On the 10th October, a paper was published by blockchain firm Nebula Genomics and Switzerland based academics on health data privacy. The report outlines new technology developed to keep genome data safe while utilizing the auditability of blockchain.
Nebula Genomics uses the technology to log its DNA testing data. Last month, the firm launched an anonymous genetic testing service to give consumers peace of mind that identifying information is not shared.
However, customers are still concerned that their data could be given to drug companies and researchers without their consent.
Nebula is well aware of this, as its paper shows: “The growing number of health-data breaches, the use of genomic databases for law enforcement purposes and the lack of transparency of personal-genomics companies are raising unprecedented privacy concerns.”
The tech behind privacy
The firm’s solution and accompanying report explain how homomorphic encryption and multi-party computation (MPC) have been combined in a novel way. The authors claim: “the system we propose enables for the first time individual citizens to directly share their clinical and genomic data with researchers without compromising their privacy and by keeping control on who can access and use their data.” But how is this achieved?
Blockchain was initially created as a publicly viewable ledger of immutable information. So adapting the technology to keep sensitive data secret is a complex and vital goal. Nebula does not store DNA data on a blockchain. It leverages blockchain for the access control layer.
Homomorphic encryption allows computation, like data analysis, on encrypted data, without revealing the data itself. Meanwhile, secure MPC splits computational work between several nodes so the original input cannot be read.
For example, a researcher could use homomorphic encryption to discover the average height of people in a health database, but never see any data about individuals. Some firms like Sepior use MPC to store private keys securely, as the key is split into ‘shares’ which are distributed randomly among other nodes. This means there is no single point at which a hacker can get the key.
Nebula’s new solution
Both technologies can suffer from scalability and speed issues. However, Nebula and its collaborators claim to have solved these issues by combining the methods.
The solution uses an MPC-based ‘collective encryption key’ which means that data is protected unless all nodes have their keys stolen. A researcher can make a query to discover if relevant information is available without seeing it, thanks to homomorphic encryption.
The data can only be accessed if the researcher’s request matches up with access permissions, set by data owners. If it does, the collective key is switched to the researchers key. This switch is only done if the nodes agree that access can be granted, and allows only the researcher to see the data.
Though the methods used aren’t new, and are beginning to be adopted across the blockchain space, Nebula’s solution is indeed novel. If its claims of scalability and efficiency turn out to be accurate, this solution could have a big impact on how health data is stored.
Harvard scientist and Nebula founder George Church is credited as an author, along with some of his colleagues and medical and computer science researchers from Lausanne, Switzerland. His firm has previously partnered with Merck subsidiary EMD Serono and offered free DNA testing.