MedCo: Enabling the Secure and Privacy-Preserving Exploration of Distributed Clinical and *Omics Cohorts in the Swiss Personalized Health Network – PHRT
MedCo: Enabling the Secure and Privacy-Preserving Exploration of Distributed Clinical and *Omics Cohorts in the Swiss Personalized Health Network
MedCo (https://medco.epfl.ch/) is the first operational system that makes sensitive medical data available for research in a simple, private and secure way. MedCo enables researchers to search for individuals that correspond to given clinical and genetic criteria all the while preserving individuals’ privacy with strong end-to-end homomorphic encryption. MedCo has been co-developed by EPFL and CHUV and this infrastructure development project focuses at bringing MedCo from its current academic prototype version to a production-ready and hospital-compliant version in order to be deployed and used in the Swiss Personalized Health Network.
Despite its great potential, the current version of the MedCo prototype is still immature for being deployed and used in an operational clinical environment at Swiss hospitals. The goal of this project is very practical: bringing MedCo from its current academic prototype version into a production-ready version to be deployed and used in the Swiss Personalized Health Network.
The proposed project addresses a main challenge to further develop personalized health research, namely providing a mechanism to share sensitive and identifying health data (e.g., *omics data) across several medical institutions in a totally privacy-preserving and secure way. To ease its adoption at clinical sites, MedCo supports the APIs and data models of the i2b2 (Informatics for Integrating Biology and Bedside) framework and features an intuitive and modern user interface. Hospitals that already use i2b2 or similar tools can easily deploy MedCo on top of their existing infrastructure.
The increasing number of health-data breaches is creating a complicated environment for medical-data sharing and, consequently, for medical progress. Therefore, the development of new solutions that can reassure clinical sites by enabling privacy-preserving sharing of sensitive medical data in compliance with stringent regulations (e.g., HIPAA, GDPR) is now more urgent than ever. To address this issue, EPFL and CHUV have jointly developed the first prototype of MedCo, an open-source privacy-preserving distributed system that integrates current cohort explorers and provides strong security and privacy guarantees such as trust decentralization, end-to-end data protection, auditability and differential privacy. To achieve these guarantees, MedCo relies on sophisticated privacy-enhancing technologies such as secure multi-party computation, homomorphic encryption and result obfuscation. So far, MedCo has been tested on a simulated and controlled academic environment. Results show impressive performance. The query runtime is comparable to the ones of state-of-the-art cohort explorers (e.g., i2b2) that do not provide any protection guarantees besides basic access control.
Prof. Dr. Jean-Pierre Hubaux
School of Computer and Communication Sciences, École Polytechnique Fédérale de Lausanne (EPFL)
Nicolas Rosat, Direction of Information Systems, Lausanne University Hospital (CHUV)