CardioScan Pro 3000 — Class IIb/III CT Scanner
Fresh from manufacturing · Ready for first deployment
UDI: 00844588003288/LOT2026-001/SN00432
What gets stored where
Only a cryptographic fingerprint (hash) goes on the public blockchain — never your data.
Full service reports, calibration certificates, and customer details are stored in an encrypted off-chain vault (IPFS/Arweave) — accessible only to authorized parties. Your CMMS and ERP systems are never touched.
1
Validate UDI against FDA GUDID registry
Confirms device identity and regulatory classification via FDA GUDID (US) and EUDAMED (EU) — validated before passport is created
✓
2
Create cryptographic device identity token (ERC-721)
One unique token per physical device — permanently anchored to the UDI, cannot be duplicated
✓
3
Record manufacturer attestation on-chain
Hash of static metadata written to Polygon ledger — timestamped, immutable. Full details go to encrypted vault.
✓
4
Set initial compliance score: 100 / 100
New CE-marked device starts fully compliant. Score decays only when service is overdue or events deviate.
✓
5
Digital Product Passport ready
Passport travels with this device for its entire life — across every owner, service provider, and jurisdiction
✓
Digital Product Passport — Issued
Token #1 · Polygon network · Block #8,429,112
🥇 Gold
100/100
Device
CardioScan Pro 3000
Classification
Class IIb/III — CE Marked
UDI
00844588003288/LOT2026-001/SN00432
GUDID Verified
✓ Device class confirmed
Manufacturer
MedDevice GmbH · 0xA9d5…5745
Recall Status
✓ Clear
Stored off-chain (encrypted vault): CE certificate PDF · Technical file reference · Manufacturing facility details · Full device specifications — accessible only to authorized parties with valid credentials.
On-chain record — public ledger (all a competitor sees)
0x8f4b2a9c1d3e7f0a2b5c8d1e4f7a0b3c9d2e5f8a1b4c7d0e3f6a9b2c5d8e1f4a
A random string and a timestamp. Mathematically impossible to reverse into customer names, pricing, or service data.
Ownership Transfer — SN00432
MedDevice GmbH → St. Anna Hospital, Vienna · Post-installation sign-off
Dual-signature required · Both parties must confirm
What gets stored where
The transfer event hash, timestamp, and credential IDs go on-chain.
Hospital name, purchase price, contract terms, and installation report go to the encrypted off-chain vault — visible only to the manufacturer and hospital with valid credentials. Competitors see only the hash.
1
OEM installation engineer proposes transfer
Installation complete at St. Anna Hospital. OEM engineer scans device barcode — MedPassport app proposes transfer on-chain.
⏳ OEM engineer signature pending
2
Hospital biomedical engineer confirms receipt
Hospital representative scans same device barcode or receives email link. Confirms installation acceptance with hospital credential.
⏳ Hospital signature pending
3
Territory check — automatic
System verifies receiving party's jurisdiction against device's approved territory rules. Flags any out-of-policy transfers for manufacturer review.
4
Transfer confirmed — passport updated
Dual-signature complete. Device passport now shows St. Anna Hospital as current owner. Compliance score unchanged — device is in perfect condition.
Ownership Transfer — Confirmed
Dual-signed · Block #8,429,892 · Polygon network
Score
100/100
Previous owner
MedDevice GmbH
New owner
St. Anna Hospital, Vienna
OEM signature
✓ Credential #EU-MFG-0042
Hospital signature
✓ Credential #EU-HSP-1187
Territory check
✓ EU — within approved territory
Transfer date
14 May 2026 · 09:43 UTC
Stored off-chain (encrypted vault): Installation report · Hospital purchase order reference · Site acceptance certificate · Service contract reference — visible to manufacturer and hospital only.
On-chain transfer attestation hash
0x3c7a1f8b2e4d9c0a5f6b7e1d4a8c2f9b3e5a7c0f4b6d8e1a3c5f7b9d2e4a6c8f
Preventive Maintenance Event — SN00432
St. Anna Hospital · Annual PM · March 2026
OEM service under contract · ServiceMax work order #WO-2026-0893
What gets stored where
Event hash, timestamp, technician credential ID, and pass/fail outcome go on-chain.
Full PM checklist, technician notes, part serial numbers, and calibration measurements go to the encrypted off-chain vault as a linked document — hash-anchored to the on-chain record to prove it has not been altered.
Annual Preventive Maintenance
Logged automatically when ServiceMax work order closes — or via barcode scan (60 seconds)
Event type
Preventive Maintenance
Date
18 March 2026
Outcome
✓ PASSED
Technician
OEM Certified · ID #EU-2024-0891
Parts replaced
X-ray filter seal · OEM part ✓
SW version
v3.2.1 (current)
Next PM due
March 2027
Work order ref
WO-2026-0893
Certificate
PDF → encrypted vault
Path A — CMMS adapter (automatic)
Path B — Barcode scan (manual fallback)
How it works: When the OEM technician closes the work order in ServiceMax, MedPassport reads the closed work order automatically via API adapter. The PM event is signed and written to the ledger within minutes. Zero additional steps for the technician.
How it works: Technician scans the device UDI barcode with a smartphone. A structured web form opens — pre-populated with device identity. Technician selects event type, enters outcome, uploads calibration certificate photo. Submits — signed with their organization credential. ~60 seconds. No IT integration required.
Compliance score — impact of this PM event
Before PM
87/100
PM was 2 months overdue
→
After PM
100/100
PM deduction removed · Score restored
The score recovers automatically when the PM is logged. This is the correct incentive — the hospital's CFO sees the asset value restored, not penalized permanently.
The same device — three different views
MedPassport uses role-based access. Each party sees exactly what they need — nothing more.
Your organization
Manufacturer / Hospital
Device
CardioScan Pro 3000 · SN00432
Compliance score
100/100 🥇 GOLD
Last PM
March 2026 · OEM certified · PASSED
Current owner
St. Anna Hospital, Vienna
Recall status
✓ Clear
Any competitor
No credentials
Public ledger entry
8f4b2a9c1d3e7f0a2b5c
8d1e4f7a0b3c9d2e5f8a
8d1e4f7a0b3c9d2e5f8a
A random string and a timestamp.
Mathematically impossible to reverse into customer names, pricing, or service history.
Regulator / Notified Body
TÜV SÜD · BSI · Competent Authority
Device UDI verified
✓ GUDID confirmed
Service events
4 events · All independently verified
Evidence integrity
✓ Tamper-evident · Immutable
Compliance score
100/100 — maintained to spec
"The audit trail is built. The commercial data stays yours."
Service history, customer names, and pricing never leave your CMMS or ERP. MedPassport carries independently verifiable proof — not the underlying data.
Recall response — with and without MedPassport
A software defect is found in firmware v3.1.0. How fast can you locate every affected device and prove corrective action?
Time to locate 100% of affected devices
Days–weeks
depending on how many
org boundaries crossed
org boundaries crossed
Without MedPassport
→
<4 hrs
pilot success metric
With MedPassport
* The <4 hour target is a Wave 1 pilot success metric — measured via a simulated FSCA at month 9. The "days to weeks" figure reflects the manual reconstruction process for Class IIb/III devices that have crossed organizational boundaries: sold to secondary buyers, serviced by ISOs, or moved across jurisdictions without a shared traceability system.
Without MedPassport
Query internal ERP for affected serial numbers
Email every distributor — wait for responses
Hospitals search their own asset management systems
Devices sold to secondary buyers — manufacturer visibility typically ends at contract expiry
ISO-serviced devices — service data stays in the ISO's own system, not visible to the manufacturer
Offline devices — older equipment, portable devices (e.g. ultrasound, monitors), or devices never connected to vendor networks have no remote data interface; service records exist only on paper or in local systems. MedPassport can register these manually via barcode scan at the device.
Some devices never reached — regulatory exposure
With MedPassport
Query the ledger — every registered device located instantly
Current owner identified regardless of ownership history
Recall flag written on-chain — score forced to zero
All registered holders notified automatically
Corrective action logged per serial — dual signature
Regulator verifies execution from read-only portal
Complete FSCA evidence report — one click
Simulated FSCA — pilot fleet device status
🟢
SN00432 · St. Anna Hospital, Vienna
Firmware v3.2.1 · Last PM March 2026
✓ Not affected
🔴
SN00433 · Charité Hospital, Berlin
Firmware v3.1.0 ← affected version
⚠ Action required
🔴
SN00434 · AMC Amsterdam (2nd owner — transferred 2024)
Firmware v3.1.0 · Located via ownership transfer trail on passport
⚠ Action required
✅
SN00435 · MedEquip Refurbishers GmbH
Firmware v3.2.1 · Patch applied · Dual-signed corrective action
✓ Corrected
4 devices in pilot fleet · SN00434 located via ownership transfer trail — would be invisible without MedPassport
Ledger query: 0.3 seconds