Open Protocol · Shared Truth Infrastructure

"The greatest risk to a medical device isn't always mechanical. It's informational."

Closing the Information Gap in medical device lifecycles

MedPassport is an open-source Shared Truth Infrastructure based on Distributed Ledger Technology (DLT) — assigning every medical device a tamper-evident Digital Product Passport that survives every organizational handoff. No crypto wallets for enterprise users. No patient data on-chain. No changes to how field technicians work.

How It Works — 5-step interactive walkthrough → Technical Overview & Whitepaper ↗

$21B

Refurbished device market

EU + US

Dual-market ready

Zero PII

On-chain by design

Device Passport · Live Demo

★ GOLD CERTIFIED

UDI 00844588003288/LOT2023-Q1

Device CardioScan Pro 3000

Class IIb — Imaging

Score 100 / 100

Certified ★ GOLD

Recall Clear

Events 4 on-chain · Verified

The Solution

Three pillars of device trust

MedPassport addresses the Information Gap across the full device lifecycle — from manufacture through resale — through three complementary capabilities.

🔑

Provenance

Every device receives a unique, immutable identity anchored to its UDI at manufacture. Duplicate serial numbers become detectable. Configuration history is permanent. No rework, no migration, and no ownership transfer can silently overwrite it.

DevicePassportNFT.sol — ERC-721 GS1 UDI validated against GUDID + EUDAMED

📋

Service History

Every PM event, calibration, software update, and part replacement is recorded as a signed attestation by a credentialed actor. The record is shared across all authorized parties simultaneously — manufacturer, hospital, ISO, refurbisher, and insurer.

ServiceLogRegistry.sol — Append-only Headless CMMS integration — ServiceMax / Infor EAM

✅

Compliance

Audit evidence is built continuously, not assembled under pressure. A weighted compliance score converts service history into a Bronze, Silver, or Gold certification — the trust stamp that makes evidence-based resale pricing possible.

ComplianceScorer.sol — Weighted 0–100 CertificationSBT.sol — ERC-5192 Soulbound

Enterprise Ready

Designed for regulated environments

The three questions every enterprise CIO asks — answered in the architecture, not the documentation.

🔒

Zero-PII Architecture

No patient data, PII, or PHI ever reaches the ledger. Only cryptographic hashes, UDI identifiers, and organizational credentials are stored on-chain. This is a protocol-level technical constraint — not a policy. No configuration, override, or administrative permission can change it. Full GDPR and HIPAA alignment.

Enforced at protocol level

💳

No Crypto Wallet Required

Hospital IT departments and OEM procurement teams never touch digital wallets or native tokens. ERC-4337 account abstraction handles all on-chain transaction fees transparently in the background. Users log in via standard SSO and SAML. Costs settle via standard SaaS billing — familiar to any enterprise finance team.

Standard SaaS billing

📉

Eliminates the Trust Tax

The 30–50% discount buyers demand for unverifiable device history is what MedPassport calls the Trust Tax. Every stakeholder in the device lifecycle pays it in a different form — manufacturers in recall complexity, hospitals in audit overhead, insurers in dispute costs. MedPassport removes the information asymmetry that makes the Trust Tax unavoidable.

30–50% trust discount eliminated

The Information Gap

The cost of fragmented device data

Medical device lifecycle data crosses six organizational boundaries. At every handoff, existing systems go silent. The consequences are structural — and measurable.

15–25%

Recalls that never reach affected devices

Manufacturers depend on voluntary downstream reporting. When data breaks down at handoffs, recall execution is incomplete — leaving patients at risk and manufacturers liable.

30–50%

The Trust Tax on unverified device history

Refurbished devices sell far below their real value because buyers cannot independently verify what happened to them. Verified history converts this discount into negotiating leverage.

3–8

Disconnected systems to assemble audit evidence

Audit preparation takes days because evidence lives across ERP, CMMS, QMS, email, and paper records — assembled under pressure when a notified body arrives unannounced.

30–90

Days to resolve warranty disputes

Both parties reconstruct history from competing paper records. A shared evidence layer — where both parties access the same immutable record — makes disputes resolvable in hours, not months.

Regulatory Alignment

Built for the regulations that matter now

EUDAMED mandatory 28 May 2026 (EU Decision 2025/2371). FDA QMSR in effect February 2026. One protocol. Both markets. Because FDA QMSR incorporates ISO 13485 by reference, EU compliance delivers 80% of US compliance automatically.

🇪🇺

EU Market

MDR + EUDAMED + ESPR

Four EUDAMED modules mandatory from 28 May 2026 (EU Decision 2025/2371). Legacy device registration deadline: 27 November 2026. MedPassport UDI anchors to the same UDI in EUDAMED. DPP-ready architecture aligned with the JRC March 2026 methodology for future medical device delegated acts.

● EUDAMED bridge — Phase 2 roadmap

🇺🇸

US Market

QMSR + GUDID + 21 CFR Part 11

QMSR incorporates ISO 13485 by reference — EU compliance gives 80% of US compliance automatically. GUDID bridge verifies UDI against FDA database before minting. Live connection to AccessGUDID confirmed.

● GUDID bridge — Live ✓

🌐

Global Foundation

ISO 13485 + GAMP 5 Category 4

ISO 13485:2016 is the universal foundation. Three targeted additions — dual UDI fields, dual registry bridges, jurisdiction flagging — enable a single deployment to serve both markets simultaneously. Full VSP at enterprise onboarding.

● Single deployment · dual market · validated

QR Passport Scan Simulation

UDI Device Lookup

Quick passport lookup by UDI. For the full interactive demo with 5 stakeholder roles, document vault, and Path B write workflows — open the interactive demo →

Passport Lookup

MedPassport Protocol · Open Verification

🏥

📱 Click a device above to simulate a QR scan — exactly what a buyer or auditor sees. No login required.

🔍

Enter a UDI above or select a demo scenario to view a live passport

Who It Serves

Three waves of value creation

Manufacturers face the strongest regulatory pressure and carry the greatest recall risk. Refurbishers hold the most immediate commercial opportunity. Insurers gain structured data they have never had access to before.

🏭

Wave 1 — Primary Target

The Manufacturer closes the recall gap and the compliance burden

On-chain traceability reduces reliance on voluntary downstream reporting for FSCAs. Audit evidence is built continuously — not assembled under pressure when a notified body arrives. EUDAMED obligations satisfied as a byproduct of normal operations.

→ EUDAMED mandatory 28 May 2026

Pilot metric: reduce FSCA reach time from weeks to days for a fleet of Class IIb or Class III devices across a single EU jurisdiction.

🔄

Wave 2 — Earliest ROI

The Refurbisher converts the Trust Tax into a negotiating asset

Certified refurbishers are where MedPassport delivers the most immediate, measurable return. A 30–50% trust discount — eliminated. A Gold-certified high-value device — imaging system, ventilator, surgical robot, infusion pump — with a verified service history commands a fundamentally different conversation than one with paper records.

→ $21B refurbished device market · 9–11% CAGR

ROI: 30–50% trust discount converted to evidence-based pricing. Asset value protected for secondary markets.

📋

Wave 3 — Data Network Effect

The Insurer gains structured device condition data for the first time

Warranty claims verified against on-chain service attestations in hours rather than months. Equipment financing risk assessed on actual maintenance history — not device age alone. Premium API access to structured passport data across the MedPassport network.

→ Premium API access tier

Value: structured device condition data that has never existed in a consumable form before.

Ecosystem & Pilots

Wave 1 Enterprise Rollout — currently selecting partners

Two parallel entry points. Fast lane (4–8 weeks): Certified independent refurbishers of Class IIb imaging equipment — immediate measurable ROI. OEM track: Mid-size EU/US manufacturer with active PSUR obligations and ServiceMax or Infor EAM.

🏥

EU MDR jurisdiction

Manufacturer or certified refurbisher operating under EU MDR 2017/745 with Class IIb or above devices.

🔧

CMMS or barcode-ready operations

ServiceMax or Infor EAM preferred for automated Path A integration. Path B barcode fallback available for partners without CMMS — no IT integration required to start.

📊

Measurable pilot commitment

Willingness to define four measurable success metrics and a 9–12 month pilot timeline with a dedicated internal champion.

Pilot Definition

v1 · Single EU MDR jurisdiction · Class IIb or III device fleet

Device scope

Class IIb or Class III regulated devices, single EU MDR jurisdiction. One manufacturer or certified refurbisher as the anchor partner.

→ Intake through first PM workflow

Integration scope

Headless CMMS adapter — zero additional steps for field technicians. Automatic attestation from ServiceMax work order closures.

→ ServiceMax / Infor EAM

Success metrics (Wave 1 KPIs)

FSCA identification <4 hours for 100% of fleet · Work order capture ≥95% · Audit prep reduction ≥30% · Zero additional workflow steps · ComplianceScorer calibrated against real field data.

→ 9–12 month timeline

The full pilot scope document and Enterprise Addendum — covering deployment architecture, GAMP 5 validation, integration details, and ROI benchmarks — are available to qualified partners on request.

Request Enterprise Addendum →

Open Protocol · Shared Truth Infrastructure · DLT

The protocol is open. The network is where we build together.

Smart contracts, schemas, and documentation are MIT-licensed and publicly available. Enterprise deployment, integration services, and managed SaaS are the commercial layer built on top.

View Protocol on GitHub Start a Conversation