by Ludwig Maximilian University of Munich

Data security: Breakthrough in research with personalized health data

Architecture for secure multiparty computation. Credit: npj Digital Medicine (2024). DOI: 10.1038/s41746-024-01293-4

In a new pilot study, the researchers have now presented and tested an approach that overcomes the technical and legal challenges in the demanding context of clinical research on cancer patients while complying with strict European regulations on the protection of patient privacy and data protection.

The research project "Federated Secure Computing" handles cancer patient data analysis in the European health data space across national borders without sharing any actual data, utilizing the modern cryptographic method—secure multiparty computation. The results of the study have recently been published in the journal npj Digital Medicine.

The European research team includes scientists from LMU Munich, Germany, Fondazione Policlinico Universitario Agostino Gemelli IRCCS, Italy, and cryptography experts from Cybernetica, Estonia.

Hendrik Ballhausen, the initiator of Federated Secure Computing at LMU explains how several partner institutions form a secure computer network: "Neither party has access to the others' data. End-to-end encrypted calculations take place on secret shares across the network. The protocol is mathematically proven to ever only reveal the result of the joint calculation, but never the data of the individual patients."

Health data from patients at LMU University Hospital and the Policlinico Universitario Fondazione Agostino Gemelli in Rome served as the data set. Specifically, the procedure benefits patients with adrenal gland tumors undergoing radiotherapy.

Professor Stefanie Corradini, Deputy Clinic Director of Radiotherapy at LMU University Hospital, states, "Through this research, we understand risk factors more precisely and may develop targeted therapies with fewer side effects. This increases the survival rate and quality of life of patients."

"Our institutions provide cutting edge radiotherapy guided by magnetic resonance imaging," adds Luca Boldrini, physician at the Advanced Radiation Therapy Center "Gemelli ART."

"We are just beginning to see data from this modality. By joining forces, our two institutions contribute data on this innovative, and still uncommon, radiotherapy technology twice as fast as it would be possible without the cooperation agreement."

The team built an architecture around Sharemind MPC, the industry-grade platform for secure computing by Estonian company Cybernetica. "Secure Multiparty Computing can vastly enhance privacy and interoperability in the health care sector," says Dr. Dan Bogdanov, Chief Scientific Officer at Cybernetica. "If you need strong end-to-end security and proven policy enforcement and compliance, cryptography can provide the tools."

Close cooperation with data use and access committees, as well as data protection officers was an important part of the effort. The project was supported by a specialist law firm and governed by a cooperation agreement between the three partner institutions, ethics votes and written consent from the patients.

"In the future, we need to make better research use of health data, and faster. This is precisely the aim of the Bavarian Cloud for Health Research as part of the Bavarian Highmed agenda," emphasizes Professor Markus Lerch, CEO and Medical Director of LMU University Hospital.

The team is already working on further use cases. Ballhausen encourages interested parties from industry, science, and the public sector. "We would like to provide advisory support to apply our approach to other areas. Federated Secure Computing stands for modern European data protection that renders data more valuable. This new approach to data protection does not slow down cooperation, instead it facilitates and accelerates further activities."

More information: Hendrik Ballhausen et al, Privacy-friendly evaluation of patient data with secure multiparty computation in a European pilot study, npj Digital Medicine (2024). DOI: 10.1038/s41746-024-01293-4

Journal information: npj Digital Medicine 

Provided by Ludwig Maximilian University of Munich