Health data privacy through homomorphic encryption and distributed ledger computing: an ethical-legal qualitative expert assessment study

, &
BMC Medical Ethics 23 (1):1-13 (2022)
  Copy   BIBTEX

Abstract

BackgroundIncreasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland’s geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.MethodsTo conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.ResultsFor our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.ConclusionOur findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies.

Categories

Add categories

Keywords

Reprint years

DOI

10.1186/s12910-022-00852-2

Links

PhilArchive



    Upload a copy of this work     Papers currently archived: 91,423

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

My notes

Similar books and articles

Offline privacy preserving proxy re-encryption in mobile cloud computing.Yaping Lin & Voundi Koe Arthur Sandor - 2019 - Pervasive and Mobile Computing 59.
Trusting third-party storage providers for holding personal information. A context-based approach to protect identity-related data in untrusted domains.Giulio Galiero & Gabriele Giammatteo - 2009 - Identity in the Information Society 2 (2):99-114.
Ambiguous encryption implies that consciousness cannot be simulated.Anna Wegloop & Peter Vach - manuscript
A world of strong privacy: Promises and perils of encryption: David Friedman.David Friedman - 1996 - Social Philosophy and Policy 13 (2):212-228.
Disease surveillance data sharing for public health: the next ethical frontiers.Patty Kostkova - 2018 - Life Sciences, Society and Policy 14 (1):1-5.
Why privacy is not enough privacy in the context of “ubiquitous computing” and “big data”.Tobias Matzner - 2014 - Journal of Information, Communication and Ethics in Society 12 (2):93-106.
A Comparative Study in the Application of IoT in Health Care: Data Security in Telemedicine.G. A. Pramesha Chandrasiri, Malka N. Halgamuge & C. Subhashi Jayasekara - 2019 - In Zaigham Mahmood (ed.), Security, Privacy and Trust in the Iot Environment. Springer Verlag. pp. 181-202.
Protecting health privacy even when privacy is lost.T. J. Kasperbauer - 2020 - Journal of Medical Ethics 46 (11):768-772.
Clouded data: Privacy and the promise of encryption.Liam Magee, Tsvetelina Hristova & Luke Munn - 2019 - Big Data and Society 6 (1).
Medical Records Management Using Distributed Ledger and Storage.Samia Anjum, R. Ramaguru & M. Sethumadhavan - 2021 - International Conference on Advances in Computing and Data Sciences 1441:52-62.
Privacy and Anonymity Challenges When Collecting Data for Public Health Purposes.Khaled El Emam & Ester Moher - 2013 - Journal of Law, Medicine and Ethics 41 (s1):37-41.
Health Information Privacy and Public Health.James G. Hodge - 2003 - Journal of Law, Medicine and Ethics 31 (4):663-671.
Health Information Privacy and Public Health.James G. Hodge - 2003 - Journal of Law, Medicine and Ethics 31 (4):663-671.
From Group Privacy to Collective Privacy: Towards a New Dimension of Privacy and Data Protection in the Big Data Era.Alessandro Mantelero - 2017 - In Bart van der Sloot, Luciano Floridi & Linnet Taylor (eds.), Group Privacy. Springer Verlag.
Cloud computing and its ethical challenges.Matteo Turilli & Luciano Floridi - manuscript

Analytics

Added to PP
2022-12-01

Downloads
16 (#886,588)

6 months
10 (#255,509)

Historical graph of downloads
How can I increase my downloads?

Author Profiles

Citations of this work

No citations found.

Add more citations

References found in this work

View all 7 references / Add more references