Increasing digitization of clinical information holds considerable promise for data sharing in the field of personalized healthcare. However, it potentially opens sensitive patient data to the twin threats of privacy breach and data security. That has prevented wide-scale adoption of clinical and genomic data sharing despite its enormous possibilities.

In a major breakthrough last year, EPFL and the Lausanne University Hospital (CHUV) collaborated to develop a secure software called the MedCo system. The system took shape in the Laboratory for Data Security (LDS), headed by Professor Jean-Pierre Hubaux, and is based on software libraries developed by the Decentralized and Distributed Systems (DEDIS) Lab, headed by Professor Bryan Ford.

After a year’s intense cooperation between IT and legal experts, the MedCo system has now been deployed in the university hospitals of Lausanne, Geneva, and Bern. The system will be expanded to the university hospitals of Basel and Zurich, as well as other hospitals in the Swiss Group for Clinical Cancer Research (SAKK).

MedCo mitigates the risks associated with existing approaches. While the centralized approach of accumulating all the trust in a single repository is susceptible to a single point of failure in the system, the decentralized approach of keeping data at individual clinical sites involves high costs for institutions to maintain an interoperable network. To overcome these limitations, MedCo enables clinical sites to share clinical and genomic data through a hybrid or “somewhat” decentralized approach. According to the researchers, the system “distributes the trust among a set of different ‘storage and processing’ units to which clinical sites can securely outsource the storage of their data.”

MedCo is based on a cryptographic principle called ‘secure multiparty computation.’ According to Juan Troncoso-Pastoriza, senior researcher at LDS, the encryption scheme is homomorphic, which allows “computations to be performed on encrypted data without decrypting it” and “the data remains protected end-to-end from both internal and external attacks.”

The adoption of MedCo by major hospitals in Switzerland represents a major advancement in the use of big data in the healthcare sector because the system provides collective protection of medical data and extends strong security guarantees to clinical sites.

MedCo’s deployment is part of a project funded by the Swiss Personalized Health Network and the Personalized Health and Related Technologies strategic focus area of the ETH Domain.