Skip to Main Content

COVID-19 Immutable Test Results Submission and Visualization

Accurate COVID-19 test results tracking is necessary for health surveillance and pandemic mitigation efforts, including directing testing resources, targeting therapeutics and vaccine distribution, and focusing pandemic control measures. Test data reporting by various labs, agencies, and test manufacturers, who enable results collection, is done through various means today – subject to omissions caused by human and network errors, risks to data integrity, etc. This lowers the trust in the completeness, integrity, and accuracy of the reported data, and the mitigation efforts that rely on it.  As testing moves beyond the controlled environment of medical labs to work places, colleges and universities, airports, sports venues, etc. these challenges become even stronger – introducing additional risks of identity fraud, data tampering, improper PII handling, etc.

COVID-19 immutable test results submission and visualization solution using Oracle Blockchain Platform and Oracle Analytics in Oracle Cloud Infrastructure solves issues in the current results submission methods and mitigates the challenges and risks of At-Anywhere diagnostics. 

Our solution design utilizes a distributed ledger technology based on open source Hyperledger Fabric deployed in FedRAMP-certified Oracle Gov Cloud. It enables real-time reporting of individual and batched results in a trackable manner with confidentiality, integrity of identity and data, and immutability of the distributed ledger technology.

5 min Video of Capstone Project

Elevator Pitch

COVID-19 immutable test results submission and visualization using Oracle Blockchain Platform, Analytics and Oracle Cloud Infrastructure

Challenge Goals

As testing moves out of the labs to work places, etc. there’s greater risk of human & network errors, identity and results tampering, and improper PII handling. Our solution is a test device-agnostic means of automated reporting with confidentiality, integrity of identity/data, and immutability. The organization’s identity (e.g., test venue, test manufacturer) is registered on a blockchain, submission is digitally signed via private key (enabling authentication, integrity checking, and non-repudiation), PII data is encoded in one-way hashes, and fields are validated by smart contracts before the results are added to an immutable ledger across multiple nodes. Any device or app can use it via REST with HHS-required data fields as payload.


Our solution leverages public cloud services and a minimum viable product could be developed in 2-4 weeks. The solution leverages an HHS pilot infrastructure already running in FedRAMP-certified Oracle Government Cloud: Oracle Blockchain Platform, Database, and Analytics. The additional permissioned blockchain nodes can be deployed in 3rd party clouds or on-premises, and can interoperate with non-Oracle nodes from other Hyperledger members. This solution provides extensible easy-to-use REST APIs and a web app for alternate file-based submission, does field validations in smart contracts, and integrates rich data analysis and visualization. It can be extended with mobile device registration, 3rd party authentication, and user management. 


  • Test devices/apps register a blockchain identity (X509 cert) for a testing venue or manufacturer
  • User/admin App reports scans or CSV/HL7 files via REST API over TLS-encrypted Internet connections with PKI-signed transactions for authentication, integrity and non-repudiation
  • Blockchain nodes dedicated or shared for zero-infrastructure clients
  • PII anonymized (salted SHA2 hash), user matching by consent with blockchain audit trail
  • Non-PII data - test details, results, demographics, etc. are stored on blockchain with access control and at-rest encryption
  • HHS uses an internal search application and Oracle DB/Analytics for rich visualizations & reports
  • Other orgs, e.g., CDC, states, etc. can get access via own nodes or, if authorized, shared HHS nodes


Permissioned blockchain is an innovative open source technology that provides an immutable, single source of truth for test results. It enables non-repudiation, data integrity, confidentiality, and protects the data from tampering in a way that previous technologies could not, thereby enabling trust and transparency in open data and open government. Combining government-required reporting of test results & demographics with self-sovereign PII access control meets health surveillance needs while protecting privacy. Open source-derived solution is interoperable among multiple vendors & clouds for provider diversity. Cloud-based deployment of pre-integrated solution enables rapid time-to-value and dynamic scalability with on-demand expansion.

Flexibility & Scalability

Oracle Blockchain Platform combines the Linux Foundation open source Hyperledger Fabric project with enterprise-grade security, resilience, scalability, and integrations. It’s interoperable with other vendors' Hyperledger Fabric nodes and supports REST API-based reporting for maximum flexibility and integration of diverse devices and apps. It is extensible in breadth of the APIs and is dynamically scalable as our Cloud services can scale up or ramp down as per HHS needs. It can also be extended through 3rd party integration for other advanced capabilities. And its decentralized nature means that any organization can integrate with the blockchain nodes as needed without having to depend on HHS implementation of the future requirements.

Sustainability & Extensibility

Our initial design provides a front-end Web application and REST APIs to enable submission of the test results directly from mobile apps or test manufacturer or administrator network. Additional integrations can include adapters, APIs that batch multiple records, queries, analytics dashboards, visualizations, and direct integrations for mobile user management. Future options include data feeds into supply chain systems for distribution of testing supplies, therapeutics, vaccines, etc. This can also be extended for self-sovereign user access control to PII. The goal: real-time health monitoring capabilities using a modern, cryptographically-secured, decentralized, and automated framework to help support modernization of healthcare delivery.

Team & Collaboration

The Oracle team members included:  Mark Rakhmilevich, Gindy Feeser, Bala Vellanki, Tom Plunkett, Ashar Hussain, Clarke Colombo, Steve Prescott, Jay Smith, Brian Leonard, Dan O'Malley, Nick Cabrera, Lauren Farese, and David Knox, drawing blockchain specialists, API integration experts, Cloud engineers, and others with diverse experience in creating secure, scalable, and sustainable solutions.

Additional Comments

What Team(s) contributed to this Capstone Project?

The Oracle team members included:  Mark Rakhmilevich, Gindy Feeser, Bala Vellanki, Tom Plunkett, Ashar Hussain, Clarke Colombo, Steve Prescott, Jay Smith, Brian Leonard, Dan O'Malley, Nick Cabrera, Lauren Farese, and David Knox.

If you are using patient data, are you using real patient data or mock data? Please use MOCK patient data only

MOCK data

edited on Nov 30, 2020 by Mark Rakhmilevich
Public (3)
You will need to login to post a comment
Sophia B Liu Dec 8, 2020

This idea has been advanced to the current phase

People's Choice Voting Extended

Sophia B Liu Dec 8, 2020

This idea has been advanced to the next phase

People's Choice Voting Extended

Andrea Pitkus Dec 14, 2020

Trying to understand if there are preconditions met by other software. (In general) 1. How to collect AOEs, from ordering provider/patient/specimen collector 2. Integrate into app/LIS or other information source for patient to be married to results of IVD test device/system 3. All transmitted to public health (ELR) 4. All transmitted to HHS (may be met by 3).

Will your approach support all 4 or only portions of above for "tracking lab results"?

Looks like your application is EHR specific. Do you support LIS based reporting of ELR in HL7 v2.51 (per the MU IG)? For patient performed results are they routed to the physician who is required to report via electronic Case Reporting (eCR) by law? Is only CDA supported or other messaging formats like FHIR and V2.51 depending on where the reporting occurs. How would your approach support LISs or labs that don't have API functionality?

How/where are LOINC, SNOMED CT and other codes systems supported in your messaging to meet requirements?

How are CLIA testing requirements met in your system?

Mark Rakhmilevich Dec 14, 2020

Andrea, great questions. Data transmission in our proposal is done using REST APIs with flexible payload to accommodate diverse reporting EHS/ELR systems. The matching of AOEs with test result data can be done in ELR system before reporting, or in our solution after reporting as long as both include the same digital patient ID. For LIS systems or labs that do not have API functionality, we provide a file-based upload-and-report Web app so as long as the LIS can export a batch file (csv or HL7), the Web app can be used to upload it and convert the records to REST API call to the blockchain node.

The LOINC, SNOMDE CT, and other codes can be included in the API payload or file format. The API payload uses self-describing JSON array that can include any mandatory and optional codes and corresponding values. Hope this helps.

Andrea Pitkus Dec 14, 2020

Thanks for the reply. How would you collect patient performed testing (i.e. such as meeting Lucira EUA requirements)?

As you may know not aware of any LISs/labs in the US supporting FHIR/APIs for CLIA compliant reporting. In fact, we on O&O are still working on diagnostic report resource to meet lab reporting needs.

As you may know, ELR reporting is typically HL7 v2.51 (some labs are still on 2.31) messaging format. This is for lab reporting.

However, if patients are performing results and sending to their provider, then physician based reporting by law is applicable such as via eCR. Different reporting/different requirements. Can any/all be supported?

Mark Rakhmilevich Dec 14, 2020

Any results that are in an electronic form can be submitted using file or REST API-based interface. For example, Abbott test via NAVICA app. For test devices that do not have an app or can not produce a digital output, the alternative would be an image of the device/readout uploaded via a Web app. The app can interpret the image to determine a positive/negative reading, add the relevant metadata and submit this via the REST API. Happy to discuss more details directly, if you want to connect on LinkedIn.

Andrea Pitkus Dec 14, 2020

Since you mentioned Navica, it appears to be connected to a LIS or LIMS for ELR and/or eCR reporting. Would your app be downloaded by patients and then used with any IVD patient collected or performed test? How are the UDIs, LOINCs, SNOMED CT codes applied for each? Glad to hear you can interpret an image (as that is one challenging aspect of patient performed testing to know it's reported correctly). Would it work with the Lucira device described in their EUA as first patient performed test? It has a light that is green or red instead of traditional "card" based line result values.

How would these data used in point of care setting like Abbott Ag or Ab tests, Lucira or other IVD vendors that are lab managed and need to be integrated into the LIS as many do not have API functionality (not aware of any with FHIR functionality, especially CLIA compliant). One integrated, they likely can use traditional ELR, or EHR eCR reporting to public health.

Trying to understand workflows/functionality scope, etc. Thanks for the info!

Thomas Plunkett Dec 14, 2020

Also, please feel free to keep posting in this thread. We are happy to answer any and all questions.