This week I am attending the meetings of the North American Association of Central Cancer Registries that is being held in Austin, Texas. The topic of this year’s conference is “Thinking big, the future of cancer surveillance”, and I’m involved in two activities. The first was a series of workshops that occurred on Saturday and Sunday titled “Evaluation of Homomorphic Cryptography for Geospatial Studies with Human Subjects”. This workshop was convened as part of a grant funded by National Library of Medicine that is evaluating the feasibility of using homomorphic cryptography to accelerate the pace of research and discovery for studies that use human subjects data. “Homomorphic” means mathematical operations can be conducted on encrypted data (e.g. in the encrypted space), greatly reducing the risk to privacy of confidential data.
My co-organizer, Dr. Khaled El Emam of Privacy Analytics and the University of Ottawa e-health laboratory were very happy with the recommendations that came out of the working group. These are being written up as a BioMedware report to the National Library of Medicine, and will be available in our Publications when they are ready. But here is a preview of some of the “low-hanging fruit” that homomorphic cryptography may make possible.
First, increased data security greatly enhances data sharing, and hence participation in all manner of activities where data sharing plays an important role. It turns out a key bugaboo in the processing of disease registry data is deduplication; the removal of duplicate data records that may appear in several data bases. This arises, for example, when snowbirds flit between Michigan and Florida, yet have records of cancer tumor treatment in both States. The data providers must be very satisfied that the potential for unintentional release of their highly confidential patient records is absolutely minimal, meaning, in practice, that two data providers may be reluctant to share data to search for record duplicates. Homomorphic encryption solves this by having deduplication take place in the encrypted space – hence even if the data security is breached the records appear as complete gibberish.
Second, increased data sharing means data aggregation across data providers becomes far less of a concern. Hence activities that involve pooling data, such as determining the number of cases anticipated in projected enrollment reports for NIH grant applications, suddenly becomes very easy.
Other opportunities were identified – keep checking back for our release of the workshop report!