PPA: Measuring effectiveness of eHealth with privacy enhancing technology
TNO, Statistics Netherlands, CZ health insurance and Zuyderland Medical Center proved for the first time in practice that sensitive patient data from multiple sources can be analysed without sharing the underlying sensitive data. This is made possible by using Secure Multi-Party Computation (MPC), an emerging form of Privacy Enhancing Technology (PET), and enforcing strict governance rules.
With this approach, large amounts of data can be re-used for improving healthcare, while strictly adhering to privacy and security. This successful step allows faster and cheaper real-world validation of healthcare innovations, which is important given the ongoing pressures on healthcare staff and increasing cost.
CZ health insurance and Zuyderland hospital collaborate on a transition towards value-based healthcare. In a unique 10-year cooperation agreement they jointly work on improving patient-reported health outcomes, quality of care and lowering costs. Healthcare innovations play an important role. “The number of healthcare innovations is increasing. However, not all innovations contribute to our shared goals” states Tjerk Heijmens Visser, digital innovation strategist at CZ.
“We need to sort the wheat from the chaff. When healthcare quality does not meaningfully rise, while cost do, it is ill-advised to invest in such innovations. We see a growing demand to validate new healthcare innovations. For a thorough validation, large amounts of data from several organisations need to be combined.”
Structured and scalable
CZ and Zuyderland, together with Statistics Netherlands and research organisation TNO, co-created a new way to enable these analyses. Together they explored the possibilities for a structured, scalable method to evaluate healthcare innovations. Given the sensitive nature of the data – large amounts of personal, medical data are involved – privacy and security were essential design criteria from the start.
This resulted in a successful project where for the first time in the Netherlands medical data of 4.350 patients was analysed in a privacy-by-design approach. The analysis took place in a peer-to-peer way between the organisations without anyone learning sensitive data from each other.
The project didn’t solely focus on technological validation. Legal and data security aspects were an essential aspect of the validation.
Innovation
“This project showcased we can re-use sensitive data from several organisation to improve healthcare across the value chain.” says Martijn Antes, project leader from Zuyderland Medical Center. “It also allows us to cyclically or on-demand monitor the effect of our innovations, allowing us to quickly react when innovations do not perform optimally.”
To measure health outcomes and cost effectiveness, data is required from various organisation in the value chain. Large amounts of relevant data are being generated, but were spread over more-and-more organisations and authorities. The traditional way to gain these insights is by enlisting a trusted third party. Combining these datasets can be of large societal value, but laws and regulations often hamper the traditional way of data sharing. This complicates obtaining cross-organisational insights that can help improve healthcare.
Cryptography and blockchain
As a solution, TNO developed a decentralized analysis platform based on Secure Multi-party Computation (MPC), a type of Privacy Enhancing Technology that allows computation over fully encrypted – and thus unreadable – data. Blockchain technology was used to set, enforce and record the chosen governance rules in a decentralized fashion. Blockchain is not used to store any personal data.
To validate the platform, a pilot was performed using data from several organisations related to patients with inflammatory bowel disease (IBD), some of which using the eHealth app “My IBD-coach”. The combination of MPC and governance rules guarantees the privacy and security of individual patients’ personal data.
MPC is a toolbox of cryptographic techniques enabling organisations to analyse data as if they jointly work from a shared database, without sharing any of the underlying sensitive information. Because the data stays encrypted during computation, statistics can be performed, and insights gained without organisations learning each other’s data. The governance rules allow only authorized organisations to perform computations, as well as limit the type or amount of queries an organisation can perform, both before, during and after computation, so no information leaks from the computation. The developed platform and joint governance agreements have been legally validated by two independent legal experts: Lokke Moerel and Theo Hooghiemstra. This external analysis showed the platform and method is a good example of privacy-by-design and data-minimalization under the (Dutch implementation of the) GDPR. Next to legal analysis, the platform successfully underwent an external security analysis to validate the safety of the system at several levels.
Tested on real world patient data
The platform proved suitable for analysing privacy-sensitive data, such as the medical data patient store on behalf of their patients. During the analysis phase a previous, traditional effectiveness study was recreated via MPC and results were compared. Additional, more detailed queries were also performed to determine the added value of such a system. This practical test proved successful, and offered the organisations involved a scalable way to gain relevant insights in the health value chain surrounding IBD.
Some examples are insight into the effect on 1st line visits, but also the effect of socio-economic factors determining use and effectiveness of the innovation. This allows healthcare organisations to better target eHealth treatments based on measured effectiveness.
More complete insights
This test proved this new form of secure data analytics leads to more complete insights than when only data from one organisation is taken into account. It provides a better overall picture of the healthcare value chain and the cross-chain effects of healthcare interventions. This allows for fine-tuning healthcare on the regional level.
The decentralized platform is a scalable and reusable solution that provides a future-proof alternative to the current way of working with trusted third parties. This successful pilot with real patient data showcases that innovations can improve quality of care while at the same time keeping healthcare affordable and accessible to all types of patients.
Highest level of data protection
TNO has now - together with Statistics Netherlands, CZ health insurance and Zuyderland Medical Center – for the first time in the Netherlands proven that these privacy enhancing technologies can be used in practice, on real personal data, in such a way that the system complies to the highest level of data protection for citizens.
We expect that using this platform can have a positive impact on healthcare studies. Therefor, TNO decided to create Linksight as a TNO spin-off company. This organisation will further develop the platform and make it production ready. “We have now established in practice that MPC technology has tangible benefits for the healthcare market” says Martine van de Gaar, CEO of Linksight. “Together with healthcare organisations we will make the platform fit-for-purpose for the everyday healthcare practice. It’s our mission to make MPC easy and scalable.”