MedCo: Enabling Secure and Privacy-Conscious Exploration of Distributed Clinical and Genomic Data
Jean Louis Raisaro, Juan Ramón Troncoso-Pastoriza, Mickaël Misbach,
João Sá Sousa, Sylvain Pradervand,
Edoardo Missiaglia, Olivier Michielin, Bryan Ford,
and Jean-Pierre Hubaux
IEEE/ACM Transactions on Computational Biology and Bioinformatics,
July 13, 2018.
Abstract:
The increasing number of health-data breaches is creating a complicated
environment for medical-data sharing and, consequently, for medical progress.
Therefore, the development of new solutions that can reassure clinical sites by
enabling privacy-preserving sharing of sensitive medical data in compliance
with stringent regulations (e.g., HIPAA, GDPR) is now more urgent than ever. In
this work, we introduce MedCo, the first operational system that enables a
group of clinical sites to federate and collectively protect their data in
order to share them with external investigators without worrying about security
and privacy concerns. MedCo uses (a) collective homomorphic encryption to
provide trust decentralization and end-to-end confidentiality protection, and
(b) obfuscation techniques to achieve formal notions of privacy, such as
differential privacy. A critical feature of MedCo is that it is fully
integrated within the i2b2 (Informatics for Integrating Biology and the
Bedside) framework, currently used in more than 300 hospitals worldwide.
Therefore, it is easily adoptable by clinical sites. We demonstrate MedCo's
practicality by testing it on data from The Cancer Genome Atlas in a simulated
network of three institutions. Its performance is comparable to the ones of
SHRINE (networked i2b2), which, in contrast, does not provide any data
protection guarantee.
Journal paper (final):
PDF