CHEO Research Institute, Ottawa, Ontario, Canada.
J Am Med Inform Assoc. 2013 May 1;20(3):453-61. doi: 10.1136/amiajnl-2011-000735. Epub 2012 Aug 7.
There is limited capacity to assess the comparative risks of medications after they enter the market. For rare adverse events, the pooling of data from multiple sources is necessary to have the power and sufficient population heterogeneity to detect differences in safety and effectiveness in genetic, ethnic and clinically defined subpopulations. However, combining datasets from different data custodians or jurisdictions to perform an analysis on the pooled data creates significant privacy concerns that would need to be addressed. Existing protocols for addressing these concerns can result in reduced analysis accuracy and can allow sensitive information to leak.
To develop a secure distributed multi-party computation protocol for logistic regression that provides strong privacy guarantees.
We developed a secure distributed logistic regression protocol using a single analysis center with multiple sites providing data. A theoretical security analysis demonstrates that the protocol is robust to plausible collusion attacks and does not allow the parties to gain new information from the data that are exchanged among them. The computational performance and accuracy of the protocol were evaluated on simulated datasets.
The computational performance scales linearly as the dataset sizes increase. The addition of sites results in an exponential growth in computation time. However, for up to five sites, the time is still short and would not affect practical applications. The model parameters are the same as the results on pooled raw data analyzed in SAS, demonstrating high model accuracy.
The proposed protocol and prototype system would allow the development of logistic regression models in a secure manner without requiring the sharing of personal health information. This can alleviate one of the key barriers to the establishment of large-scale post-marketing surveillance programs. We extended the secure protocol to account for correlations among patients within sites through generalized estimating equations, and to accommodate other link functions by extending it to generalized linear models.
在药物进入市场后,评估其相对风险的能力有限。对于罕见的不良事件,需要从多个来源汇集数据,以具有检测遗传、种族和临床定义亚人群中安全性和有效性差异的能力和足够的人群异质性。然而,将来自不同数据保管人或司法管辖区的数据集合在一起进行分析,会产生严重的隐私问题,需要加以解决。现有的解决这些问题的协议可能会导致分析准确性降低,并允许敏感信息泄露。
开发一种用于逻辑回归的安全分布式多方计算协议,提供强大的隐私保护。
我们使用具有多个提供数据的站点的单个分析中心开发了一种安全的分布式逻辑回归协议。理论安全分析表明,该协议对合理的共谋攻击具有鲁棒性,并且不会允许各方从它们之间交换的数据中获得新信息。协议的计算性能和准确性在模拟数据集上进行了评估。
计算性能随数据集大小的增加呈线性增长。站点的增加导致计算时间呈指数增长。然而,对于多达五个站点,时间仍然很短,不会影响实际应用。模型参数与在 SAS 中分析的汇总原始数据的结果相同,表明模型准确性很高。
所提出的协议和原型系统将允许以安全的方式开发逻辑回归模型,而无需共享个人健康信息。这可以缓解建立大规模上市后监测计划的关键障碍之一。我们通过广义估计方程扩展了安全协议,以考虑到站点内患者之间的相关性,并通过将其扩展到广义线性模型来适应其他链接函数。
