Transforming health care and medical research with privacy by design

We envision a future in which doctors can easily and safely store, access and manage primary medical patient data without risking a privacy breach, and in which patients have full control and can change their mind at any time on what information they want to share or keep private. At the same time, researchers should have better, ideally global access to truly anonymous medical and biomedical data in order to study and understand diseases and accelerate the development of novel treatments. Legally and technically, we only see one secure solution for these two seemingly conflicting objectives: (1) all potentially insecure data communication is kept in decentralized form within local, firewall-protected hospital IT systems (highest-possible security, no single point of attack), (2) local, decentralized artificial intelligence (AI) software is active behind these firewalls, and (3) only federated machine learning features that cannot be tracked back to sensitive patient data are transferred to a centralized, yet transient cloud.

The digital revolution, in particular big data mining, AI applications, and federated machine learning, offers new opportunities to transform healthcare. However, it also harbours risks to the safety of sensitive primary medical data such as patient information and raw data. In particular, data exchange over the internet is perceived insurmountable, posing a roadblock that is hampering scientific progress and novel medical innovations that would only be possible by big data mining.

FeatureCloud tackles this perceived roadblock in an elegant way: It is a transformative, pan-European research collaboration and AI-development project which implements a software toolkit for substantially reducing cyber risks to healthcare infrastructure by employing the worldwide first “privacy by design” approach. The final product of FeatureCloud will be characterized by three key strengths: (1) no sensitive data will be sent through any communication channels, (2) data won’t be stored in one central point of attack, and (3) patients will maintain full control over their data, being able to give or withdraw their consent at any time.