Buildathon Use Cases

Home health monitors that measure blood pressure or blood glucose, and fitness / activity monitors such as Fitbit that track heart rates, exercise times, sleep times, etc., have personal health data that can be very useful in the management of chronic diseases (e.g. hypertension, diabetes). The option of uploading the personal health data to a cloud site for tracking purposes, as many of these devices do, does not offer privacy and security.  It is also a challenge to make this data available to physicians for personalized care management or researchers interested in using this information for their studies in healthcare.

Create a blockchain-based solution for the user to upload their own personal health data and grant access to that data to specific individuals. The main components of this solution are:

• Self-registration by the patient with the demographic data, which should include a digital signature component
• Recording of the health data on the blockchain by the patient multiple times 
• Granting of the access to the data by the patient to specific individuals by mapping the Patient ID to a Query-User ID whose digital signature also needs to be recorded on the blockchain
• Ability to scan blockchain and retrieve the recorded health data for a patient during a given time period, provided the querying user has the access rights to that patient

Patient: Patient ID, Patient Name, Gender, Date of Birth
Health Data: Attribute Name-Value Pair(s), Date and Time Recorded
Access Rights: Patient ID to Query-User ID mapping(s)

Consider granting access by health data attribute, i.e. User X can only access Data-Item Y.
Consider ways to improve query performance in retrieving data from the blockchain potentially spanning years and thousands of transactions. 

Every day our Enteral products help improve the quality of life for patients requiring assisted nutrition delivery. As one of the world's leading suppliers of enteral products, we offer a complete line of portable pumps, stationary pumps, disposable sets, and accessories that make it easy for patients to get the nutrition they need - in their homes, in hospitals, and when they are on the go. 

An active 2-year-old female, Janie, was diagnosed with hypercholesterolemia, hypertriglyceridemia, and gastroesophageal reflux disease, and failure to thrive as a result of an undiagnosed feeding disorder. The doctor would like to begin an Enteral feeding protocol. 

Moog’s medical enteral feeding pump records patient’s, Janie, feeding history, talks securely to Bluetooth enabled weight scale to record patient weight over time to verify effectiveness of treatment. Data records tracked as part of secure Blockchain based medical records where patient ‘owns’ and controls access to her secure medical records. Patient grants granular access to data based on need to know. Treating doctor receives patient records and compliance history, home health care provider receives records of consumed product and replenishes when needed.  Pump and scale manufacturer receive data on the reliability and compliance of their products.

1. Create a blockchain-enabled solution
2. Capture all data to ensure verifiable compliance to treatment protocols
3. Create a feedback protocol from the doctor to allow for changes to patient’s prescription
4. Create an anonymous feedback for effectiveness to the pump and scale manufacturers and to the formula producer.

• HIPPA
• FDA compliance
• Potential litigation
• Lot traceability for food source
• Lot traceability for consumption
• Pump performance
• Insurance verification
• Immutable record
• Anonymous metadata records to the machine manufacturer and food producers
• Provenance of food
• Rapid forensics notification
• Rapid protocol adjustment by the physician

When you share your personal information – name, social security number, date of birth, address, etc. – with a company, how do you know that company will keep your data safe? And in our increasingly interconnected marketplace, when that company shares your data with another company, how do you know that other company will protect it? What kind of due diligence is done? These questions and concerns impact companies across industries, and form the foundational blocks of Third-Party Risk Management programs.

“In today’s world, an organization is only as secure as its third parties . . .” [1]

Third-Party Risk Management is an essential part of any Financial Institution’s risk management framework. That became readily apparent in September 2017 when Equifax announced it had experienced one of the worst data breaches in history [2, 3]. The breach exposed the information of approximately 147.9 million consumers – almost half of the country [4] – and included elements of personal information like name, address, date of birth, social security number, and, in some cases, driver license number and credit card number [5]. (For more information on the Equifax breach, see the cited news articles.) Equifax provides services to most financial institutions (“FIs”), and the breach underscored the importance of effective third-party risk management.

FIs outsource a variety of services – examples include everything from human resource management systems to credit card processing to the creation of bank statements (both electronic and paper) to the evaluation of a consumer’s credit history. The outsourcing is very strategic. It presents cost-saving and efficiency driving opportunities, while allowing FIs to focus on their core competencies.

But an FI can never outsource the risk associated with a service, product, or technology. And third parties with access to sensitive customer information or third parties performing critical business operations present some of the greatest risks to FIs, because their failures – whether it is based on performance issues or a data breach – have the potential to damage an FI’s reputation, operations, and financial performance.

Regulatory agencies began heavily scrutinizing third-party risk management practices at FIs after the financial crisis, and issued guidance that informed the design of many FIs’ third-party risk management programs.

Before engaging third parties, FIs now conduct extensive due diligence on third-party providers to ensure, at the most basic level, they’re safe to do business with. Depending on the risk profile of an engagement, FIs send third parties various questionnaires to complete, ranging in topics from infosecurity to business continuity to compliance. 

FIs also review a broad spectrum of the third-party’s documentation, potentially including:

• The third party’s audited financials
• The third party’s policies and procedures (e.g., info security, privacy, HR, compliance, business continuity, etc.)
• Third-party audit reports (e.g., SOC 2, Type II report)
• The third party’s certificate of insurance

Conducting this level of due diligence on each third-party may take months, with the greatest delays coming from obtaining the due diligence questionnaires and documents from the third parties. Third parties are also increasingly frustrated with the repeated and disjointed requests for similar questionnaires and documentation from multiple FIs.

PROBLEM
Most third-party risk professionals acknowledge that their programs do not provide FIs with a competitive advantage – it’s simply part of the cost of doing business. Third-party risk teams, and the subject matter experts that support these programs, have small armies of resources spending their time reviewing many of the same third parties in fairly similar ways. Third-party risk intel is not customarily shared among FIs, and the data collected on third parties is disjointed and decentralized – typically representing a point in time.

GOAL: Leverage the due diligence reviews done on third parties that have been completed by other FIs. Design a blockchain-based solution that would allow FIs to publish their third-party due diligence on a distributed ledger to be leveraged and added to by other FIs

DATA ELEMENTS

1. Originating entity ID: to identify the FI that conducted the due diligence
2. Third-party entity ID: to identify the third party that the due diligence has been conducted upon
3. Due diligence documentation
4. Date due diligence was completed
5. Receiving entity ID: name of FI receiving the due diligence

Additional fields are likely appropriate and can be included at the discretion of the project team.

1. The solution provides efficient and scalable search capability, so FIs can quickly find the relevant third party due diligence published to the blockchain.
2. In addition to the required data elements, additional data fields are innovatively captured and reported in the blockchain solution to maximize the value.
3. The solution creates a repository to capture all third party tokens so that interested parties have the ability to access, view, and create new contracts.

Blockchain technology, which can be either an open ledger (seen by anyone) or a permissioned network (seen only by those authorized) addresses the supply chain challenge as it's an immutable or unchangeable record shared among network participants that's updated in real time.

Manufactures and shippers in the supply chain will have more timely information, improved visibility, reduced disputes between businesses and overall lower transactional costs.

Praxair customers place orders (on the order of thousands per year) for sputtering targets.  Sputtering targets are key components in supporting the physical vapor deposition process (PVD) which is in turn key to semiconductor chip manufacturing. In general, the supply chains related to chip manufacturing can be complex global supply chains managing the manufacturing and logistics of high value goods with exacting quality specifications. Sputtering targets are no exception. 

Sputtering targets provide consistent, reproducible process performance with high thickness uniformity and repeatable target-to-target sputtering deposition. These films are used for semiconductor, display, LED and photovoltaic devices. At Praxair, we have earned our reputation as a leading supplier through extensive research and development, and dedication to produce the highest quality sputtering targets.

Praxair manages the sputtering target supply chain as a make to stock process, i.e. once a target is taken out of inventory to fulfill a customer order a new target is produced for inventory. A combination of statistical forecasting and sales force input is used to estimate required inventory.

The raw material is sourced and shipped to manufacturing plants in Europe or Asia, where the targets are received into the local business’ ERP system. From there it moves through several manufacturing steps, which may take place in different facilities on two different continents.  As the product is moved between countries, besides having to manage the local governments regulatory requirements for imports and exports, each country is a different internal business unit with its own local ERP. So as the product evolves from raw material to WIP and then to a finished good it travels through multiple countries and accounting systems. Each finished target carries with it an individual serial number.

Once it is finished and shipped to a customer, similarly the customer has their own local ERP to manage the transaction and associated payment. Once the target is taken out of service by the customer, it needs to be returned to Praxair to recover and reclaim some of the materials on the target, from which Praxair receives payment. 

Currently Praxair has raw materials, WIP and finished goods in the separate ledgers around the world, as each country has its own profit and loss responsibility and thus its own local ERP system. Besides the suppliers and customers, the product is also handled by 3rd party logistics companies that manage product shipments.

As a result, it can be seen that there are several transactions from multiple organizations as part of the process. Praxair would like to improve record keeping, visibility, and lower transaction costs in this global supply chain through the use of blockchain. Blockchain ledgers can also improve auditing of their party governmental agencies that need to ensure chain of custody and quality audits. 

Build a contract that will be used to track on one blockchain ledger that has the following actors

• Praxair personnel and locations
• Third party suppliers 
• Third party receiving and quality resources 
• Third party customers for both targets and reclaimed material

The supply chain has the following entities  

• Vendors (Raw material manufacturers)
• Procurement (buyer)
• Engineering Quality  
• 3rd Party logistics provider (responsible for transportation of goods)
• 2 Praxair manufacturing locations in different geographies
• Warehouse for Praxair’s raw materials

Each transaction entered into the Blockchain should include at least the following elements:

1. Product ID – An identifier for the product being shipped. In systems using GS1 standards this would be a GTIN, but for this project any identifier is reasonable. 
2. Shipping Entity ID – An identifier for the shipping entity. In systems using GS1 standards this would be a GLN.
3. Receiving Entity ID – The identifier for the entity receiving the shipment.
4. A Purchase Order 
5. Quantity
6. Date

• The solution provides easy, efficient and scalable search capability to establish end-to-end supply chain traceability in a distributed ledger. 
• In addition to the required data elements, additional data fields are innovatively captured and reported in the Blockchain solution to maximize the value.
• Some user interface (UI) is provided to scan the end product QR code or enter product/lot information and display search results.
  

Providing a cost effective farm to fork traceability solution for our frozen supply chain within the grocery and food service industries is our challenge.  We have 1000’s of raw material suppliers, distributors, manufacturing locations, and customers around the globe providing high quality menu items.

We need a solution that prevents food fraud (counterfeit ingredients), enables farm to fork visibility and traceability, and ensures our hold & release and recall processes provide real time confirmations.

As a company, we want to provide our consumers the ability to gain limited visibility to the supply chain network of our products. Using a QR code or lot number printed on the packaging box of the product, the consumer should be able to trace the origin of all the ingredients of the product.

For this challenge, you can choose one of the following two supply chains –

• Fully finished frozen Pizza 
• Fully cooked Shrimp

Both supply chains may have following entities –

• Consumer
• Retail Store
• 3rd Party Logistics Provider (Responsible for transportation of goods)
• Frozen Finished Goods Warehouse
• Rich’s Manufacturing Location
• Vendor Warehouse for Rich’s Raw Materials
• Vendors (Raw material manufacturers)
• Farm/Dairy/Fishing Boats

Devise a Blockchain-based solution for storing transaction information for Rich’s frozen food supply chain with the objective to provide end-to-end traceability of ingredients at lot-level. Required outcome:

1. Accept and validate inbound and outbound transactions on product IDs at each node at the lot number level. Note that the raw materials and finished products are produced in batches which are identified by their lot numbers. As mentioned in the schematic, a new lot number may be created at certain steps in the supply chain. Each transaction should include from/to location information, product code, lot code, date and inventory status (good, hold, recall, & destroy). More details about possible data fields to be captured at each step are provided in the schematic.
2. Restrict visibility to all information about a transaction so that only the shipper and receiver of the transaction can see the information about the transaction. Other parties should not be able to see the item information, nor can they see the identities of the shipper and receiver. 

Each transaction entered into the Blockchain should include at least the following elements:

1. Product ID – An identifier for the product being shipped. In systems using GS1 standards this would be a GTIN, but for this project any identifier is reasonable. 
2. Lot Code – An 8 digit number to identify the date of manufacturer
3. Shipping Entity ID – An identifier for the shipping entity. In systems using GS1 standards this would be a GLN.
4. Receiving Entity ID – The identifier for the entity receiving the shipment.
5. Product Temperature – Record product temperature upon receipt/shipment
6. Quantity
7. Date

Additional fields such as transaction IDs, timestamps are likely appropriate and can be included at the discretion of the project team.

1. The solution provides easy, efficient and scalable search capability to establish end-to-end supply chain traceability using the product lot number. This is particularly critical considering the huge volume of transactional data (tens of thousands of transactions per day are executed) in our supply chain.
2. In addition to the required data elements, additional data fields are innovatively captured and reported in the Blockchain solution to maximize the value.
3. Some user interface (UI) is provided to scan the end product QR code or enter product/lot information and display search results.

Distribution of pharmaceutical products generally follows a relatively straightforward progression: product is created and packaged by a manufacturer and shipped to a wholesale distributor. This distributor then delivers product downstream to dispensing entities such as hospitals and pharmacies. Data rights in the industry are fiercely guarded, and all transaction records are considered private data. Manufacturers can only access information about the endpoints for their product if the distributors and dispensers provided that information to the manufacturers.

New regulations in the pharmaceutical industry have created requirements that all products must be serialized, and therefore transactions can be tracked and recorded at the individual serialized product level. These regulations also create requirements for members of the supply chain to be able to provide transaction information and transaction histories for all of the products of which they take ownership.

These new regulations have created an opportunity for new approaches to data management within the pharmaceutical supply chain, and Blockchain has been widely discussed as a potential technology which could help secure the pharmaceutical supply chain.

While this project is inspired by events in the Pharmaceutical industry, the requirements are intended to be general enough to apply to any industry’s supply chain.

Devise a blockchain-based solution for storing transaction information for the supply chain. The repository must:

1. Accept and validate transactions on serialized product IDs, ensuring that only the entity currently in possession of an item can transmit it to another entity (that is, a distributor can’t add a transaction indicating they shipped an item to a dispenser unless the distributor is currently in possession of that item)
2. Restrict visibility to all information about a transaction so that only the shipper and receiver on the transaction can see the information about the transaction. Other parties should not be able to see the item information, nor can they see the identities of the shipper and receiver. 

Each transaction entered into the blockchain should include at least the following elements:

1. Product ID – An identifier for the product being shipped. In systems using GS1 standards this would be a GTIN, but for this project any identifier is reasonable. (Lipitor may be product ID 1234)
2. Serial Number – A specific number which identifies the item being shipped (A specific bottle of Lipitor may be serial number 1155151515)
3. Shipping Entity ID – An identifier for the shipping entity. In systems using GS1 standards this would be a GLN.
4. Receiving Entity ID – The identifier for the entity receiving the shipment.

Additional fields such as transaction IDs, dates and times are likely appropriate and can be included at the discretion of the project team.

1. Is an external system necessary to index the records in the blockchain for searchability in light of the access restrictions imposed?
2. What process is appropriate for validating the initial transaction of a particular item is valid since it won’t have a current owner in the blockchain prior to that initial shipment?
3. In a high-volume supply chain (tens of thousands of transactions per day) what approaches can be taken to ensure the blockchain can accommodate the performance needs of the industry?