’ll also need to set up an issuer using OID4VCI 1. You've got a zero and a verifier thrown into the equation. Check it out here: (openid.net). You won’t want to miss this!
• Weeks 7-10: Partner Sandbox Time! How about we team up with a couple of outside partners and share some actual test data with them? Get ready for some serious drills! We’re diving into things like mismatches, credential revocation, and product recalls. It’s going to be a real hands-on experience! Let’s make sure we double-check those PDG/GS1 conformance cases too. If you want to dive deeper, check out more details at dscsagovernance.org. It’s a great resource!
• Weeks 11-13: Governance and Assurance. During this period, we’ll dive into the nitty-gritty of governance and assurance. It's all about making sure everything runs smoothly and that we’re sticking to the right protocols. We’ll explore some key concepts, look at best practices, and discuss how to keep everything in check.
• Alright, let’s get into the nitty-gritty and make sure we’ve covered all our bases! We really need to wrap up the consortium rules, figure out the logging and retention policies, and nail down the auditor checkpoints--specifically where those SOC 2 controls come into play. Let’s make sure we get this all sorted out! Also, let’s put together a go-live runbook that outlines some clear SLAs. We should definitely keep an eye on things like response times, how quickly we issue credentials, and the mean time to repair for any exceptions that pop up. This way, we’ll have a solid plan in place! Just to give you a little background, take a look at this link: (prnewswire.com). It’s pretty interesting!

---

How to measure success (beyond vanity metrics)

• Make sure to monitor how long it’s taking to get responses for DSCSA requests from different organizations, specifically looking at the 95th percentile of those times. We're shooting for resolver lookups to happen in less than a second, and we want full trace assembly with EPCIS to clock in under 10 seconds. If you want to dive deeper into the details, just click here. There's a lot of useful information waiting for you!
• Check out how the drift rate of the provider directory stacks up against the audit baselines, especially those CMS error classes. Let’s break down how much we’re reducing those outreach calls and how much quicker we’re making those updates. Plus, we want to make sure it all lines up with Synaptic’s return on investment strategy.
  If you want to dig a little deeper into this topic, check it out here.
• Keeping ePI fresh is super important: we really need to keep an eye on how long it takes--on average--from the moment a regulator approves a label update to when it actually reaches patients and healthcare providers. Oh, and let's make sure we keep track of all the successful batch-level recall notifications we receive. If you want to dive deeper into this topic, you can check out more details here.
• Let's keep an eye on how the credential lifecycle plays out--this includes tracking how long it takes to issue, verify, and revoke credentials for both our workforce and providers. It’ll be especially important to pay attention to these metrics when the system is really busy. Let’s check out how many verifications actually use selective disclosure compared to those that pull the whole document. If you want to dive deeper into the details, just check this out here. Happy reading!

---

Final word

The top healthcare blockchain programs share three main traits. First off, they create trust without needing to share actual data. Pretty clever, right? They also adhere to the big data standards like EPCIS, FHIR, and VC, which helps keep things running smoothly. And let’s not forget, they invest in governance right from the get-go. It’s all about setting a solid foundation! If you're pondering where to jump in by 2026, it might be smart to look at what's already been successful on a national, regulatory, and enterprise scale.

For product and compliance teams trying to keep everything on point, 7Block Labs has really become a trusted partner. If you're on the lookout for a blueprint or a reference build that fits with DSCSA, ePI, or verifiable credentials, just let us know! We’re more than happy to help you out!

---

References (selected)

• Estonia's KSI in eHealth and KSI/eIDAS: Check out these articles on the e-Estonia program! (e-estonia.com).
• We've got some webinars coming up on the FDA's DSCSA stabilization, plus any exemptions and implementation details you need to know about. (fda.gov).
• Let’s chat about the PDG Blueprint and the upcoming town halls in 2025! (dscsagovernance.org).
• GS1's DSCSA Implementation Suite and EPCIS R1. 3 sunrise. (gs1us.org). Check out the MediLedger FDA Pilot for details on participants and results, along with the DSCSA program page! (fda.gov). So, there’s this interesting collaboration among IBM, Merck, KPMG, and Walmart that’s all about a pilot program with the FDA. They dug deep into some pressing issues and learned a whole lot along the way. It’s pretty cool to see big names in different industries coming together like this! (merck.com). Check out the Synaptic Health Alliance website and their white paper! (synaptichealthalliance.com).
• So, there’s PharmaLedger ePI and then there’s AstraLabel. (pharmaledger.org).
• HealthCerts/OpenAttestation (GovTech) and some buzz in the media. (tech.gov.sg).
• W3C Verifiable Credentials 2.0. You're looking at 0 and OpenID OID4VCI 1.

0. (w3.org). Here's a cool example of a SOC 2 audit for a blockchain health data network. This kind of audit checks how well a service provider manages data to keep it safe and secure, especially when it comes to sensitive health info.

So, when a blockchain health data network goes through a SOC 2 audit, they basically get evaluated on a bunch of criteria like security, availability, processing integrity, confidentiality, and privacy.

The auditors will dive into their systems and processes, making sure they have strong controls in place to protect patient data and ensure it’s being handled properly. They’ll look at things like encryption methods, access controls, and how the data is stored and accessed.

The whole goal here is to build trust with users who rely on that network to keep their health information safe and sound. It's a pretty big deal in the health tech world! (prnewswire.com).