A new paradigm for healthcare data privacy
Data is redefining healthcare. In addition to patient information, the use of data is now driving such high-throughput medical tests as genome sequencing, high-definition diagnostic imaging, and biomolecular disease markers – not to mention the substantial amount of data coming from mobile and wearable devices. Although this data plays a fundamental role in fostering innovation and improving clinical outcomes, it also creates new challenges and risks. “Acquiring and storing patient information imposes high costs and liabilities on biomedical research centres and private businesses,” says Edwin Morley-Fletcher, a researcher at Lynkeus, an Italian data and tech consultancy. “The result is a slowdown in new discoveries in a sector where identity theft and privacy breaches are rampant.” Lynkeus is the lead partner in the EU-funded MH-MD project. MH-MD aims to develop technologies that will allow citizens to control access to their personal information while increasing the efficiency of health data exchanges. “Driving MH-MD is a desire to empower patients, the primary owners of this data,” explains Morley-Fletcher. “Thus, our focus is on securing patient data, reducing the risk of identity theft and privacy breaches, and introducing a new way of sharing private information.”
Permission-based blockchain
The high risk of identity theft and privacy breaches shouldn’t come as a surprise. That’s because the current IT landscape in healthcare remains largely local. Local data repositories are managed by hospitals that often lack the skills, experience and resources needed to establish appropriate defences. “This problem is exacerbated by the fact data producers (i.e. the patients) remain disenfranchised of their right to control who uses their personal information for what purposes,” says Morley-Fletcher. “As a result, there is no incentive for patients to share their personal data.” To federate data storage and encourage data sharing, MH-MD developed a private, permission-based blockchain that gives access to off-chain data stored by multiple hospital repositories and by individuals. To do this, MH-MD uses a metadata catalogue that allows for the safe inspection of what health data is available and smart contracts to automatically check the necessary consents. The solution also includes a number of privacy-enhancing technologies to assure compliance with the General Data Protection Regulation (GDPR).
A feasible alternative
What began as an effort to develop a compliant system for sharing data evolved into something much more. The end solution is not only capable of providing computational trust, it can also share analytical outcomes without accessing the data and provides innovative ways for generating, using and sharing synthetic health data. “Although our goal was to define a blockchain-based system for ensuring the privacy of health-related data, our results go far beyond this,” adds Morley-Fletcher. “What we did was create a technological, ethical and legal sandbox for testing the feasibility and robustness of a new paradigm to facilitate data transactions between people, hospitals, research centres and businesses.” In other words, the MH-MD project has successfully proven that there is a viable and feasible alternative to centralised data solutions in healthcare. In light of the COVID-19 pandemic, MH-MD researchers recently submitted a proposal for a voluntary system of app-based COVID-immunity certification and geolocation that could be built on top of the MH-MD prototype. The research team, together with KPMG is also starting a feasibility study on synthetic data.
Keywords
MH-MD, healthcare, data privacy, privacy, data, health data exchanges, patient information, biomedical, identity theft, privacy breaches, GDPR, COVID-19, coronavirus