Privacy and data usage in the age of artificial intelligence are colliding in healthcare where maintaining trust is as essential as advancing patient care. Secure encryption technologies and regulatory guidance can help to ensure health systems get a handle on protecting the patient data they store and use.
Rina Shainski and Dr. Kurt Rohloff, cofounders at Duality, say privacy-enhancing technologies like the ones their company develops offer practical protections for healthcare organizations seeking to analyze sensitive data while maintaining patient privacy now.
Privacy protection approaches such as fully homomorphic encryption (FHE), trusted execution environments (TEEs) and privacy-preserving federated learning (PPFL) are hugely valuable, but still underused, say Shainski, who serves as Duality’s chairwoman, and Rohloff, the company’s chief technical officer.
They spoke with Healthcare IT News recently to discuss how FHE, TEEs and PPFL can help address the healthcare sector’s increasing and significant patient data protection challenges and can benefit regulatory guidance that must evolve.
Driving encryption forward
Duality has developed software-based capabilities to share highly protected data. Rohloff personally helped to implement one of the first homomorphic encryption schemes, enabling applied privacy-protected data collaboration, under the Defense Advanced Research Projects Agency.
“With FHE – which allows not just protection at rest and protection in transit, which is what classical encryption does, but provides protection of data in use – we can protect data while it’s being analyzed, develop better medical treatments and provide better medical services,” he said. “And provide better defense-in-depth, also.”
FHE is useful in cloud computing, where the data is stored on a remote server and processed by third-party service providers, he explained. Data can be encrypted and stored, with computations performed on ciphertexts without the server – or the service provider – ever accessing the original data.
Several companies are developing advanced encryption technologies for healthcare and other industries, including IQVIA, Google, Immuta, Enveil, Silence Laboratories, Concord Technologies, Keyless, Nabla, NuCypher and others.
Privacy battle clarifies little
While a federal judge ruled for the American Hospital Association in AHA v. Becerra, and confirmed that sharing a patient’s IP address does not constitute a privacy breach, data collected on providers’ unauthenticated websites and shared with third parties is still a liability from regulatory agencies and a potential cause for class action litigation.
Iliana Peters, an attorney and shareholder at the legal firm Polsinelli, told Healthcare IT News earlier this month that her firm is seeing hundreds of thousands of class action demands aimed at healthcare organizations.
Understanding all the data collected from a public-facing website, and following all of the U.S. Health and Human Services and state regulatory requirements for consent and use can be a heavy lift, she said.
“Based on my understanding of the case, it was more about HHS trying to impose another level of sophistication about what disclosing [individual health information] actually means,” Shainski said.
IHI can be derived from cross-correlating information that appears on the public web pages of medical centers and healthcare systems, she noted.
“They introduced another level of complication there,” but healthcare organizations pushed back, she said. “It is very difficult for medical centers to keep up with all the various ways of deriving personal information from sophisticated correlations, say, AI analytics.
“The analysis is really developing very rapidly,” she added. “They get this data, they try to comply, but, if additional complexities come into how personal information can be derived, it’s difficult for them to deal with it.”
“The nature of the case basically shows how pervasive privacy-sensitive information can become,” said Rohloff.
What might be commercially acceptable behavior – such as maintaining cookies – differs from how browsing behaviors could be implied to be privacy sensitive.
“Even just browsing websites and things like that and the facts of the case for what it is, points at how organizations might get wrapped into privacy issues without necessarily understanding the privacy issues per se,” he said.
Privacy guidance must drive greater security
PETs can help make data protection more straightforward, Shainski added.
“The regulators can feel that they are asking for something feasible on the one hand, and the providers can truly protect the data and yet use it for analysis,” she said.
Healthcare’s desire to leverage artificial intelligence to improve patient outcomes and streamline medical processes also necessitates PETs to ensure data security, and that is something regulators should drive, she explained.
Shainski urges clearer guidance on the use of PETs to meet HIPAA and other privacy requirements and to incentivize their adoption.
If regulators can be more proactive in understanding and leveraging technological solutions to enforce privacy regulations, they can guide the healthcare industry in strengthening patient data privacy, she explained.
“The regulators have to evolve into this digital age,” she said. “They can be more prescriptive in how they seek to prevent exposure.”
They need to start endorsing technologies, or technology-based tools, “that will actually help achieve what they are asking for,” she added.
HIPAA could evolve as well, according to Shainski.
“There is a lot of discussion in this legal case, about what constitutes exposure of personal information,” Shainski said. “It becomes more and more complex. Actually, including privacy-enhancing technologies in the regulator’s recommendations can significantly simplify compliance.”
Last year, when the White House announced winners in the U.S. and U.K. PET Prize Challenge, which seeks to advance PPFL, Arati Prabhakar, director of the White House Office of Science and Technology Policy, said “privacy-enhancing technologies are the only way to solve the quandary of how to harness the value of data while protecting people’s privacy.” In December, the National Institute of Standards and Technology released privacy protection guidance for AI-driven research for one of the winning algorithms, which evaluates differential privacy.
Protecting data by not moving it
While HHS will not appeal the court’s decision, the web-tracking case points to the need for better encryption.
“Encryption is an important tool, but it’s one of many tools,” said Roholff. “There is also an important part of what we would call defense-in-depth, where there are multiple solutions to protect data, protect information, protect privacy and all these other kinds of things.”
PPFL is one key technique that healthcare organizations can use to protect data and advance patient care. It’s a distributed machine-learning technique where the model is trained by aggregating updates from participants who do not share their raw data.
The company is working with Boston’s Dana Farber Cancer Institute to train a cancer detection model using PPFL, enabling collaborative analysis of decentralized data sets.
“They wanted to actually train a pretty sophisticated model on digital pathology data,” Shainski said.
They have some data, and their partners, like Mass General Hospital, have additional data they want to use it as if it were one large data set.
Medical centers also treat patient data “as intellectual property,” she noted.
With model data pre-trained locally, only the parameters or the coefficients of the training get combined – and they can be encrypted end-to-end, as well, said Shainski.
“I think it’s the very highest level of compliance with all the regulations because personal data doesn’t move at all, doesn’t get exposed at all.”
Trusted execution environments are another option for healthcare organizations that utilize hardware-level isolation for secure data processing within a protected enclave, rather than keeping data encrypted all the time. The enclave is like having a very sterile environment, Shainski said.
“Additional research is going on to continue and improve their efficiency and generality, but [PETs] are already available and can be used,” she said.
The case points to the need to take data privacy and protection “very seriously, and apply very well-thought-out solutions” that enable good societal outcomes, said Rohloff.
While some hospitals are using broader data protections to enable operational use of privacy technologies, it’s not as end-to-end as it could be, Shainski said.
In a proof of concept last year, she said Duality worked with Tel Aviv Medical Center on how to collaborate on sensitive cancer data to provide analytics for treatment. The company is also one of the teams developing Biomedical Data Fabric Toolbox under the federal Advanced Research Projects Agency for Health.
“The new ARPA focus on developing advanced technologies for health, and this broader vision that they have of connected data analytics, biomedical data frameworks, particularly to enable collaboration on very sensitive, privacy-sensitive information securely could help provide better health outcomes for historically disadvantaged communities, such as rural health communities, tribal health communities, and so forth,” Shainski explained.
“The vision is a work in progress,” but the government and medical community are “moving in the right direction” to provide better treatments because of easier access to research data.
Prepping for a post-quantum world
While NIST pushed out three final post-quantum cryptography standards in August, they don’t protect data in use, Rohloff said.
“They’re not necessarily drop-ins for the current cryptography that’s being used, it is essentially an upgrade to the things that are currently being used.”
When they’re fully deployed, the post-quantum cryptography keys are going to provide protection against emerging attacks – “like attacks from quantum computing devices currently owned by or believed to be owned by nation states.”
What will be game-changing, Rohloff said, is where PQC is going. “When you start to have protection of data in use, such as protection of data while it’s computed and computed on, while it’s protected, while it’s encrypted.”
That means data could be uploaded to a cloud environment, protected in the cloud, “and then still be analyzed while protected,” he said.
It’s part of the offering Duality is working on for ARPA-H, Shainski added.
“It’s possible to have the best of both worlds – quantum-secure and protection of data in use,” she said. “That’s going to really move the needle for better public health of underserved communities.”
ARPA-H said in its BDF solicitation last year that “Building such a comprehensive capability requires a disciplined approach to the integration of disparate data sources including, but not limited to, longitudinal patient data, treatment outcomes, information about disease progression, clinical observations, genomics/proteomics/metabolomics or other ‘omics’ data, imaging and other foundational biomedical [research and development] experimental observations.”
The goal is to make it possible to manage data across multiple systems, platforms and clouds, while maintaining a consistent and comprehensive view of the data.
One of the agency’s requirements is a centralized approach to data management, including security.
“Critical biomedical data usage by appropriate stakeholders can be impeded by access limitations, a lack of interoperability across hundreds of siloed data platforms and a lack of robust, reusable methods to protect data privacy and security,” according to ARPA-H.
The agency asked teams to consider questions of security and privacy – such as privacy-preserving methods for access to data across federation boundaries – at the point of data gathering.
ARPA-H noted that the future planned fifth phase of the BDF toolbox will focus on baking security into “an executable architecture that can be instantiated over any existing on-premises, cloud-based or new data repository, at scales from an individual lab or institution to a hyperscale cloud-hosted domain repository to make the data in that repository immediately available and usable across the data fabric ecosystem.”
Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.
The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.