Protecting Genomic Data Protecting Genomic Data Protecting Genomic Data Protecting Genomic Data Prof. Jean-Pierre Hubaux Academic Director of the Center for Digital Trust School of Computer and Communication Sciences EPFL With gratitude to the biomedical and CS researchers I have the privilege to work with Integrating genomics into personalised healthcare: a science-for-policy perspective Brussels, 13 February 2019
18
Embed
Brussels, 13 February 2019 Protecting Genomic Data...a science-for-policy perspective Brussels, 13 February 2019 2 The Guardian, 14 May 2017 ““““WannaCryWannaCry” Ransomware
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Growing Concern: Medical Data Breaches Growing Concern: Medical Data Breaches Growing Concern: Medical Data Breaches Growing Concern: Medical Data Breaches
3
Around 5 declared breaches per week, each affecting 500+ people
Workshop on Artificial Intelligence for Health - JL Raisaro11/10/18, NYC
4
• Lin et al. 2004 Science: 75 or more SNPs (Single Nucleotide Polymorphisms) are sufficient to identify a single person
• Homer et al. 2008 PLOS Genetics: aggregated genomic data (i.e., allele frequencies) can be used for re-identifying an individual in a case group with a certain disease
• Gymrek et al. 2013 Science: surnames can be recovered from personal genomes, linking “anonymous” genomes and public genetic genealogy databases
• Lipper et al. 2017 PNAS: Anonymous genomes can also be identified by inferring physical traits and demographic information
• Many more to come…
DeDeDeDe----identification of *identification of *identification of *identification of *omicomicomicomic data is impossibledata is impossibledata is impossibledata is impossible
• Pragmatic approach, gradual introduction of new protection tools
• Different sensitivity levels of the data
• Different access rights
• Exploit existing data (electronic health records) and tools
• Be future-proof (no short-sighted “bricolage”)
• Awareness and enforcement of patient consent
5
Technologies for Privacy and Security ProtectionTechnologies for Privacy and Security ProtectionTechnologies for Privacy and Security ProtectionTechnologies for Privacy and Security Protection
6
Traditional Encryption Homomorphic EncryptionSecure Multiparty
MedCo: Combining the best of Information MedCo: Combining the best of Information MedCo: Combining the best of Information MedCo: Combining the best of Information Security and Medical InformaticsSecurity and Medical InformaticsSecurity and Medical InformaticsSecurity and Medical Informatics
UnLynx
10
DISCLAIMER
MedCo is a generic concept and it is not fundamentally tied to these technologies, but can be
adapted and integrated to other ones
Data model
Interoperability layer
Meta API
Privacy-preserving
computing framework
Modern GUI
Conclusion on Conclusion on Conclusion on Conclusion on MedCoMedCoMedCoMedCo demodemodemodemo
11
• Current state: cohort exploration under homomorphic encryption
• Fully decentralized architecture
• Data stay with each data provider
• Resistance against colluding, malicious adversaries
• Ongoing work: fully decentralized computation under homomorphic encryption
DPPH DPPH DPPH DPPH –––– The Role of the The Role of the The Role of the The Role of the BlockchainBlockchainBlockchainBlockchain
13
… …
DPPH Blockchain
Inference
resistance
Provenance and
Reproducibility
Immutable Log
Big Data Platform
Distributed Access
Control
Distributed Privacy-
conscious
Processing
We use a private blockchain, unlike Bitcoin that uses a public blockchain.
Data Protection for Personalized HealthData Protection for Personalized HealthData Protection for Personalized HealthData Protection for Personalized Health
14
Swiss Personalized Health Network
GA4GH has its own workstream on
data security
At the international level:
15
Events on Genome Privacy and SecurityEvents on Genome Privacy and SecurityEvents on Genome Privacy and SecurityEvents on Genome Privacy and Security
• Dagstuhl seminars on genome privacy and security 2013, 2015
• Conference on Genome and Patient Privacy (GaPP)• March 2016, Stanford School of Medicine
• GenoPri: International Workshop on Genome Privacy and Security • July 2014: Amsterdam (co-located with PETS)
• May 2015: San Jose (co-located with IEEE S&P)
• November 12, 2016: Chicago (co-located with AMIA)
• October 15, 2017: Orlando (co-located with Am. Societyfor Human Genetics (ASHG) and GA4GH)
• October 3, 2018, Basel (co-located with GA4GH)
• iDash: integrating Data for Analysis, Anonymization and sHaring(already in previous years)
• October 14, 2017: Orlando
• Inst. For Pure and Applied Mathematics (IPAM, UCLA)
Algorithmic Challenges in Protecting Privacy for Biomed Data