What FHE could do for global medical data sharing

Jeremy Bradley at Zama explains how fully homomorphic encryption (FHE) solutions can hugely benefit data sharing in the healthcare industry

 

When challenges faced by the UK Biobank - a genetic database with data from half a million volunteers - recently hit UK national news, it highlighted a stark realisation; the opportunities for valuable data sharing that could significantly benefit crucial medical research are being completely missed. And why? Primarily, privacy fears. 

 

General Practitioners (GPs), who are mainly independent private practitioners in the UK, are reluctant to share health data, even though participants in the UK Biobank have given their consent for the use of their pseudonymised NHS data.

 

Acting as data controllers, GPs are concerned about legal responsibilities and potential breaches of data privacy - not to mention the additional workload involved in transferring health information securely. Because of this - despite efforts by the UK Biobank - only a small percentage of GPs have been willing to share the necessary data.

 

Vital data on conditions treated by GPs, from dementia and Parkinson’s disease, to depression and diabetes, is essentially locked within GP computers. If shared, the collective data from the UK Biobank’s large pool of participants could unlock a wealth of insight into the causes, treatments, and potential cures for these conditions. 

 

So how do we protect patient confidentiality while facilitating the exchange of essential health data for research purposes? A new emerging technology – Fully Homomorphic Encryption (FHE) – could offer a solution. 

 

Traditional encryption vs Fully Homomorphic Encryption

While traditional encryption methods are commonly used for securing healthcare data, there are still potential risks associated with their use. In simple terms, imagine putting data in a locked box to secure it.

 

However, as soon as you want to do anything useful with the data inside, you’ll need to open it. Once data’s unlocked, it’s vulnerable. This means healthcare organisations must continually assess and enhance security measures to address evolving threats and challenges, and is perhaps why such a huge percentage of GPs, who are not experts in data privacy,  are reluctant to put sensitive patient data on the line.

 

In contrast, Fully Homomorphic Encryption (FHE) is an advanced cryptographic technique that enables computations to be performed on encrypted data without the need for decryption, preserving its confidentiality throughout the entire process. 

 

In other words, once data is secured in a box, you can perform actions on it while it remains locked. In the context of healthcare, this means researchers can perform statistical analyses, machine learning predictions, and model training directly on encrypted data without exposing patients’ details.

 

Collaborative research and secure health predictions

One of the most notable uses for FHE in healthcare is collaborative research. Healthcare data often benefits from collaboration among multiple parties, such as research institutions, hospitals, and pharmaceutical companies, as it can lead to more comprehensive research outcomes. Traditional encryption is a challenge here, mainly because differing legal considerations and privacy concerns associated with medical data sharing prevent this. 

 

Regulatory frameworks, such as General Data Protection Regulation (GDPR) in Europe or the Health Insurance Portability and Accountability Act (HIPAA) in the US, mandate strict privacy protection for medical data - and sharing identifiable health information without proper safeguards can lead to legal consequences.

 

However, with FHE, only encrypted data is transmitted and analysed, meaning actual patient information never actually leaves its origin. This could allow each party to encrypt and analyse data, enabling collaborative machine learning model training across much more diverse datasets. 

 

This can be particularly useful when patient data from one country is lacking. As an example, imagine there are research teams in the US and the UK each working on a rare genetic disorder. By combining datasets - which could include symptoms, genetic markers, and treatment outcomes - they could significantly accelerate their findings and insights, including the accuracy of health predictions and the development of personalised treatment strategies.

 

Health predictions are another area that FHE accelerates. Take genetic testing service services like 23andMe, for example, where a huge amount of nervousness exists around sharing DNA data. Using FHE, encrypted DNA data can be subjected to health prediction algorithms without the need for decryption.

 

Predictive models can then analyse genetic markers associated with various health conditions, providing insights into potential risks or susceptibilities without compromising individuals’ privacy.

 

Challenges in the adoption of FHE

While FHE offers promising solutions to many regulatory challenges and there are countless potential use cases for it in the healthcare industry - the technology is still somewhat evolving, meaning key challenges remain.

 

One of the primary issues is that FHE introduces computational overhead, meaning it significantly slows down data processing compared to traditional, non-encrypted methods; in fact, it’s at least 100 times slower than unencrypted operations and, in some cases, up to 10,000 times slower. 

 

Despite the slower processing speed with FHE, however, having the capability to perform computations on encrypted healthcare data allows researchers and healthcare professionals to glean valuable insights without compromising patient privacy. This is particularly crucial in situations where the alternative might be no data processing at all due to concerns about data security and privacy breaches.

 

It’s also worth noting that the FHE industry is moving increasingly to a low-code/no-code approach, taking the burden off developers - and healthcare professionals - of being experts in cryptography. Newer solutions can be implemented without expert knowledge of the complexities of FHE.

 

There is also ongoing research and development, including efforts by companies like Intel, to create hardware accelerators for FHE. These accelerators are expected to improve processing speed, with initial projections suggesting a potential 10x improvement in speed by around 2026 for the first generation of hardware accelerators.

 

Managing multiple encryption keys, especially when different hospitals use their own keys for data encryption, also poses a significant technical challenge. Performing FHE operations with multi-keys is more complex than using a single key.

 

Again, this is being addressed by utilising what we call ‘threshold decryption’ - this is where we use one key, but split it so that each hospital holds a portion of the key, allowing them to encrypt their data. The FHE computation is then performed collectively, and at the end, each hospital contributes its key part to decrypt the results. 

 

Unleashing the power of medical data

For healthcare business leaders interested in unlocking the power of their data, FHE looks set to be big news.

 

With full adoption of FHE, the world won’t need to worry about privacy. And with no privacy barriers, we can accelerate medical research, personalised treatment options and outcomes.

---

 

Jeremy Bradley is COO at Zama

 

Main image courtesy of iStockPhoto.com