towards an ecosystem for privacy respecting analysis of distributed health data
TRANSCRIPT
TOWARDS AN ECOSYSTEM FOR
PRIVACY RESPECTING ANALYSIS
OF DISTRIBUTED HEALTH DATA
Wessel Kraaij (TNO and Leiden University) and Marc van Lieshout (TNO)
OVERVIEW
Introduction: big data in health applications, privacy risks
The right to privacy
Personal data: interests of researchers vs. data subjects
FAIR & RESPECT4U
Project outlines
PIME – a privacy respecting data platform with transparency features
PRANA – privacy respecting data analytics in health care settings
07 June 2016 2 | Privacy respecting approach in health care applications
Responsible
Empowering
Secure
Proactive
Ethical
Controlled
Transparent
BIG DATA IN HEALTH CARE
07 June 2016 3 | Privacy respecting approach in health care applications
http://www-03.ibm.com/press/us/en/photo/40728.wss
QUANTIFIED SELF
4
bron: MIT
Quantified Self
A DIY movement aiming for
improved self knowledge by
using tracking technology
(sensors and apps).
Gary Wolf (Wired): “Almost
everything we do generates
data”.
bron: RescueTime
FROM POPULATION AVERAGES
TOWARDS INDIVIDUAL TREATMENT
5
Van ‘big’ naar ik
Bron: cbw.ge en wikimedia.org
Contributing towards
Reference population
Interpretation of
QS data needs
contrasting peer
data.
07 June 2016 6 | Privacy respecting approach in health care applications
BMC (October 2015) 66% of tested health apps (#79) which all were accredited according to the UK NHS accreditation scheme did not use data encryption 90% of apps tested transmit data to the cloud 20% of apps did not have a privacy policy 78% of those with a privacy policy did not adequately describe the nature of personal information that was transmitted Serious risk for unforeseen and unwanted dissemination of data to third party services without clear notification to and consent by the end user.
APPS FOR HEALTHY LIVING
SO WHAT?
Distrust in EHR systems is high.
Data protection regulation in EU has been strengthened.
It is more difficult to do studies that aggregate patients across different
hospitals or countries.
The development of precision medicine and personalized health meets a
serious technical and legal barrier.
A possibility for more efficient and more effective health care is delayed
07 June 2016 7 | Privacy respecting approach in health care applications
WE NEED INNOVATIONS IN DATA
MANAGEMENT AND GOVERNANCE
#1: FAIR DATA: FINDABLE, ACCESSIBLE,
INTEROPERABLE, REUSABLE
Solution to increase the impact of public research.
Data should be accessible, to reproduce results
How about patient data?
07 June 2016 8 | Privacy respecting approach in health care applications
BUT PRIVACY IS A FUNDAMENTAL RIGHT
07 June 2016 9 | Privacy respecting approach in health care applications
EU Charter of Fundamental Rights (2009)
Article 7: Respect for private and family life: Everyone has the right to
respect for his or her private and family life, home and
communications.
Article 8: Protection of personal data: Everyone has the right to the
protection of personal data concerning him or her.
The Dutch Constitution:
Safeguards in article 10 (private life), article 11 (the body), article
12 (the home), article 13 (communications)
#2: RESPECT4U
Responsible
Empowering
Secure
Proactive Ethical
Controlled
Transparent
4
U
10 | Privacy respecting approach in health care applications 07 June 2016
MOVING TO PRACTICE: PIME AND PRANA
Two technology valorization programmes (EIT Digital and COMMIT/) funding
two separate streams of research
PIME (Personal Information Management Ecosystems)
Focus on patient self management
Dedicated middleware platform with several privacy and security features
Privacy and transparency dashboard to help patients keeping control over
their data
PRANA (Privacy Respecting ANAlysis of health data)
Focus on analysis of aggregated distributed health data
Looking for ways to enhance privacy respecting analysis of patient data
07 June 2016 11 | Privacy respecting approach in health care applications
07 June 2016 12 | Privacy respecting approach in health care applications
PIME
PERSONAL DATA STORE WITH ACCESS
CONTROL POLICIES
07 June 2016 13 | Privacy respecting approach in health care applications
A set of permissions (permit or deny) or obligations based on
conditions
Conditions use comparisons on attributes and their specified values
Traditional AC applications are in the computer networks firewalls and
building security and are usually ROLE-based
New access control applications are in controlled credit cards,
controlled cell phones and access to structured documents
There is a shift underway to ABAC (attribute based access control)
With our PDS we’re talking about Cell-Based Access Control (CBAC)*
PROOF OF THE PUDDING
PIME pilot
Middleware platform with privacy dashboard for integrated birth control
Province of Noord Holland; small pilot (few tens of patients)
TNO/Synergetics for organising patient consent (and control!)
07 June 2016 14 | Privacy respecting approach in health care applications
ONATAL
PRANA DATA
07 June 2016 15 | Privacy respecting approach in health care applications
RESEARCH QUESTION
How to perform privacy respecting analysis on sensitive data
that is distributed and should not be disclosed to the parties that perform the analysis?
Data protection and processing by design
Informed consent based transparency
Privacy respecting analysis of distributed data repositories
Provide proof of principles in 2 use cases:
Research setting: MUMC and UMCG development of distributed learning technology
focused on lung cancer prediction models
Patient setting: relate individual health data to the best matching patient profiles, while
respecting data protection rules, informed consent settings and data location
Privacy respecting analyses on
patient data without revealing data
2 Proof of Principles:
Research Setting
Patient setting
16 | Privacy respecting approach in health care applications 07 June 2016
PERSONAL HEALTH TRAIN
If it is impossible to bring the data to the learner / model (a centralized
approach)
just bring the learner to the data ( a distributed approach)
07 June 2016 17 | Privacy respecting approach in health care applications
http://www.dtls.nl/fair-data/personal-health-train/
Andre Dekker, MUMC
Bram Peter ‘t Hoen,
LUMC
DTL
https://vimeo.com/138977162
CONCLUSIONS
Increasing need for sophisticated solutions that bring together:
Patients’ need for privacy respecting approaches
Patients’ need for transparency
Health care providers’ need for advanced data analytics
Working –with various stakeholders- on solutions that meet
FAIR principles (Findable – Accessible – Interoperable – Reusable)
RESPECT4U principles (Responsible – Empowering – Secure – Pro-active
– Ethical – Controlled – Transparent)
Experimentation with
Real patients – health care providers
Technology 07 June 2016 18 | Privacy respecting approach in health care applications
THANK YOU FOR YOUR ATTENTION