Lines

How Decentralized Networks Can Cure the Privacy Pandemic

Project UpdateNovember 01, 2021
New image

With health data more at risk than ever, there is an urgent need to find a solution that enables collaboration without exposure. Among all the bad cybersecurity news brought by the pandemic, the rise in healthcare data breaches is particularly striking. As in other industries, the sector was ill-prepared to pivot so suddenly to remote delivery, but of course in health, that problem was just one of many. Covid-specific challenges such as the need for contact tracing and the Covid certificate have added to the pressure and the risks. Is there a way to reduce the privacy risks that come along with increasing our physical safety?

Pooling knowledge makes us smarter, but more vulnerable

The pandemic arrived as healthcare systems around the world were in the process of introducing centralized electronic health records (EHRs) – ironically a step back in data security, since paper dossiers were less vulnerable. The USA was an early adopter, having started the transition in 2009, and its experience is salutary: breaches of these record systems have exposed the data of more than 100 million people. The reason they’re so tempting is that stolen medical data can be used for insurance fraud, making it more valuable even than credit card data.

Is it worth the risk? EHR advocates say that they offer far greater benefits than simply an increase in efficiency. Bringing together information on a single patient from multiple healthcare providers implies a more holistic view of that person’s health, and therefore can enable better patient care. At the same time pooling the knowledge of multiple patients across providers could promote greater system-wide learning – the kind of learning that might have helped with building a better understanding of the coronavirus (from how it spreads to unusual symptoms and long-term effects) at an early stage.

In the Harvard Business Review, John Glaser calls for a “new form of EHR”, not just a record but a system, that would use intelligent analytics to improve population-level health management as well as patient-level information exchange and provision. He warns that this will require an unprecedented level of industry cooperation – which in a privatized market raises further questions; information sharing between independent, potentially competing service providers is sure to be fraught. And the plethora of stakeholders and platforms involved adds yet another layer of complication, with interoperability as much a concern as security.

Apps lay further traps

A more urgent problem is how to win public trust in the security of their personal records when using a Covid app. Earlier this year the Swiss platform Myvaccines was found to have violated data protection rules, adding to privacy concerns among a public already resentful of Covid restrictions and requirements. At the same time, there are plenty of digital health apps besides Covid tracing and certificates, and as the possibility opens that these apps can draw on patient data from third parties, the risks increase.

In addressing these concerns, privacy needs to be absolutely non-negotiable and independent of legal protection. Privacy laws are inconsistent and in many regions inadequate. And especially since apps make data flows possible not just between individuals and public institutions, but between different institutions or companies, it must be possible to store, process and access the data in a way that does not expose individual records.

The blockchain benefit

Using decentralized storage goes some way to reducing the risk. Where a central server offers a single point of attack, blockchain has certain inherent security advantages. The distributed architecture provides no hackable entry point; data in transit can be protected from interference; decentralized storage limits the amount of useful information from any breach so that it no longer rewards the attempt; and data tampering is immediately evident on the public record. However, blockchain’s transparency is also a factor that needs to be mitigated when it comes to data protection – and it’s important to remember the GDPR right to deletion, which conflicts with putting any personal linkable data on a blockchain.

One solution that presents itself is the use of trusted execution environments. A TEE is a hardware component within a server, effectively equivalent to a locked box to which not even the administrator has the key. Once data enters the TEE, it can be processed in predetermined ways and the results of those processes can be accessed, but not the data itself. As no one actor has the rights typically associated with the admin of a centralized server, TEEs also greatly reduce the potential risk of hacking. As we have seen, in the context of highly valuable medical records, that risk is considerable.

The great advantage of this technology is that it enables collaboration between competitors by enabling them to pool their data but not directly share it. All the stakeholders in a system such as Glaser’s envisioned “new EHR” would be able to contribute knowledge, and benefit from the power of big data analytics, without having access to the underlying data sets.

Multi-party computation is another privacy-preserving technology that could potentially be applied to this problem, being another way to pool data without revealing it. In MPC, each party contributes an input and receives a specified output after the computation has been run, but has no access to any of the other inputs. In theory, this would also solve the problems of private and secure health data processing, but as the method is still mostly an academic topic it is not yet very helpful in addressing the urgent data problems of the healthcare sector.

In developing solutions for the next generation of EHR systems and digital health, data privacy and trustless collaboration must be top of mind. It will be important to avoid the security pitfalls of centralized storage and to maximize interoperability. If these challenges are met, the benefits will be felt not just by the healthcare sector, but by all of us.

You Might Also Like

New image
Project UpdateMay 06, 2025

Monthly Wrap-Up April 2025: EURC, WBTC & PEPE on Incognitee, TEER Landing on Ethereum, Winning the Hackernoon Awards & More

New image
Project UpdateApril 08, 2025

Monthly Wrap-Up March 2025: USDC, USDT & ETH Now on Incognitee, TEER on Uniswap Approved

New image
Product UpdateMarch 17, 2025

Incognitee Feature Alert: USDT & USDC Now Available

New image
Project UpdateMarch 05, 2025

Monthly Wrap-Up February 2025: Working on Incognitee, Discussing K-Anonymity & More

New image
Project UpdateFebruary 05, 2025

Monthly Wrap-Up January 2025: Launching Incognitee for DOT on Polkadot Asset Hub, Recapping 2024 & Releasing the Roadmap

New image
EducationJanuary 31, 2025

Web3 2025 Predictions: What’s Going to Happen This Year?

New image
Product UpdateJanuary 28, 2025

Incognitee — The Start of Full Privacy for DOT

New image
Project UpdateJanuary 21, 2025

Integritee Network: Roadmap 2025

New image
Project UpdateJanuary 16, 2025

2024 at Integritee: Joining Coretime, Launching Incognitee, Developing New Features, Listing TEER on Basilisk & Much More

New image
Project UpdateJanuary 14, 2025

Monthly Wrap-Up December 2024: Launching the Incognitee Vouchers, Messaging, and More

New image
Project UpdateDecember 04, 2024

Monthly Wrap-Up November 2024: All about Incognitee and Privacy in Web3

New image
Project UpdateNovember 05, 2024

Monthly Wrap-Up October 2024: Incognitee Beta Launch & Guess the Number Contest

New image
Product UpdateOctober 31, 2024

Incognitee Beta Launch & Guess the Number Contest

New image
Project UpdateOctober 07, 2024

Monthly Wrap-Up September 2024: TEERDays Launch, Tech Updates, New Articles & More

New image
Product UpdateSeptember 10, 2024

TEERdays: A New Unit That Will Shape Incognitee

New image
Project UpdateAugust 05, 2024

Monthly Wrap-Up July 2024: Talking at Decoded, Launching Treasury Proposals, Publishing Articles & More

New image
Project UpdateJuly 02, 2024

Monthly Wrap-Up June 2024: Incognitee Bug Bounty Launch, Polkadot Treasury Proposal & More

New image
Platform UpdateJune 26, 2024

Become a Collator Operator for Integritee Network!

New image
Project UpdateJune 03, 2024

Monthly Wrap-Up May 2024: Securing a Polkadot Parachain, Launching the Incognitee Test Campaign & More

New image
Product UpdateMay 07, 2024

The Incognitee User Test Campaign is Now Live!

New image
Industry InsightsApril 16, 2024

Slot Auctions vs Coretime: What’s Changing for Polkadot Projects

New image
Project UpdateApril 03, 2024

Monthly Wrap-Up March 2024: Listing TEER on Basilisk, Attending Sub0 & Paseo Landing

New image
Project UpdateMarch 05, 2024

Monthly Wrap-Up February 2024: Crowdloan, Governance and Treasury

New image
Project UpdateFebruary 05, 2024

Monthly Wrap-Up January 2024: Launching the Incognitee Testnet, Winning a Hackernoon Award & Much More!

New image
Project UpdateFebruary 02, 2024

Polkadot Crowdloan: Campaign Kicks Off on February 7th!

New image
Project UpdateJanuary 30, 2024

2023 at Integritee: Product Releases, Partnerships, a Privacy Sidechain & Much More

New image
Project UpdateJanuary 19, 2024

OLI Systems Releases Research Paper about a DLT-Based Local Energy Market Model

New image
Project UpdateJanuary 05, 2024

Monthly Wrap-Up December 2023: New Products, Fresh Content & More

New image
Project UpdateJanuary 03, 2024

2023 Integritee Content: Giving Back to Our Community

New image
Product UpdateDecember 11, 2023

Unlocking Privacy in Transfers: The Power of Integritee’s Private Sidechain Model

New image
Project UpdateDecember 05, 2023

Monthly Wrap-Up November 2023: New Content, TEER Recover & Tech Updates

New image
Project UpdateNovember 06, 2023

Monthly Wrap-Up October 2023: Joining an Accelerator Program, Launching the New Website, Educational Content & More!

New image
Project UpdateOctober 06, 2023

Monthly Wrap-Up September 2023: Winning an Award, Talking at Sub0, Partnering with OVH & More!

New image
Project UpdateSeptember 27, 2023

OVH Releases Whitepaper on How Integritee Is Re-Inventing Blockchain Security & Confidentiality Using Intel SGX Technology & OVHcloud

New image
Project UpdateSeptember 04, 2023

Monthly Wrap-Up August 2023: Launching the Attesteer, Encointer’s PoP Badge & More

New image
Product UpdateAugust 30, 2023

Launching Integritee’s Attesteer

New image
Project UpdateAugust 08, 2023

Monthly Wrap-Up July 2023: Video Releases, Tech Updates & More

New image
Project UpdateJuly 06, 2023

Monthly Wrap-Up June 2023: Polkadot Decoded, New Add-Ons and More

New image
Project UpdateJune 06, 2023

Monthly Wrap-Up May 2023: Governance Platform Launch, New Environments and More

New image
NewsMay 09, 2023

Integritee Launches New Governance Platform with Polkassembly

New image
Project UpdateMay 04, 2023

Monthly Wrap-Up April 2023: Tech Upgrades, Partnerships & Upcoming News

New image
Project UpdateApril 06, 2023

Monthly Wrap-Up March 2023: Product Releases, a Privacy Sidechain & More

New image
Project UpdateApril 04, 2023

Securitee & enclaive Team Up to Offer Ready-To-Use TEE-Secured Solutions

New image
Product UpdateMarch 30, 2023

Securitee Launches Confidential Computing Platform to Protect Data in Use

New image
Product UpdateMarch 23, 2023

Introducing Integritee’s Teeracle: A Framework to Build TEE-Based Oracles

New image
Project UpdateMarch 21, 2023

A Privacy Sidechain for All Polkadot & Kusama Chains

New image
Project UpdateMarch 06, 2023

Monthly Wrap-Up February 2023: Launching Roadmap, Partnerships and More!

New image
NewsMarch 03, 2023

SDK v0.11.0: Increased Performance and Faster Processes

Lines