KONFIDO · Project

Secure Cross-Border Health Data Exchange Without Exposing Patient Records

healthPilotedTRL 7

Imagine you need medical treatment in another country, but the hospital there can't safely access your health records from back home. KONFIDO built a security system that lets hospitals exchange patient data across borders while keeping it encrypted — even the server administrators can't peek at it. Think of it like a diplomatic pouch for your medical files: it travels across borders, but only the intended doctor can open it. The project combined six different security technologies, from hardware-level encryption to blockchain-based audit trails, and tested them in real pilot scenarios.

By the numbers

consortium partners across multiple sectors

EU countries involved in cross-border testing

complementary technology pillars integrated

pilot executions completed in realistic setups

44%

industry ratio in consortium

total project deliverables produced

The business problem

What needed solving

Hospitals and health insurers across Europe cannot safely share patient data across borders. Current systems either block sharing entirely — forcing patients to repeat tests and carry paper records — or share data with unacceptable security risks. The explosion of mobile health devices adds another layer of vulnerable data that existing IT security cannot protect against insider threats from system administrators or cloud providers.

The solution

What was built

KONFIDO built and piloted a multi-layered security system for cross-border eHealth data exchange, combining hardware-level encryption (CPU vendor extensions and photonic technology), homomorphic encryption for processing data while it stays encrypted, STORK-compliant electronic identity verification, blockchain-based audit trails, and enhanced SIEM monitoring. All components were tested in 2 pilot executions on federated cloud infrastructure.

Audience

Who needs this

Cross-border hospital groups and health information exchange operatorsNational eHealth agencies managing cross-border patient data flowsHealth insurance companies processing international claimsCloud providers serving the healthcare sector who need to prove data isolationDigital health platform companies building GDPR-compliant EU-wide services

Business applications

Who can put this to work

Healthcare IT / Hospital Systems

enterprise

Target: Hospital groups and health information exchanges operating across EU borders

If you are a hospital network dealing with cross-border patient transfers and struggling to meet GDPR requirements for health data sharing — this project developed a security layer built on homomorphic encryption and hardware-backed protection that keeps patient records encrypted even during processing. It was piloted across a 16-partner consortium spanning 7 countries, proving secure data exchange in realistic clinical setups.

Health Insurance / Payer Organizations

enterprise

Target: Cross-border health insurance providers and reimbursement processors

If you are a health insurer processing claims from patients treated abroad and worried about data breaches during cross-border data transfers — this project built STORK-compliant electronic identity verification combined with blockchain-based audit logging. The system was tested in 2 separate pilot executions, demonstrating that claims data can be exchanged securely while maintaining a tamper-proof record of every access.

Digital Health Platform Providers

mid-size

Target: eHealth software vendors and cloud platform providers serving healthcare

If you are a digital health company building cloud-based platforms and your customers demand proof that even your own system administrators cannot access patient data — this project developed protections against attacks by privileged software like operating systems and hypervisors. With 6 complementary technology pillars tested on a federated cloud infrastructure, the security architecture can be integrated into existing eHealth platforms.

Frequently asked

Quick answers

What would it cost to implement this security layer in our existing health IT system?

The project data does not include specific licensing costs or implementation pricing. KONFIDO was coordinated by EXUS SOFTWARE LTD, an SME, suggesting a commercially-oriented mindset. Contact the coordinator to discuss integration costs and licensing terms for the 6 technology pillars developed.

Can this scale to handle millions of patient records across multiple countries?

The system was designed for cross-border interoperability and tested on a federated cloud infrastructure across 7 EU countries. The 2 pilot execution reports provide evidence of real-world scalability testing, though specific throughput numbers are not available in the project data.

Who owns the intellectual property and how is it licensed?

The consortium includes 16 partners with 7 industry organizations and 4 SMEs. IP is likely shared among consortium members under the Horizon 2020 grant agreement. The coordinator EXUS SOFTWARE LTD (UK) would be the first point of contact for licensing discussions.

Does this meet current EU regulations like GDPR and the European Health Data Space?

KONFIDO was explicitly designed for compliance and interoperability, building on accepted EU projects including epSOS, STORK, DECIPHER, EXPAND, and ANTILOPE. The STORK-compliant eID support and blockchain auditing address key GDPR requirements around data access logging and identity verification.

How long would integration take with our current hospital information system?

Based on available project data, the system was built on 6 technology pillars that can be adopted independently or together. The project ran for 3 years (2016-2019) including development and piloting. Integration timelines would depend on which components you need and your existing infrastructure.

Can this work with our existing electronic health record systems?

KONFIDO was specifically built to extend interoperability standards from epSOS and ANTILOPE, which are the foundation of EU cross-border health data exchange. The 2 pilot executions tested real-world integration scenarios on federated cloud infrastructure, suggesting compatibility with standard eHealth architectures.

Is there ongoing technical support or has the project ended?

The project closed in October 2019. However, with 7 industry partners and 4 SMEs in the consortium, several partners may offer commercial support or have spun off products based on the results. The coordinator EXUS SOFTWARE LTD is the best starting point for current availability.

Consortium

Who built it

The KONFIDO consortium is unusually well-balanced for commercialization, with 7 industry partners out of 16 total (44% industry ratio) and 4 SMEs including the coordinator EXUS SOFTWARE LTD. The 7-country spread across Belgium, Denmark, Greece, Spain, France, Italy, and the UK mirrors the cross-border nature of the problem being solved. With 6 research organizations providing deep technical expertise and 2 universities anchoring the science, the consortium had both the research depth to build advanced security technologies and the commercial orientation to make them usable. The SME-led coordination suggests a business-first mentality rather than a purely academic exercise.

EXUS SOFTWARE LTDCoordinator · UK
TIMELEXparticipant · BE
ETHNIKO KENTRO EREVNAS KAI TECHNOLOGIKIS ANAPTYXISparticipant · EL
IMPERIAL COLLEGE OF SCIENCE TECHNOLOGY AND MEDICINEparticipant · UK
COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVESparticipant · FR
EULAMBIA ADVANCED TECHNOLOGIES ETAIRIA PERIORISMENIS EFTHINISparticipant · EL
FUNDACIO DE RECERCA CLINIC BARCELONA-INSTITUT D INVESTIGACIONS BIOMEDIQUES AUGUST PI I SUNYERparticipant · ES
MEDCOMparticipant · DK
AGENCIA DE QUALITAT I AVALUACIO SANITARIES DE CATALUNYAparticipant · ES
HOSPITAL CLINIC DE BARCELONAthirdparty · ES
FUNDACIO EURECATparticipant · ES
CONSORZIO INTERUNIVERSITARIO NAZIONALE PER L'INFORMATICAparticipant · IT

How to reach the team

EXUS SOFTWARE LTD (UK) — search for their team leads on LinkedIn or the project website contact page

Order a report on this consortium See EXUS SOFTWARE LTD profile →

Next steps

Talk to the team behind this work.

Want an introduction to the KONFIDO team to discuss licensing their cross-border health data security technology? SciTransfer can arrange a direct meeting with the right technical leads.

Order a report on this topic More in Health & Biomedical