11 May 2021
Privacy Challenges When Sharing Sensitive Medical Data
European Commission Vice-President Margrethe Vestager recently tweeted ‘data is not oil: it is a renewable resource that can be pooled, shared and re-used … we want to enable businesses to make the most of data - while securing that we can trust that we are protected from misuse.’ Nowhere is it more vital to apply that sentiment to than in the data generated in our healthcare systems.
According to Forbes more than 2.5 quintillion (2.5×1018) bytes of data were created each day during 2018; 463 exabytes of data per day (463×260) are expected in 2025. In healthcare alone, the huge amount of health data and medical records generated is growing faster than in any other sector and is estimated to reach around 10 petabytes each year (10×250). Wearables alone generate massive amounts of data each second, while hospitals and primary healthcare centres collect huge amounts of records every day. Additionally, the number of medical imaging tests, blood and genetic tests is constantly increasing.
Generating Value Through Sharing
This enormous volume of stored data can be used to improve the health of our communities and its value increases when shared with others. By bringing data providers and data consumers together in a single place, a medical data exchange platform can sharply increase the value of this data, not least in the cross-border exchange of data, due to the increase in cross-border business. Overall, the big data health market is expected to have a compound annual growth rate (CAGR) of 36%.
The main asset to protect is the health data generated by data providers. The health data collected is generated by wearable health devices that collect a user’s personal health and exercise data, patient devices that collect medical data, diagnostic image devices, online diagnostic tools, medical research, clinical trials, pharmaceutical research, etc.
The health system overall can be significantly improved when this medical data is shared through a data exchange market platform among health stakeholders who are:
- data producers, such as
- hospitals, primary healthcare centres, health clinics, clinical analysis laboratories, private health institutions
- doctors and patients, as health data providers
- data consumers, such as
- research institutions, health authorities, governmental agencies,
- the pharmaceutical industry, drug agencies, insurance companies
The data exchange platform provides data consumer access to data shared by the data providers. Conversely, a lack of data sharing can have a negative impact on the development of computer-based solutions. This negative impact affects areas such as imaging-based machine learning technologies which are able to:
- simulate surgical treatments or device implants,
- automatically detect pathological lesions; and
- cross-reference imaging findings with other patient data for highly personalised clinical predictions.
As the health data generated by data producers is of a personal nature, it is protected and not provided to data consumers. Only the associated metadata that is closely related to health data can be displayed and browsed on the data exchange marketplace. It is not only health data that needs protection: apart from sensitive medical data, any associated personal data as well as the personal data from the different data exchange stakeholders, the data providers and data consumers, must also be protected. Moreover, a suitable technology and infrastructure are also essential requirements for developing the data sharing process in a secure way. Hence, the security and privacy of health information must be assured, not only during data storage, but also during the exchange and/or sharing processes.
The data required for developing and testing these systems exists today in large quantities inside hospital firewalls, but it cannot be accessed without jeopardising patient privacy and exposing institutions to severe legal implications. The GDPR has established a much-needed legal framework that sets clear boundaries for compliant data exchanges and provides clear guidance to economic players, finally framing biomedical data sharing within legal boundaries and opening the possibility for trading such data under different classifications and corresponding legal agreements. The issue still to be resolved is the need for a robust and scalable solution to enforce privacy and security requirements in a way that efficiently meets the strong demand for health data.
How CyberSec4Europe Is Addressing The Challenges
The CyberSec4Europe medical data exchange demonstrator use case leverages an existing data exchange marketplace (Dawex) and is tackling these challenges and contributing to the setting up of a trusted and secured data exchange platform in Europe for medical data
The management and access to this sensitive data on data exchange platforms need to be appropriate in terms of quality, security and privacy. The medical data exchange platform must assure the integrity and reliability of the data. Additionally, only permitted users will get access to the platform where the data or metadata is stored. Also, the data must be protected at any moment when transiting between parties. Moreover, during the sharing process the user data privacy must be preserved at any moment. Furthermore, in order to engage new users to the platform willing to share and consume data, both the data consumers and data providers must interact with the exchange platform in a friendly way. Finally, the platform must comply with current data protection legislation ensuring that the rights of users are protected. These measures will prevent any third party from accessing user data, providing a secure and smooth use of the medical data exchange platform.
The main challenges being addressed in the medical data exchange demonstrator use case when personal and sensitive data such as medical records are identified are to:
- Preserve user privacy
- Assure secure access to data
- Provide a trusted environment where data providers and data consumers can share sensitive data
- Assure end-to-end data integrity
- Improve the user experience
- Apply innovative tools to comply with data protection regulations, principally the GDPR
- Boost the use of data exchange platforms among all stakeholders
To overcome these challenges, CyberSec4Europe is carrying out the following activities:
- Implementing and operating an anonymisation tool
The Data Anonymization Service (DANS), an asset for addressing the security and privacy challenges, is provided as a service which can be deployed at the data provider premises, offered as an additional service by the marketplace or on a third-party infrastructure. DANS is also provided as a library to be directly integrated into the data provider system, making it easy to adopt an anonymisation process.
- Designing and implementing a cryptographic tool
The Functional Encryption to Medical Data (FE2MED) asset is a privacy preserving tool which provides data integrity and confidentiality. An end-to-end encryption protocol is established in order to avoid a cloud provider from reading user data: only the appropriate authorised consumers can access the data or the result of any analytics process.
- Using security tools and trust mechanisms
It is envisaged that strong authentication mechanisms will be adopted for accessing the data shared by the exchange platform. The use of Member State-issued eIDs leveraging the eIDAS network for the authentication process will increase user trust in these exchange platforms.
- Exploring a user-centric approach
The adoption of a self-sovereign identity (SSI) platform would provide an alternative decentralised access to the data exchange platform.
- Following regulatory guidelines
Research activities are being carried out on regulatory aspects and tools for complying with the GDPR and eIDAS regulation.
Not surprisingly, COVID-19 has generated a large amount of data across the world and in order to provide a positive response to the urgent need for global cooperation on many aspects of the pandemic, Dawex launched the COVID-19 Data Exchange platform which will be leveraged by the medical exchange data demonstrator. The tools and mechanisms for creating a trusted, secure and data privacy-preserving exchange platform are being applied on the COVID-19 Data Exchange platform.
The COVID-19 crisis has boosted the development of innovative tools for tracing and controlling the pandemic, but several aspects such as privacy, security, and strategy must be considered in order to reach the expected objectives.
The project’s roadmapping work carried out a SWOT analysis which shows the current situation of the medical data exchange domain in the EU regarding user data sharing while preserving privacy, trustworthiness, security, and complying with regulation. It shows that homogeneity in health data regulations worldwide would help to facilitate the use of health records which could in turn become a key factor for fighting against pandemics, while increasing citizen trust in any data exchange platforms used.
Dealing with these challenges should be of high importance in the near future, as an increasing volume of sensitive records are being generated by the digital economy. Trusted data exchange platforms will increase European Digital Sovereignty but in order to do so they need to seriously consider how to return control of the data associated with personally identifiable information to individual users through the adoption of self-sovereign identity through distributed ledger technology.
A more detailed description of the results of the Medical Data Exchange demonstrator work can be found in the two deliverables, D5.3 Validation of Demonstration Case Phase 1 and D4.4 Research and Development Roadmap.
Juan Carlos Pérez Baun, Atos Spain