DApp of the Week #08 — Heartify (A Blockchain and TEE Healthcare Use Case)
While we face the challenges of scattered big data and increasing medical costs, more and more healthcare organizations are looking into technology as a solution. For doctors, hospitals or research labs, it’s time to unlock the next wave of innovation that will bend the curve of healthcare economics and positively impact patients.
Currently within healthcare organizations, data sits across multiple parties and systems. These hundreds of thousands of different silos pose a great challenge for the exploitation of huge quantities of valuable data at our fingertips.
Building bridges between existing silos means we need to secure the confidentiality and privacy of patient data. The combination of emerging technologies such as blockchain and Trusted Execution Environments (TEEs) allow us to unlock the sharing and utilization of medical data, with the promise of yielding significant economic and social returns.
Currently, what are the barriers to healthcare data sharing?
- Privacy: It is essential to protect the clinical data of patients and to ensure privacy regulations are respected.
- Competition: Data is a strategic asset. Healthcare organizations therefore need to be able to share patient data within their communtities or consortia, while maintaining their competitive advantage.
- Culture: It is believed to some extent that being the only holder of a data asset creates more value. In reality, collaborating with each other leads to positive network effects and might even provide new revenue streams.
What are the benefits of healthcare data sharing?
- Improved patient care, decision-making and clinical outcomes: When crucial medical records are properly distributed to each segment of a patient’s treatment pathway, it results in better patient care.
- Unlocking data-hungry use cases: Genetic studies, cancer/chronic disease registries, substance abuse, population health management, larger-scale analytics, epidemiology/disease tracking are all potential uses for data sharing (1).
- Decreased healthcare costs: The sharing of data not only makes diagnosis and treatment of patients faster, but it also makes it cheaper. Hospitals also benefit from reduced operational costs (2).
- More accurate research: The practical and scientific arguments for data sharing include improving the accuracy of research, informing risk/benefit analysis of treatment options, strengthening collaborations, accelerating biomedical research, and restoring trust in the clinical research enterprise (3).
How does iExec make healthcare data sharing secure and monitorable?
- iExec is the first decentralized marketplace for cloud resources. The iExec network allows healthcare organizations to share or monetize their data assets (along with applications/algorithms and computing power).
- By leveraging Trusted Execution Environment (TEE) technology (namely Intel SGX), iExec solves the trust issue of data sharing. Healthcare organizations are able to sell or share their data while keeping ownership of their assets. They can control who can run computations and algorithms on their data, and TEE technology guarantees that this data never gets revealed to the purchasing parties.
- By leveraging blockchain technology, iExec records each transaction and data flow on an immutable ledger. Audit organizations can therefore inspect this trail of records, while participating parties can monitor on-going transactions in real-time.
Patient medical records are lucrative targets for hackers. An EMR is worth approximately $500 on the black market, which is 10 times more valuable than a credit card number. It is imperative that patients’ valuable medical records are used in a secure environment, which is exactly what iExec makes possible.
As an illustration to the possibilities offered by iExec in the healthcare industry, let us introduce in this new round of Dapp of the Week an application that feeds on highly-confidential patient data.
Heartify: Investigation on Cardiovascular Risk Prediction Using Physiological Parameters
Heartify feeds upon medical big data to calculate the weight of physiological risk factors into developing cardiovascular disease (CVD).
CVD is the leading cause of death worldwide. Early prediction of CVD is urgently important for timely prevention and treatment. A key element which has the power of improving the performance of prediction models is the incorporation or modification of new risk factors. (5)
The goal of Heartify, therefore, is to investigate a large span of physiological parameters that may prove themselves as risk factors. These risk factors are in turn useful for the prediction of cardiovascular events.
How does Heartify guanrantee the privacy of patient data?
In our case,
- Hospitals are the data providers
- Research labs are the data requesters
- Heartify allows research labs to run analytics programs on the data held by hospitals
The following process is fully-compliant with the Enterprise Ethereum Alliance Off-Chain Trusted Compute Specification.
1- Hospitals hold valuable streams of patient data that can serve as inputs in many use cases. The goal of this experiment is to determine the weight of different physiological parameters in developing cardiovascular disease (CVD).
2- At the hospital side, the medical data (physiological measures for thousands of patients along with an assessment of their cardiovascular health) is encrypted and pushed to a local or remote file system.
3- On the data requester side, research labs can run computations on this medical dataset to estimate the main factors (and their weights) associated with heart disease. Research labs only have access to encrypted data.
4- The decryption process as well as the big data analysis only happens in a hardware-based secure enclave (Intel SGX). Input data is never reveiled to research labs, nor to the hosts running Heartify.
5- When research labs pay for using hospitals’ data and choose the type of machine that will run Heartify, the analysis is triggered and run on iExec’s decentralized cloud.
6- Finally, the analysis results are encrypted as well. Only reseach labs (that have paid for the computation) are able to download and decrypt them.
mv encryptedOutputFiles.zip.none ./tee/encryptedOutputs/encryptedOutputFiles.zip
iexec tee decrypt
7- Input data, data in transit as well as output data have been protected end-to-end thanks to iExec, by using blockchain technology and Trusted Execution Environments (TEE).
With its Pay-per-Task system, iExec makes possible a new paradigm of data sharing: the renting of data, while keeping its ownership, protecting its privacy and choosing which parties can access it.
This new paradigm finds many uses in the medical field, in which data privacy and security are one of the most important components of analytics and AI systems. With blockchain and TEE, actors are able to exchange data in such a flexible, yet private manner, improving the efficiency and transparency of the healthcare ecosystem.
(1) Benefits, Challenges of Secure Healthcare Data Sharing, Elizabeth Snell https://healthitsecurity.com/features/benefits-challenges-of-secure-healthcare-data-sharing
(2) Healthcare Data Management and Its Benefits (2017) Health Analytics Summit 2017 http://startsafeonline.org/
(3) The National Academics of Sciences Engineering and Medicine (2013) Sharing Clinical Research Data: Workshop Summary https://www.nap.edu/catalog/18267/sharing-clinical-research-data-workshop-summary
Your Electronic Medical Records Could Be Worth $1000 To Hackers (2017) Mariya Yao https://www.forbes.com/sites/mariyayao/2017/04/14/your-electronic-medical-records-can-be-worth-1000-to-hackers/
(5) Investigation on Cardiovascular Risk Prediction Using Physiological Parameters (2013) Wan-Hua Lin, Heye Zhang and Yuan-Ting Zhang https://www.hindawi.com/journals/cmmm/2013/272691/