Secure Multiparty Computation for Cross-Border Population Health Research: A Framework for International Healthcare Collaboration

Abstract

The COVID-19 pandemic underscored the urgent need for global data sharing in the healthcare sector. However, cross-border sharing of health data is practically non-existent due to privacy regulations, concerns about data sovereignty, and technical challenges. We propose a secure multiparty computation (MPC) framework that allows multiple countries to collaboratively compute population health statistics using their own citizens' data without revealing the raw data to each other.

Our contributions are: (1) We design and implement a practical MPC protocol optimized for epidemiological computations that are likely to be required for real-time international collaboration, using the open-source MP-SPDZ framework. The protocol can compute disease prevalence, risk factors, and outbreak patterns from population health data, while ensuring information-theoretic security even against semi-honest adversaries who control up to n-1 of the parties involved. (2) We account for the specific challenges of international healthcare data collaboration, including (a) data format heterogeneity among different countries' health systems, (b) jurisdiction-specific privacy regulations (such as GDPR, HIPAA, and PIPEDA), (c) network latency between data centers on different continents, and (d) heterogeneity in computational resources among different countries. We develop a new pre-processing phase for our MPC protocol that can handle publicly unknown but possibly non-identical input data schemas from each collaborator, while only revealing data type information. This results in up to 76% reduction in online runtime. (3) We instantiate our system with a proof-of-concept implementation of simulated health departments in five different countries that use our MPC protocol to jointly analyze 100 million records of health department pandemic surveillance data. The system can compute population-level summary statistics in under 4 hours – fast enough to generate weekly epidemiological reports. The privacy loss is zero (perfect privacy), and the accuracy is 99.98% when compared to a centralized computation. (4) We map out the major compliance concerns and requirements for international data sharing involving health data, specifically focusing on 15 major jurisdictions across the globe, and we show that our MPC framework can enable cross-border data sharing for epidemiological research that complies with the privacy regulations in each of these jurisdictions. The framework can also automatically check for compliance and generate the necessary audit trails for obtaining approval for cross-border data sharing for health research.

We hope this work paves the way for an international ecosystem for global health data collaboration that allows countries to reap the benefits of such collaboration without relinquishing control of their citizens' sensitive health data.