With health data more at risk than ever, there is an urgent need to find a solution that enables collaboration without exposure. Among all the bad cybersecurity news brought by the pandemic, the rise in healthcare data breaches is particularly striking. As in other industries, the sector was ill-prepared to pivot so suddenly to remote delivery, but of course in health, that problem was just one of many. Covid-specific challenges such as the need for contact tracing and the Covid certificate have added to the pressure and the risks. Is there a way to reduce the privacy risks that come along with increasing our physical safety?
The pandemic arrived as healthcare systems around the world were in the process of introducing centralized electronic health records (EHRs) – ironically a step back in data security, since paper dossiers were less vulnerable. The USA was an early adopter, having started the transition in 2009, and its experience is salutary: breaches of these record systems have exposed the data of more than 100 million people. The reason they’re so tempting is that stolen medical data can be used for insurance fraud, making it more valuable even than credit card data.
Is it worth the risk? EHR advocates say that they offer far greater benefits than simply an increase in efficiency. Bringing together information on a single patient from multiple healthcare providers implies a more holistic view of that person’s health, and therefore can enable better patient care. At the same time pooling the knowledge of multiple patients across providers could promote greater system-wide learning – the kind of learning that might have helped with building a better understanding of the coronavirus (from how it spreads to unusual symptoms and long-term effects) at an early stage.
In the Harvard Business Review, John Glaser calls for a “new form of EHR”, not just a record but a system, that would use intelligent analytics to improve population-level health management as well as patient-level information exchange and provision. He warns that this will require an unprecedented level of industry cooperation – which in a privatized market raises further questions; information sharing between independent, potentially competing service providers is sure to be fraught. And the plethora of stakeholders and platforms involved adds yet another layer of complication, with interoperability as much a concern as security.
A more urgent problem is how to win public trust in the security of their personal records when using a Covid app. Earlier this year the Swiss platform Myvaccines was found to have violated data protection rules, adding to privacy concerns among a public already resentful of Covid restrictions and requirements. At the same time, there are plenty of digital health apps besides Covid tracing and certificates, and as the possibility opens that these apps can draw on patient data from third parties, the risks increase.
In addressing these concerns, privacy needs to be absolutely non-negotiable and independent of legal protection. Privacy laws are inconsistent and in many regions inadequate. And especially since apps make data flows possible not just between individuals and public institutions, but between different institutions or companies, it must be possible to store, process and access the data in a way that does not expose individual records.
Using decentralized storage goes some way to reducing the risk. Where a central server offers a single point of attack, blockchain has certain inherent security advantages. The distributed architecture provides no hackable entry point; data in transit can be protected from interference; decentralized storage limits the amount of useful information from any breach so that it no longer rewards the attempt; and data tampering is immediately evident on the public record. However, blockchain’s transparency is also a factor that needs to be mitigated when it comes to data protection – and it’s important to remember the GDPR right to deletion, which conflicts with putting any personal linkable data on a blockchain.
One solution that presents itself is the use of trusted execution environments. A TEE is a hardware component within a server, effectively equivalent to a locked box to which not even the administrator has the key. Once data enters the TEE, it can be processed in predetermined ways and the results of those processes can be accessed, but not the data itself. As no one actor has the rights typically associated with the admin of a centralized server, TEEs also greatly reduce the potential risk of hacking. As we have seen, in the context of highly valuable medical records, that risk is considerable.
The great advantage of this technology is that it enables collaboration between competitors by enabling them to pool their data but not directly share it. All the stakeholders in a system such as Glaser’s envisioned “new EHR” would be able to contribute knowledge, and benefit from the power of big data analytics, without having access to the underlying data sets.
Multi-party computation is another privacy-preserving technology that could potentially be applied to this problem, being another way to pool data without revealing it. In MPC, each party contributes an input and receives a specified output after the computation has been run, but has no access to any of the other inputs. In theory, this would also solve the problems of private and secure health data processing, but as the method is still mostly an academic topic it is not yet very helpful in addressing the urgent data problems of the healthcare sector.
In developing solutions for the next generation of EHR systems and digital health, data privacy and trustless collaboration must be top of mind. It will be important to avoid the security pitfalls of centralized storage and to maximize interoperability. If these challenges are met, the benefits will be felt not just by the healthcare sector, but by all of us.
Bear With Us: Blockchain Technology is Still Relevant, Even when Crypto Declines
Series 2 – The Integritee Network | Episode 4 – Integritee Sidechains
The Imperative for Privacy in Blockchain: TEEs & Privacy-Preserving Software
Series 2 – The Integritee Network | Episode 3 – Integritee Technology
Monthly Wrap-Up October 2023: Joining an Accelerator Program, Launching the New Website, Educational Content & More!
Series 2 – The Integritee Network | Episode 2 – Integritee Architecture & Components
How Blockchain is Benefiting Numerous Industries: From Sustainability to Brand Quality Control
KYC in Web3: How DiD is Saving the Day for Projects & Companies
Series 2 – The Integritee Network | Episode 1 – Introducing Integritee
Monthly Wrap-Up September 2023: Winning an Award, Talking at Sub0, Partnering with OVH & More!
Series 1 – All you need to know about TEEs | Episode 6 – TEE Limitations
OVH Releases Whitepaper on How Integritee Is Re-Inventing Blockchain Security & Confidentiality Using Intel SGX Technology & OVHcloud
Series 1 – All you need to know about TEEs | Episode 5 – TEE Principles & Threat Models
Monthly Wrap-Up August 2023: Launching the Attesteer, Encointer’s PoP Badge & More
Series 1 – All you need to know about TEEs | Episode 4 – TEE Application Development
Launching Integritee’s Attesteer
Series 1 – All you need to know about TEEs | Episode 3 – TEE Technologies
DAOs: How Fair can Decision-Making be and Why is Private Voting Essential?
Monthly Wrap-Up July 2023: Video Releases, Tech Updates & More
Series 1 – All you need to know about TEEs | Episode 2 – TEE Use Cases
Monthly Wrap-Up June 2023: Polkadot Decoded, New Add-Ons and More
Integritee’s Teeracle Available on the Securitee Platform as an Add-On
Monthly Wrap-Up May 2023: Governance Platform Launch, New Environments and More
Integritee Launches New Governance Platform with Polkassembly
Monthly Wrap-Up April 2023: Tech Upgrades, Partnerships & Upcoming News
Monthly Wrap-Up March 2023: Product Releases, a Privacy Sidechain & More
Securitee & enclaive Team Up to Offer Ready-To-Use TEE-Secured Solutions
Securitee Launches Confidential Computing Platform to Protect Data in Use
Introducing Integritee’s Teeracle: A Framework to Build TEE-Based Oracles
A Privacy Sidechain for All Polkadot & Kusama Chains
Monthly Wrap-Up February 2023: Launching Roadmap, Partnerships and More!
SDK v0.11.0: Increased Performance and Faster Processes
OLI Systems Develops Innovative Energy Market Place by Building on Integritee
Integritee Network: Roadmap 2023
Monthly Wrap-Up January 2023: Slot Swap, Davos Touchdown and Much More
Community Updates: Discord, Twitter Raids & More
2022 at Integritee: Winning Parachains, Hosting Events, Integrating with Projects & Much More
Monthly Wrap-Up November 2022: Lisbon Happenings, Bifrost Integration & More
XCM Integration of Integritee and Bifrost Completed
Integritee Welcomes Sergei Medvedev as New Advisory Board Member
Monthly Wrap-Up October 2022: Travels, Interviews, Tech Updates & More
Monthly Wrap-Up September 2022: Integritee SDK Release, Token2049 & More
Integritee & Securitee: Connecting the Dots
Integritee’s SDK: A New Era of Web3 Application Building
Monthly Wrap-Up August 2022
Integritee Sidechain Performance Benchmark
Integritee & Crust Team Up for Publicly Verifiable Decentralized Content Storage
Integritee’s Polkadot Crowdloan
Monthly Wrap-Up July 2022: Winning a Slot on Polkadot, Integrating with Karura & Much More
From Web 2.0 to Web3: A Step Forward
Polkadot: The Next Step in Integritee’s Growth and Development
Integritee Rewards Structure: Early Birds, Loyal Followers, Family, Friends, and More!
The Integritee Polkadot Crowdloan Campaign Starts Today!
XCM Integration: What Is It and How Does It Work?
Monthly Wrap-Up June 2022: Kraken listing, Talking at Polkadot Decoded & More!
XCM integration of Integritee & Moonriver Completed
Here’s What You Need to Know About XCM Integration on Polkadot
Integritee Completes 2 Key Milestones Towards Decentralization
Monthly Wrap-Up May 2022: Decentralization, International Events, Virtual Worlds & Much More
The Complete Guide to TEER Tokens
How Integritee combines the benefits of Web2 and Web3 technologies
Sidechain 101: What are sidechains and why do we need them on Polkadot?
Monthly Wrap-Up April 2022: Networking, Technical Updates and Business Growth
Monthly Wrap-Up March 2022: Migrating to Kusama & Building Our Community
Update On Integritee Parachain Migration
What Should Integritee Present at Polkadot Decoded 2022? You Decide.
TEE Time with Integritee
A Healthier Approach to Wearables
Event Series: Learn How Integritee Is Taking Gaming to the Next Level With Ajuna
Monthly Wrap-Up February 2022: A New Listing, Sidechains & Other Updates
TEE 101: How Intel SGX works and why we use it at Integritee
After the Crowdloan: What’s Happening Next
Integritee Achieves Feature-Complete Sidechains
Enterprise-Focused Securitee Expands Integritee’s Ecosystem
Kusama Parachain Bid – And the Slot Goes to Integritee!
Integritee Year in Review 2021: Milestones Reached, Partnerships Forged
Integritee Launches its First Web3 Oracle
Introducing the Integritee Ambassador Program
The Integritee Mainnet is Live!
All Systems Go: Mainnet, Token Sale and TEER Giveaway!
Integritee and Fractal Team Up for Fair Data Exchange
Integritee to Collaborate with KILT Protocol for SocialKYC Authentication
Integritee Partners with Decentralized Gaming Platform Ajuna
Confidential Computing Will Secure Our Secrets in Web3
The How, Why and What of the Kusama Crowdlending