Health data privacy through homomorphic encryption and distributed ledger computing: an ethical-legal qualitative expert assessment study

BMC Medical Ethics 23 (1):1-13 (2022)
  Copy   BIBTEX

Abstract

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies.

Other Versions

No versions found

Links

PhilArchive



    Upload a copy of this work     Papers currently archived: 103,449

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

Similar books and articles

The Role of Homomorphic Encryption in Secure Cloud Data Processing.Sharma Sidharth - 2023 - Journal of Science Technology and Research (JSTAR) 4 (1):260-265.
Hybrid Blockchain and Big Data Framework for PrivacyPreserving Medical Data Sharing.P. Selvaprasanth - 2024 - Journal of Theoretical and Computationsl Advances in Scientific Research (Jtcasr) 8 (1):1-7.
The problem of the consent for the processing of health data, particularly for biomedical research purposes, from the perspective of fundamental rights protection in the Digital Era.Joaquín Sarrión Esteve - 2018 - Revista de Derecho y Genoma Humano: Genética, Biotecnología y Medicina Avanzada = Law and the Human Genome Review: Genetics, Biotechnology and Advanced Medicine 48:107-132.

Analytics

Added to PP
2022-12-01

Downloads
24 (#951,749)

6 months
4 (#864,415)

Historical graph of downloads
How can I increase my downloads?