Secure management of health data
Healthcare registries hold vast amounts of data on the population, and while this data is enormously valuable to medical researchers, it must also be managed in a secure way. Researchers in the SmartMed project are using smart contracts and blockchain technology to provide effective solutions to this challenge, as Roman Vitenberg, Jan Nygård and Dusica Marijan explain.
An enormous amount of data is held in health registries, and data-sharing initiatives between them open up new opportunities in medical research, giving scientists access to a rich source of information. However, it’s also important to ensure that patient confidentiality is respected and privacy standards maintained, an issue central to the work of the SmartMed project. “For example the Cancer Registry of Norway takes care of huge amounts of valuable healthcare data, which is essential to the development
of new, more effective treatments. At the same time they need to comply with privacy regulations,” points out Roman Vitenberg, Professor of Informatics at the University of Oslo, leader of the project.
SmartMed project
The project brings together three partners with the aim of helping health registries share information efficiently while still complying with the relevant regulations on the use of data, such as the EUs General Data Protection
Regulation (GDPR). One of the partners is the Cancer Registry of Norway (CRN), which holds data on nearly three million cancer patients and citizens participating in cancer screening.
“We have national screening programmes in Norway against three different types of cancer (Breast, Cervical and Colorectal) – and all the data is recorded,” outlines Jan F Nygård, Head of the Informatics Department at the registry. Everyone has the right to opt out however, in which case their data must be removed. “We have to make sure that this data is not present in our databases,” says Nygård.
Researchers in the project are working to provide transparency and verifiability on how data is used to those individuals who do consent. The challenge is to provide an overview without revealing anything of a personal nature. “We are developing a system to make sure that data which is identifiable to patients is handled in a correct manner that maintains privacy,” continues Nygård. Blockchain, a type of distributed ledger, is a key enabling technology towards providing improved accountability for patients.
“Blockchain improves - or facilitatesauditability, transparency and verifiability,” stresses Professor Vitenberg. “A patient should ideally be able to see who has access to their data, at what point in time, how it was used, and what the goal was.”
A patient should also be able to consider whether they consent to their data being used at every stage of a medical research project. A medical research project typically has multiple stages, from initial proposal and approval through to maintenance as the project progresses. “These stages are not necessarily sequential, they can happen in parallel. It’s non-trivial to make sure that the correct policy is upheld at every stage,” says Professor Vitenberg. The correct policy may vary at these different stages, while there are also multiple, distributed roles within a project to consider. “There is a data controller, a data processor, and also an auditor. Different verifications are performed by different actors, which all adds to the overall complexity,” continues Professor Vitenberg.
possible to essentially re-run the contract and check that it’s been executed correctly, which is an important aspect of the project. An independent third party could then assess whether the cancer registry had complied with all the legislation, demonstrating a commitment to maintaining privacy standards. This is central to public trust in the CRN, which will then allow medical researchers to make effective use of the data it holds. “The data held by the CRN has traditionally been used more for etiological research, but increasingly it’s being used to evaluate new treatments. We also monitor the quality of cancer care at the hospital level,” says Nygård. There is a lot of interest in this technology from health registries covering other diseases, but there is still more to do
“The Norwegian cancer registry takes care of huge amounts of valuable healthcare data, which is essential to the development of new, more effective treatments. At the same time they need to comply with privacy regulations.”
Researchers are now using blockchain technology and smart contracts to provide solutions for healthcare registries. Blockchain technology itself consists of a few well-defined layers, which determine how data is stored. “One essential contribution of blockchain technology is to create a decentralised trust. Any single change needs to be agreed across different nodes in a system running the blockchain technology. If different nodes represent different organisations, then all those organisations need to agree upon every single change to the data. That is essentially the consensus layer,” explains Professor Vitenberg. “On top of the consensus layer there is a business logic and the smart contract layer, which is essentially a piece of code implemented in software.”
Smart contracts
The smart contract uses the data stored on blockchain to execute the same procedure on every node in the system, in accordance with the commonly accepted rules. A copy of blockchain is executed everywhere, and therefore the execution of the contract can be easily verified, which Professor Vitenberg says is one of the main advantages of this approach. “Everyone who has rightful access to the data can run the smart contract later on, and verify that the ending state of the blockchain is correct,” he outlines. It’s also
SmartMed
Secure and accountable sharing of medical records using smart contracts and blockchain Project Objectives
The primary objective of SmartMed has been to facilitate solutions to the challenges of secure data sharing that healthcare registries are facing today. The project has contributed to this objective by leveraging on the rapidly developing technology of blockchain and smart contracts. The results have the potential to impact many millions of cancer patients and people participating in cancer screening programs and the way their data is shared.
Project Funding
This work was supported by the Research Council of Norway through IKTPLUSS Program under Grant 288106.
Project Partners
https://www.smartmed.no/partners.html
Contact Details
Project Coordinator, Professor Roman Vitenberg Department of Informatics University of Oslo.
Gaustadalléen 23B 0373 Oslo
T: +47 22 85 04 93
E: romanvi@ifi.uio.no
W: https://www.smartmed.no/
before it can be widely applied. “We need to prove the practicality and safety of our approach,” continues Nygård. The primary focus in SmartMed at this stage is more exploratory research however, with the project team investigating the benefits of applying blockchain technology and smart contracts in the storage of healthcare data. Researchers at Simula Research Laboratory, one of the partners in the project, have also investigated software engineering aspects of blockchain-based solutions. “We looked to ensure the quality, performance, reliability and other properties of blockchain-based solutions. We ran a survey paper on this, and then followed it up with experimental studies,” says Dusica Marijan, Senior Research Scientist at Simula.
This work represents an important contribution to the goal of facilitating information sharing amongst health registries while at the same time maintaining privacy standards. “It’s very important to us to be transparent in what we’re doing with the data, to give each patient the ability to audit us, and to do that without compromising information security and privacy,” says Nygård. “There is still quite a high level of trust in governments and organisations like the CRN in the Nordic countries, but that’s because we take part in these sorts of initiatives and provide citizens with reassurance that we are transparent.”
Dr. Roman Vitenberg is a professor at Department of Informatics, University of Oslo, and director of the Blockchain Lab operating the Norwegian EBSI node. His research interests are broadly in the area of distributed systems and algorithms.
Dr. Jan Nygård heads the Registry Informatics Department at the Cancer Registry of Norway at the National Public Health Institute and is an adjunct associate professor in Machine Learning at the Arctic University of Norway.
Dusica Marijan is a senior research scientist at Simula Research Laboratory. Her research interests include verification and validation of complex data-driven systems using artificial intelligence techniques, ensuring multiple trustworthiness properties, such as robustness, security, and explainability.
