Anna Rizzo explains how the MyHealthMyData project will enable secure data sharing among hospitals, public and private research centres, and citizens.
MyHealthMyData is an EU-funded Research and Innovation Action aimed at delivering a blockchain-based platform for sharing and exchanging personal health data for medical care, research and development. To this end, the three-year project (2016-2019) is making use of smart contracts, dynamic consent, and big data analytics to empower citizens to take control of their data, leverage the value of large biomedical datasets, and ensure strict data privacy and security, particularly important in an age of growing cyber threats.
Health Europa spoke to project manager Anna Rizzo, of independent strategy consultancy Lynkeus, to find out more.
Could you outline the objectives behind the MyHealthMyData project?
MyHealthMyData is a project funded under the European Union’s Horizon 2020 research and innovation programme. The project aims to develop a biomedical information network poised to enable secure data sharing among hospitals, public and private research centres, and citizens. The platform is meant to be nurtured by hospital medical records as well as individual datasets from patients; the resulting big data ecosystem is meant to boost medical research and innovation, in turn improving patient care, accelerating the pace of new medical discoveries and producing added value for the EU economy.
Among the main objectives of the project is the advanced securitisation of medical datasets, which are meant to be classified, encrypted and de-associated from the owner’s identity to prevent privacy breaches, while system security will be guaranteed through dedicated vulnerability assessments and penetration testing.
While encouraging hospitals to start making biomedical datasets available for open research in an anonymised fashion, the project is also aimed at putting individuals back in control of their personal health and wellness data, by giving the possibility of aggregating data from heterogeneous sources in a user-owned account and setting customised consent options for the sharing of data.
All data exchanges will be mediated through a dedicated blockchain platform and associated smart contracts, which will allow one to enforce and lawfully validate data transactions among relevant stakeholders in a transparent and traceable way under user-defined conditions and in compliance with the relevant regulation (General Data Protection Regulation (GDPR)).
To further enhance the value of big data in healthcare, the project is also developing advanced data analytics for knowledge discovery, medical annotation retrieval engines and patient-specific models for physiological prediction.
By the end if its journey, MyHealthMyData is intended to have established a novel information marketplace based on trustful, peer-to-peer and value-based relationships between EU citizens, hospitals, research centres and businesses.
Given that healthcare is a key target of cyber attacks, how will MyHealthMyData ensure the security of medical data?
Data security still represents a key issue in the healthcare domain, as the risks of data leaks and privacy breaches are all but decreasing. To cope with this, the MyHealthMyData Consortium has established an articulated strategy for ensuring the security of both data and its federated infostructure. For the former, a comprehensive suite of data privacy and secure analytics tools has been developed, including (pseudo)anonymisation, privacy-preserving data publishing (e.g. k-anonymisation) and secure computation (e.g. secure multi-party computation, homomorphic encryption, differential privacy).
In regard to the latter, the overall integrated system is subjected to a detailed vulnerability assessment aimed at preliminarily identifying and addressing potential weaknesses. After that, the platform security will be assessed with penetration tests – including internal self-hacking and a public hacking challenge – as well as re-identification attacks, performed through cross-reference and inferencing methods, attempting to extract additional information of the subjects sharing data.
In what way will patients be empowered to take control of their data in the planned open biomedical and information network?
At present, the possibility for patients to access their medical records in digital format is very limited in most EU countries…
Want to learn more about how patients can take control of their data? Curious about how researchers and businesses could exploit the expected results of MyHealthMyData? Intrigued about the progress of the project and its future priorities?
Stay tuned for more, as the rest of this article will appear in issue 8 of Health Europa Quarterly, which will be published in February 2019.