Health Ethics and Policy Laboratory, Department of Health Sciences and Technology (D-HEST), ETH Zürich, Zurich, Switzerland.
College of Business, Government and Law, Flinders University, Adelaide, Australia.
BMC Med Ethics. 2022 Dec 1;23(1):121. doi: 10.1186/s12910-022-00852-2.
Increasingly, hospitals and research institutes are developing technical solutions for sharing patient data in a privacy preserving manner. Two of these technical solutions are homomorphic encryption and distributed ledger technology. Homomorphic encryption allows computations to be performed on data without this data ever being decrypted. Therefore, homomorphic encryption represents a potential solution for conducting feasibility studies on cohorts of sensitive patient data stored in distributed locations. Distributed ledger technology provides a permanent record on all transfers and processing of patient data, allowing data custodians to audit access. A significant portion of the current literature has examined how these technologies might comply with data protection and research ethics frameworks. In the Swiss context, these instruments include the Federal Act on Data Protection and the Human Research Act. There are also institutional frameworks that govern the processing of health related and genetic data at different universities and hospitals. Given Switzerland's geographical proximity to European Union (EU) member states, the General Data Protection Regulation (GDPR) may impose additional obligations.
To conduct this assessment, we carried out a series of qualitative interviews with key stakeholders at Swiss hospitals and research institutions. These included legal and clinical data management staff, as well as clinical and research ethics experts. These interviews were carried out with two series of vignettes that focused on data discovery using homomorphic encryption and data erasure from a distributed ledger platform.
For our first set of vignettes, interviewees were prepared to allow data discovery requests if patients had provided general consent or ethics committee approval, depending on the types of data made available. Our interviewees highlighted the importance of protecting against the risk of reidentification given different types of data. For our second set, there was disagreement amongst interviewees on whether they would delete patient data locally, or delete data linked to a ledger with cryptographic hashes. Our interviewees were also willing to delete data locally or on the ledger, subject to local legislation.
Our findings can help guide the deployment of these technologies, as well as determine ethics and legal requirements for such technologies.
越来越多的医院和研究机构正在开发以隐私保护方式共享患者数据的技术解决方案。其中两种技术解决方案是同态加密和分布式账本技术。同态加密允许在不解密数据的情况下对数据进行计算。因此,同态加密为在分布式位置存储的敏感患者数据队列上进行可行性研究提供了潜在的解决方案。分布式账本技术为所有患者数据的传输和处理提供了永久记录,允许数据保管人对访问进行审核。当前文献的很大一部分研究了这些技术如何符合数据保护和研究伦理框架。在瑞士语境下,这些工具包括《联邦数据保护法》和《人类研究法》。还有一些机构框架,用于管理不同大学和医院的与健康和遗传数据相关的处理。鉴于瑞士与欧盟(EU)成员国的地理位置相近,《通用数据保护条例》(GDPR)可能会施加额外的义务。
为了进行这项评估,我们对瑞士医院和研究机构的主要利益相关者进行了一系列定性访谈。这些利益相关者包括法律和临床数据管理人员,以及临床和研究伦理专家。这些访谈使用了两组特写,重点关注使用同态加密进行数据发现和从分布式账本平台中删除数据。
对于我们的第一组特写,根据提供的数据类型,如果患者提供了一般同意或伦理委员会的批准,受访者准备允许数据发现请求。我们的受访者强调了针对不同类型数据的重新识别风险进行保护的重要性。对于我们的第二组特写,受访者对于他们是否会在本地删除患者数据,或者使用加密哈希值从账本中删除与患者数据相关的数据存在分歧。受访者还愿意根据当地立法在本地或账本上删除数据。
我们的研究结果可以帮助指导这些技术的部署,并确定这些技术的伦理和法律要求。
