Health data privacy through homomorphic encryption and distributed ledger computing: an ethical-legal qualitative expert assessment study

, &
BMC Medical Ethics 23 (1):1-13 (2022)
  Copy   BIBTEX

Abstract

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies.

Categories

Add categories

Keywords

Reprint years

DOI

10.1186/s12910-022-00852-2

Other Versions

No versions found

Links

PhilArchive



    Upload a copy of this work     Papers currently archived: 103,449

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

My notes

Similar books and articles

The Role of Homomorphic Encryption in Secure Cloud Data Processing.Sharma Sidharth - 2023 - Journal of Science Technology and Research (JSTAR) 4 (1):260-265.
Cross-jurisdictional Data Transfer in Health Research: Stakeholder Perceptions on the Role of Law.Hui Yun Chan, Hui Jin Toh & Tamra Lysaght - 2024 - Asian Bioethics Review 16 (4):663-682.
Moral autonomy of patients and legal barriers to a possible duty of health related data sharing.Anton Vedder & Daniela Spajić - 2023 - Ethics and Information Technology 25 (1):1-11.
Assessing data protection and governance in health information systems: a novel methodology of Privacy and Ethics Impact and Performance Assessment.Concetta Tania Di Iorio, Fabrizio Carinci, Jillian Oderkirk, David Smith, Manuela Siano, Dorotea Alessandra de Marco, Simon de Lusignan, Paivi Hamalainen & Massimo Massi Benedetti - 2021 - Journal of Medical Ethics 47 (12):e23-e23.
Controversies between regulations of research ethics and protection of personal data: informed consent at a cross-road.Eugenijus Gefenas, J. Lekstutiene, V. Lukaseviciene, M. Hartlev, M. Mourby & K. Ó Cathaoir - 2021 - Medicine, Health Care and Philosophy 25 (1):23-30.
Trusting third-party storage providers for holding personal information. A context-based approach to protect identity-related data in untrusted domains.Giulio Galiero & Gabriele Giammatteo - 2009 - Identity in the Information Society 2 (2):99-114.
Patient data and patient rights: Swiss healthcare stakeholders’ ethical awareness regarding large patient data sets – a qualitative study.Corine Mouton Dorey, Holger Baumann & Nikola Biller-Andorno - 2018 - BMC Medical Ethics 19 (1):20.
Hybrid Blockchain and Big Data Framework for PrivacyPreserving Medical Data Sharing.P. Selvaprasanth - 2024 - Journal of Theoretical and Computationsl Advances in Scientific Research (Jtcasr) 8 (1):1-7.
The problem of the consent for the processing of health data, particularly for biomedical research purposes, from the perspective of fundamental rights protection in the Digital Era.Joaquín Sarrión Esteve - 2018 - Revista de Derecho y Genoma Humano: Genética, Biotecnología y Medicina Avanzada = Law and the Human Genome Review: Genetics, Biotechnology and Advanced Medicine 48:107-132.
Patient data and patient rights: Swiss healthcare stakeholders’ ethical awareness regarding large patient data sets – a qualitative study.Corine Https://Orcidorg Mouton Dorey, Holger Baumann & Nikola Https://Orcidorg Biller-Andorno - 2018 - .

Analytics

Added to PP
2022-12-01

Downloads
24 (#951,749)

6 months
4 (#864,415)

Historical graph of downloads
How can I increase my downloads?

Author Profiles

Citations of this work

No citations found.

Add more citations

References found in this work

View all 7 references / Add more references