Privacy-preserving healthcare platform using vlayer MailProofs and automatic payments on Base
First introduced at ETHGlobal Prague and developed at ETHGlobal Napuleth 2025 hackathon on Base
zkMed is the world's first privacy-preserving healthcare insurance payment platform that automates payments from insurers to hospitals and patients by leveraging cryptographically verifiable email proofs (vlayer MailProofs) and Chainlink Automation for recurring payments. Built on Base with a seamless Privy wallet integration.
Web2/Web3 hybrid architecture that maintains regulatory compliance while delivering revolutionary blockchain benefits:
- Web2 Layer: Traditional claim processing, medical review, regulatory compliance
- Web3 Layer: MailProof verification, instant payments, automated processing
- Bridge: DKIM-signed emails provide cryptographic proof without exposing medical data
- Primary Chain: Base (Ethereum L2)
- Chain ID: 31337 (Local Fork) / 8453 (Mainnet)
- Native Currency: ETH for all transactions
- Development: Scaffold-ETH 2 with Privy integration
- vlayer MailProof: DKIM verification for payment authorization
- Domain Verification: Cryptographic proof of organizational email control
- Zero-Knowledge Architecture: Complete medical privacy preservation
- Audit Trails: Complete email verification history for compliance
- Chainlink Automation: Scheduled monthly payment execution via
checkUpkeepandperformUpkeepfunctions - zkMedLinkPay: Smart contract implementing AutomationCompatibleInterface for recurring payments and fees
- Payment Plans: Verified by email proof between insurer and patient
- Framework: Next.js with Server Components
- Web3 Integration: Privy SDK for seamless authentication
- Smart Accounts: Abstract account management with gas sponsorship
- Responsive Design: Modern UI/UX with desktop-first approach
graph TB
subgraph "Web2: Traditional Insurance Systems"
A[Insurer Claims Portal] --> B[Manual Claim Review]
B --> C[DKIM-Signed Payment Plan Email]
end
subgraph "Web3: Blockchain Automation"
D[vlayer MailProof Verification] --> E[zkMed Smart Contracts]
E --> F[Chainlink Automation Trigger]
F --> G[Automated Monthly Payments]
end
C --> D
This diagram shows how a patient uses a MailProof from their insurer to authorize and set up automated monthly premium payments via Chainlink Automation.
sequenceDiagram
participant P as Patient
participant I as Insurer (Web2)
participant Privy as zkMed Platform (Privy)
participant V as vlayer
participant ZK as zkMed Contracts
participant C as Chainlink Automation
Note over I,P: 1. Insurer sends Premium Plan Email
I->>P: DKIM-Signed email with premium details
Note over P,Privy: 2. Patient Onboards & Sets Up Automation
P->>Privy: Logs in, submits email proof
Privy->>V: Verifies email proof with vlayer
V-->>Privy: Returns verified premium data
Note over Privy,C: 3. Patient with Privy Smart-Wallet Creates Chainlink Upkeep
Privy->>ZK: Registers premium plan on-chain
ZK-->>Privy: Confirms registration
Privy->>C: Creates & funds a new Chainlink Upkeep for Patient
Note over C,I: 4. Chainlink Executes Automated Premium Payments
loop Monthly Premiums
C->>ZK: checkUpkeep()
ZK-->>C: upkeepNeeded = true
C->>ZK: performUpkeep()
ZK->>I: Transfers premium payment to Insurer
end
This diagram shows how an insurer can directly pay a user (a patient for reimbursement or a hospital for services) using their Privy smart account. This is a simple, direct transfer and does not involve MailProofs or automation.
sequenceDiagram
participant I as Insurer
participant U as User (Patient or Hospital)
participant Privy as zkMed Platform (Privy)
participant ZK as zkMed Contracts
Note over I,U: 1. Off-Chain Agreement
I-->>U: Insurer decides to pay user based on off-chain processes
Note over I,Privy: 2. Insurer Executes On-Chain Payout
I->>Privy: Logs in, initiates a direct USDC payment to User
Privy->>ZK: Triggers a simple transfer function
ZK->>U: Transfers USDC to the User's wallet
ZK-->>I: Records transaction on-chain
sequenceDiagram
participant Org as Organization (Hospital/Insurer)
participant V as vlayer
participant Privy as zkMed Platform (Privy)
participant ZK as zkMed Contracts
Note over Org,Privy: 1. Onboarding
Org->>Privy: Logs in and initiates domain verification
Privy->>Org: Prompts to send a verification email
Note over Org,V: 2. MailProof Verification
Org->>V: Submits DKIM-signed email for verification
V-->>Privy: Confirms domain ownership for the Org's wallet
Note over Privy,ZK: 3. On-Chain Record
Privy->>ZK: Associates the verified domain/email hash with the Org's address
sequenceDiagram
participant P as Patient
participant I as Insurer
participant Privy as zkMed Platform (Privy)
participant C as Chainlink Automation
Note over P,I: 1. Onboarding & Premiums
I->>P: Sends premium plan details via email
P->>Privy: Logs in, uses MailProof to set up automated premium payments TO Insurer
Privy->>C: Creates and manages Chainlink Upkeep
Note over I,P: 2. Receiving Payouts
I->>Privy: Insurer logs in to send a direct payment (e.g., reimbursement)
Privy->>P: Patient receives USDC directly to their wallet
sequenceDiagram
participant I as Insurer
participant P as Patient
participant H as Hospital
participant C as Chainlink Automation
participant Privy as zkMed Platform (Privy)
Note over I,P: 1. Receiving Premiums
I->>P: Sends premium plan email
P->>C: Patient sets up automated premium payments TO Insurer
Note over I,Privy: 2. Making Payouts
I->>Privy: Logs in to make direct payments
Privy->>P: Sends reimbursement to Patient
Privy->>H: Sends payment for services to Hospital
- Regulatory Compliance: Medical data stays in traditional systems (GDPR/HIPAA)
- Industry Integration: Seamless adoption without disrupting existing workflows
- Privacy Protection: Medical information never exposed on-chain
- Recurring Settlements: Blockchain automation for scheduled payment execution
- Template Used: Scaffold-ETH 2 with Privy integration
- Features Added:
- Smart wallet creation and management
- Social login options (email, phone, social)
- Gasless transactions for improved UX
- Automatic user role detection and routing
- Implementation: Full AutomationCompatibleInterface with:
checkUpkeep: Identifies payment plans due for processingperformUpkeep: Executes monthly payments to hospitals- Automated triggers based on email-verified payment plans
- Platform fee distribution and payment statistics
Organizations verify identity through domain ownership:
- From: admin@hospitalname.com
- Subject: "Hospital registration on zkMed"
- Body: Not needed
Insurers authorize payment plans through verified emails:
- From: insurance@provider.com
- To: patient@email.com
- Subject: "{insurance name} payment contract in zkMed"
- Body: Patient payment contract, Duration: 01/01/2027, Monthly allowance: 40$
- From: dev@nexthoop.it (insurer domain)
- To: patient@email.com
- Subject: "Claim payout of 100$ for operation 0DTJ0ZZ"
- Body: Not needed
- Node.js: Version 18+
- Yarn: For package management
- Foundry: For smart contract development
- Docker: To run vlayer containers for local development and testing
- vlayer: Version 1.2.3 required to run MailProof contract tests
# Clone the repository
git clone https://github.com/ppezzull/zkMed.git
# Install submodules
git submodule update --init --recursive
cd zkMed
# Install dependencies
yarn install
# Run vlayer devnet
yarn devnet:up
# Deploy contract locally
yarn deploy
# Enjoy the frontend ;-)
yarn start- Patient, Hospital, and Insurer registration now works end-to-end using vlayer proofs
- Frontend hooks call
zkMedCore.registerPatient|Hospital|Insurer(proof, data)
- β Privy Integration: Smart account integration with social logins
- β Smart Contract Deploy: Smart contracts deployed and accessible via /debug page
- β Role-Based Access: Dynamic routing based on user type
- β User Registration with MailProofs: Users register (Patient, Hospital, Insurer) via email-based proofs for identity verification
- π§ Frontend: Connect role dashboards/pages to backend
- π§ Backend: AAVE pool integrations triggered when Insurer registers (capital efficiency)
- π§ Backend: Payment plan automation (Chainlink upkeeps) wired to on-chain plans
- π§ Enhanced Payment Analytics and Mobile UX
- π Regulatory Compliance Framework: Comprehensive GDPR/HIPAA compliance
- π Decentralized Health Records: Private, patient-controlled medical data
- π Global Healthcare Network: Cross-border insurance and care coordination
- π Universal Insurance Integration: Payment system compatible with every insurance provider
- Simplified Process: One-time setup for recurring payments
- Enhanced Privacy: Medical data never exposed during processing
- Trusted Verification: Cryptographic proof of payment authorization
- Predictable Cash Flow: Guaranteed monthly payments from insurance
- Reduced Admin Costs: Automated processing reduces overhead
- Enhanced Security: MailProof validation prevents fraud
- Capital Efficiency: Clear payment schedules improve financial planning
- Reduced Overhead: Automation eliminates manual payment processing
- Enhanced Transparency: Complete audit trail of all transactions
- Sustainable Revenue: Small fee from each processed payment
- Scalable Model: Infrastructure supports unlimited users and transactions
- Regulatory Compliance: Privacy-preserving architecture meets healthcare standards
Built by students from 42 Roma Luiss:
zkMed represents the first practical implementation of privacy-preserving healthcare insurance through Web3 technology, delivering measurable benefits while maintaining regulatory compliance and user familiarity. π
Built with β€οΈ for the future of healthcare finance