Towards an ecosystem for privacy respecting analysis of distributed health data
2 likes525 views
The document discusses the importance of privacy in health data analytics, highlighting the tension between research needs and data subjects' privacy rights. It introduces projects like PIME and PRANA, aimed at enabling privacy-respecting analysis of distributed health data while ensuring patient control over their information. The authors emphasize the need for innovative data management solutions that align with ethical standards and regulatory requirements to improve healthcare outcomes.
Towards an ecosystem for privacy respecting analysis of distributed health data
- 1. TOWARDS AN ECOSYSTEM FOR PRIVACY RESPECTING ANALYSIS OF DISTRIBUTED HEALTH DATA Wessel Kraaij (TNO and Leiden University) and Marc van Lieshout (TNO)
- 2. OVERVIEW Introduction: big data in health applications, privacy risks The right to privacy Personal data: interests of researchers vs. data subjects FAIR & RESPECT4U Project outlines PIME – a privacy respecting data platform with transparency features PRANA – privacy respecting data analytics in health care settings 07 June 20162 | Privacy respecting approach in health care applications Respo nsible Empo wering Sec ure Proac tive Ethi cal Contr olled Transp arent
- 3. BIG DATA IN HEALTH CARE 07 June 20163 | Privacy respecting approach in health care applications http://www-03.ibm.com/press/us/en/photo/40728.wss
- 4. QUANTIFIED SELF 4 bron: MIT Quantified Self A DIY movement aiming for improved self knowledge by using tracking technology (sensors and apps). Gary Wolf (Wired): “Almost everything we do generates data”. bron: RescueTime
- 5. FROM POPULATION AVERAGES TOWARDS INDIVIDUAL TREATMENT 5 Van ‘big’ naar ik Bron: cbw.ge en wikimedia.org Contributing towards Reference population Interpretation of QS data needs contrasting peer data.
- 6. 07 June 20166 | Privacy respecting approach in health care applications BMC (October 2015) 66% of tested health apps (#79) which all were accredited according to the UK NHS accreditation scheme did not use data encryption 90% of apps tested transmit data to the cloud 20% of apps did not have a privacy policy 78% of those with a privacy policy did not adequately describe the nature of personal information that was transmitted Serious risk for unforeseen and unwanted dissemination of data to third party services without clear notification to and consent by the end user. APPS FOR HEALTHY LIVING
- 7. SO WHAT? Distrust in EHR systems is high. Data protection regulation in EU has been strengthened. It is more difficult to do studies that aggregate patients across different hospitals or countries. The development of precision medicine and personalized health meets a serious technical and legal barrier. A possibility for more efficient and more effective health care is delayed 07 June 20167 | Privacy respecting approach in health care applications WE NEED INNOVATIONS IN DATA MANAGEMENT AND GOVERNANCE
- 8. #1: FAIR DATA: FINDABLE, ACCESSIBLE, INTEROPERABLE, REUSABLE Solution to increase the impact of public research. Data should be accessible, to reproduce results How about patient data? 07 June 20168 | Privacy respecting approach in health care applications
- 9. BUT PRIVACY IS A FUNDAMENTAL RIGHT 07 June 20169 | Privacy respecting approach in health care applications EU Charter of Fundamental Rights (2009) Article 7: Respect for private and family life: Everyone has the right to respect for his or her private and family life, home and communications. Article 8: Protection of personal data: Everyone has the right to the protection of personal data concerning him or her. The Dutch Constitution: Safeguards in article 10 (private life), article 11 (the body), article 12 (the home), article 13 (communications)
- 10. #2: RESPECT4U Responsible Empowering Secure ProactiveEthical Controlled Transparent 4 U 10 | Privacy respecting approach in health care applications 07 June 2016
- 11. MOVING TO PRACTICE: PIME AND PRANA Two technology valorization programmes (EIT Digital and COMMIT/) funding two separate streams of research PIME (Personal Information Management Ecosystems) Focus on patient self management Dedicated middleware platform with several privacy and security features Privacy and transparency dashboard to help patients keeping control over their data PRANA (Privacy Respecting ANAlysis of health data) Focus on analysis of aggregated distributed health data Looking for ways to enhance privacy respecting analysis of patient data 07 June 201611 | Privacy respecting approach in health care applications
- 12. 07 June 201612 | Privacy respecting approach in health care applications PIME
- 13. PERSONAL DATA STORE WITH ACCESS CONTROL POLICIES 07 June 201613 | Privacy respecting approach in health care applications A set of permissions (permit or deny) or obligations based on conditions Conditions use comparisons on attributes and their specified values Traditional AC applications are in the computer networks firewalls and building security and are usually ROLE-based New access control applications are in controlled credit cards, controlled cell phones and access to structured documents There is a shift underway to ABAC (attribute based access control) With our PDS we’re talking about Cell-Based Access Control (CBAC)*
- 14. PROOF OF THE PUDDING PIME pilot Middleware platform with privacy dashboard for integrated birth control Province of Noord Holland; small pilot (few tens of patients) TNO/Synergetics for organising patient consent (and control!) 07 June 201614 | Privacy respecting approach in health care applications ONATAL
- 15. PRANA DATA 07 June 201615 | Privacy respecting approach in health care applications
- 16. RESEARCH QUESTION How to perform privacy respecting analysis on sensitive data that is distributed and should not be disclosed to the parties that perform the analysis? Data protection and processing by design Informed consent based transparency Privacy respecting analysis of distributed data repositories Provide proof of principles in 2 use cases: Research setting: MUMC and UMCG development of distributed learning technology focused on lung cancer prediction models Patient setting: relate individual health data to the best matching patient profiles, while respecting data protection rules, informed consent settings and data location Privacy respecting analyses on patient data without revealing data 2 Proof of Principles: Research Setting Patient setting 16 | Privacy respecting approach in health care applications 07 June 2016
- 17. PERSONAL HEALTH TRAIN If it is impossible to bring the data to the learner / model (a centralized approach) just bring the learner to the data ( a distributed approach) 07 June 201617 | Privacy respecting approach in health care applications http://www.dtls.nl/fair-data/personal-health-train/ Andre Dekker, MUMC Bram Peter ‘t Hoen, LUMC DTL https://vimeo.com/138977162
- 18. CONCLUSIONS Increasing need for sophisticated solutions that bring together: Patients’ need for privacy respecting approaches Patients’ need for transparency Health care providers’ need for advanced data analytics Working –with various stakeholders- on solutions that meet FAIR principles (Findable – Accessible – Interoperable – Reusable) RESPECT4U principles (Responsible – Empowering – Secure – Pro-active – Ethical – Controlled – Transparent) Experimentation with Real patients – health care providers Technology 07 June 201618 | Privacy respecting approach in health care applications
- 19. THANK YOU FOR YOUR ATTENTION Wessel.kraaij@tno.nl marc.vanlieshout@tno.nl