Abstract
BackgroundRecent developments in machine learning have shown its potential impact for clinical use such as risk prediction, prognosis, and treatment selection. However, relevant data are often scattered across different stakeholders and their use is regulated, e.g. by GDPR or HIPAA.As a concrete use-case, hospital Erasmus MC and health insurance company Achmea have data on individuals in the city of Rotterdam, which would in theory enable them to train a regression model in order to identify high-impact lifestyle factors for heart failure. However, privacy and confidentiality concerns make it unfeasible to exchange these data.MethodsThis article describes a solution where vertically-partitioned synthetic data of Achmea and of Erasmus MC are combined using Secure Multi-Party Computation. First, a secure inner join protocol takes place to securely determine the identifiers of the patients that are represented in both datasets. Then, a secure Lasso Regression model is trained on the securely combined data. The involved parties thus obtain the prediction model but no further information on the input data of the other parties.ResultsWe implement our secure solution and describe its performance and scalability: we can train a prediction model on two datasets with 5000 records each and a total of 30 features in less than one hour, with a minimal difference from the results of standard (non-secure) methods.ConclusionsThis article shows that it is possible to combine datasets and train a Lasso regression model on this combination in a secure way. Such a solution thus further expands the potential of privacy-preserving data analysis in the medical domain.
Highlights
Recent developments in machine learning have shown its potential impact for clinical use such as risk prediction, prognosis, and treatment selection
The solution that we present in this article focuses on another linear regression method called Lasso; to the best of our knowledge, no previous work has been published on secure Lasso regression
We discuss the scalability results of our Proof of Concept, which was not performed on real data but did run on the actual infrastructure between Achmea, Erasmus MC and ZorgTTP
Summary
Recent developments in machine learning have shown its potential impact for clinical use such as risk prediction, prognosis, and treatment selection. This requirement translates to a need to store medical patient data, and the collection, processing and exchange of personal data is a sensitive matter, and the risks coming from privacy violations are especially high for medical data This has led to legal frameworks that regulate and restrict usage of personal (medical) data, the General van Egmond et al BMC Med Inform Decis Mak (2021) 21:266. Data Protection Regulation (GDPR), and the Health Insurance Portability and Accountability Act (HIPAA) being two prominent examples These regulations mandate informed consent from patients in order to use the corresponding medical data; asking for consent for machine-learning purposes is often impractical, since it is a time-consuming process, and since contact with patients may have been lost since the moment of data collection. The goal of MPC is to allow several parties to compute the output of a certain function or computation, depending on private inputs of each party, without disclosing information on their inputs to each other
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
