dHealth as part of a Consortium Building a Secure, Smart & Inclusive Health-Data Ecosystem for Vietnam’s Capital

Hà Nội Khỏe, the city’s flagship initiative for citizen-centered health management, is currently being prepared for launch, marking an exciting step for Hà Nội toward becoming one of the first blockchain + AI + FHE-enabled smart health cities in Asia.

The value of health data emerges not from its raw form, but from how openly and responsibly it is used—with transparency and patient consent at the core—a paradox that Hà Nội Khỏe is designed to resolve.

Preparing for launch, the city’s flagship citizen-centered initiative positions Hà Nội to become one of Asia’s first smart-health cities that blend blockchain, AI, and fully homomorphic encryption into a single, privacy-first backbone.

The objective is trust by design, intelligence with guardrails, and inclusion at scale. In practical terms, that means citizens control consent without friction, clinicians see what they need when they’re allowed, and public-health teams act early on encrypted signals rather than exposed records.

At the heart of the program sits a simple principle: consent, computation, and accountability should be architectural, not performative. An AI agent generates auditable consent receipts without ever placing medical records on-chain. The agent also monitors key indicators and explains why it nudges a patient or a care team—then anchors a proof of that explanation for transparency. 

Fully homomorphic encryption enables approved analytics to run on ciphertext, benefiting users while the underlying records remain private. This stack aligns with WHO’s digital health ethics, Vietnam’s privacy roadmap, and global interoperability practices, but, more importantly, it aligns with common sense: help people sooner, protect them always.

The Trust Tech Stack

Most systems say, “Trust us!” Hà Nội Khỏe says: “Verify.” Every time a resident grants access—“my district clinic can view my cardiology notes for six months,” “my primary doctor can see CGM trends until next review”—a small, immutable record is written to the ledger.

The record proves that permission exists, who or what it applies to, and when it expires. It never exposes the raw medical content itself. Access rules are codified in smart contracts, so the enforcement doesn’t depend on someone remembering a policy email. When a consent window lapses, the code shuts the door.

Identity is handled with the same restraint. Rather than broadcasting national IDs across systems, the platform links records via privacy-preserving identifiers. Hence, a person’s history follows them without revealing who they are to anyone without a legitimate need to know. That linkage matters in emergencies, referrals, and chronic-care pathways where fragmentation steals time and, too often, causes worse health outcomes. It also creates a clean substrate for analytics, allowing data to be joined precisely while the person behind it remains protected.

On that substrate, the AI agent does work people want: watches for risk, nudges early, and shows its work. Suppose blood pressure has been creeping upward after missed evening doses. In that case, the agent notifies the citizen and their nurse with a plain-language rationale and the minimal context required to act. A hash of that rationale anchors to the ledger, so there’s a tamper-proof trace of what the model saw and why it spoke up. For population health, the same agent aggregates signals across communes—heat-related symptoms in seniors, air-quality-linked respiratory flare-ups—so authorities can stage responses without calling anyone out by name.

Fully homomorphic encryption (FHE) ties it all together. With FHE, approved computations run directly on encrypted inputs, which means analysts, models, and infrastructure never handle plaintext. The result is counterintuitive at first: intelligence rises while exposure declines. Cross-district predictions, adherence risk scores, and resource-planning views can all be produced from ciphertext, returned as risk flags and aggregates, and audited for proper use—without betraying the privacy that consent promised in the first place.

From consent to action

A citizen enrols through the Hà Nội Khỏe app and receives a digital identity that proves they are who they are without leaking who they are to the world. They grant specific, time-bound permissions in a few taps. Those permissions propagate to connected clinical systems so the right staff can see the proper slice of the chart for the stated purpose.

New records, such as lab results, imaging, and notes, are linked by pseudonymous ID and encrypted at rest and in motion. When analytics are needed, the encrypted payload is routed to FHE compute—plaintext never leaves the user vaults.

Now picture a week in the life of a chronic-care pathway. Lan, living with Type 2 diabetes, opts in to share CGM summaries with her district clinic for 180 days. After three evenings of missed medication and a corresponding spike in glucose, the agent nudges Lan with a friendly reminder and notifies her nurse with a concise rationale.

The message is actionable, not accusatory: the nurse adjusts the plan, Lan acknowledges the change, and the trail of “what prompted what” is verifiable without exposing Lan’s raw data to anyone who doesn’t need it. Trust is earned because the system is both valuable and humble.

Long-term vision—a shift to the city level. A heat wave rolls in, air quality dips, and encrypted symptom queries show a rising pattern of dehydration and headaches among seniors across two communes.

Public-health teams get an early-warning visualization, coordinate water stations, and push targeted advisories through the app. Pharmacies receive a heads-up to stock electrolytes. 

No one combs through personal charts to make this happen. The signal is enough. When the wave passes, the interventions and their timing are still auditable, which is how policy improves over time.

Security and safety live inside the flow rather than in annexes. Sensitive actions require step-up authentication, anomalous access patterns raise their own flags, and emergency “break-glass” access is possible under strict conditions only through individual patient approval.

Accountability, equity, and interoperability

A trustworthy health platform must be accountable not just to administrators but to the people it serves. In Hà Nội Khỏe, citizens can see every permission they’ve granted, revoke access in plain sight, and watch consent windows expire on schedule. Clinicians operate under least-privilege rules that align with medical purpose, reducing the temptation to browse and the damage if credentials are stolen. 

Inclusion is designed in. The app works in low-bandwidth environments. Interfaces support Vietnamese and minority languages, with accessibility options for larger text and audio guidance. To avoid “data poverty,” the city can subsidize basic monitoring for high-risk cohorts so algorithmic benefits don’t skew toward the already connected.

Interoperability follows the same pragmatism. Clinical systems exchange structured records using established health-data standards while linking them through privacy-preserving identifiers rather than clear-text personal numbers. Each cross-system handoff leaves a lightweight, verifiable receipt on the ledger so disputes get resolved with cryptography, not email archaeology. The result is a network that can grow—new clinics, new devices, new partners—without sawing into its privacy foundations every time it expands.

Hà Nội Khỏe as a model and a catalyst for dHealth Intelligence

Hà Nội has an opportunity to set the regional standard: healthier, smarter, safer—without trading privacy for progress. By binding consent to code, requiring explanations from AI, and enabling computation on encrypted data, the city makes doing the right thing the easiest thing for citizens, clinicians, and public-health teams alike. That architecture also plugs directly into a broader innovation economy: the AI layer powering Hà Nội Khỏe is the dHealth Intelligence medical AI agent, accessed via API, which means the city and its partners will invoke a secure intelligence through a standardized gateway. A key understanding for AIDH holders: because the AIDH token is required for the aforementioned API access, it is certain that the demand for the token will rise in lockstep with adoption.

As the broader digital economy continues to mine personal data for maximal value extraction from users, there is a growing need for trust to migrate from marketing language into the blueprint itself. 

In other words, trust should be a design choice. It should live in consent that is encoded, in computation that remains encrypted, and in accountability that can be verified without prying. 

Hà Nội stands as the working proof of that choice.