Claimshield

In traditional medical insurance, processing claims requires a patient to hand over their most sensitive data — diagnoses, treatment records, billing history — to an insurer's centralized database in order to receive reimbursement.
This traditional method forces the patient to surrender all of their sensitive medical data to a third-party insurer. In short, to get paid, the patient must reveal private health data, creating a honeypot of private health records on centralized servers, which poses a severe privacy violation for individuals. Furthermore, the process lacks transparency and accountability—patients are forced to blindly trust the insurer's eligibility rules and operators, with no on-chain audit trail to verify how claims or settlements are handled.

To solve this problem, I built ClaimShield — a privacy-preserving insurance claims processor that verifies eligibility against live electronic health records (EHR) without exposing the underlying medical data. It shifts the paradigm from "share data to prove eligibility" to "run trusted code to prove eligibility," ensuring the insurer process claims trustlessly while keeping patient records strictly confidential.

Here's how it works:

1. A patient receives medical treatment and their healthcare provider logs the details in an Electronic Health Record (EHR) system, generating a unique FHIR claim ID.
2. The patient comes to ClaimShield verifies humanity and identity and submits a claim by providing their policy ID and the FHIR claim ID. A unique hash of this information is sent on-chain, triggering the ClaimShield enclave.
3. The enclave securely connects to the live EHR system, retrieves the patient's medical data, and evaluates it against the policy's covered conditions and limits. Once verified, the enclave securely records an "Approved" or "Denied" verdict on-chain and triggers an automatic USDC payout to the patient's wallet, all without ever exposing the sensitive medical diagnosis.

ClaimShield uses the Chainlink CRE (Compute Runtime Environment) to process insurance claims inside a Trusted Execution Environment (TEE) — a hardware-isolated enclave where code runs verifiably and privately. It relies on World ID to guarantee uniquely human claimants without exposing their biometrics, and FHIR APIs to access live medical records without exposing their diagnoses.

It is built across three layers.

• The first is the smart contracts. I created three — PolicyRegistry, ClaimRequest, and ClaimSettlement — each with a single, narrow job. The ClaimRequest contract is intentionally stateless: it only emits an event containing an encrypted payload, so no medical data ever touches onchain storage. All three were built, tested, and deployed to a Tenderly Virtual Testnet forking Base mainnet: https://dashboard.tenderly.co/explorer/vnet/f0623146-5cc8-41fe-8cb6-fd43f0528cc0/transactions
• The second is the Chainlink CRE enclave. This is where the actual privacy work happens. The enclave wakes up the moment a ClaimSubmittedevent is detected onchain. Inside the isolated TEE, it decrypts the payload and performs two highly confidential actions usingConfidentialHTTPClient. First, it securely forwards a zero-knowledge proof to the World ID v4 API to guarantee the claimant is a verified human and hasn't filed duplicate claims. Second, it fetches the patient's live FHIR medical record from the hospital. It runs the eligibility logic against the diagnosis and treatment dates, securely discards all sensitive data, and writes only the final verdict and payment amount back to the chain. The raw medical data and human biometric proofs never leave the enclave.
• The third is the demo environment. Since a real TEE hides everything by design, I built a local simulation that makes the privacy guarantees visible. The bun scripts/demo.ts script runs the full workflow on the developer's machine, printing exactly what the enclave sees — World ID nullifiers, diagnosis codes, treatment dates, and billed amounts — before discarding it and writing the minimal verdict onchain. The absolute gap between the rich data logged in the terminal and the opaque bytes stored on the blockchain is the whole point of ClaimShield.