By providing a safe, secure environment, novel approaches
enable health care innovators to share data without opening the door to snoopers
and thieves.
John Halamka, M.D., president, Mayo Clinic Platform, and
Paul Cerrato, senior research analyst and communications specialist, Mayo
Clinic Platform, wrote this article.
We know that
bringing together AI algorithms and data in ways that preserve privacy and
intellectual property is one of the keys to delivering the next generation of clinical
decision support. But meeting that challenge requires health care innovators to look
to other innovators who themselves have created unique cybersecurity solutions.
Among these “Think outside the box” solutions are products and services from
vendors like TripleBlind, Verily, Beekeeper.AI/Microsoft, Terra, and Nvidia.
The concept of secure
computing enclaves has been around for many years. Apple created its secure
enclave, a subsystem built into its systems
on a chip (SoC), which in turn is “an
integrated circuit that incorporates multiple components into a single chip,”
including an application processor, secure enclave, and other coprocessors.
Apple explains that “The Secure Enclave is isolated from the main processor to
provide an extra layer of security and is designed to keep sensitive user data
secure even when the Application Processor kernel becomes compromised. It
follows the same design principles as the SoC does—a boot ROM to establish a
hardware root of trust, an AES [advanced encryption standard] engine for
efficient and secure cryptographic operations, and protected memory. Although
the Secure Enclave doesn’t include storage, it has a mechanism to store
information securely on attached storage separate from the NAND flash storage
that’s used by the Application Processor and operating system.” The secure
enclave is embedded into the latest versions of its iPhone, iPad, Mac
computers, Apple TV, Apple Watch, and Home Pod.
While this security
measure provides users when an extra layer of protection, because it’s a
hardware-based solution, its uses are limited. With that in mind, several
vendors have created software-based enclaves that are more readily adapted by
customers. At Mayo Clinic Platform, we are deploying TripleBlind’s services to
facilitate sharing data with our many external partners. It allows Mayo Clinic
to test its algorithms using another organization’s data without either party
losing control of its assets. Similarly, we can test an algorithm from one of our
academic or commercial partners with Mayo Clinic data, or test an outside
organization’s data with another outside organization’s data.
How is this “magic”
performed? Of course, it’s always about
the math. TripleBlind allows the use of distributed data that is accessed but
never moved or revealed; it always remains one-way encrypted with no decryption
possible. TripleBlind’s novel cryptographic approaches can operate on any type of data
(structured or unstructured images, text, voice, video), and perform any
operation, including training of and inferring from AI and ML algorithms. An
organization’s data remains fully encrypted throughout the transaction, which
means that a third party never sees the raw data because it is stored behind
the data owner organization’s firewall. In fact, there is no decryption key
available, ever. When two health care
organizations partner to share data, for instance, TripleBlind software de-identifies
their data via one-way encryption; then, both partners access each other’s
one-way encrypted data through an Application Programming Interface (API). That
means each partner can use the other’s data for training an algorithm, for
example, which in turn allows them to generate a more generalizable, less
biased algorithm. During a recent conversation with Riddhiman Das, CEO for
TripleBlind, he explained: “To build robust algorithms, you want to be able to
access diverse training data so that your model is accurate and can generalize
to many types of data. Historically, health care organizations have had to send
their data to one another to accomplish this goal, which creates unacceptable
risks. TripleBlind performs one-way encryption from both interacting
organizations, and because there is no decryption possible, you cannot
reconstruct the data. In addition, the data can only be used by an algorithm
for the specific purpose spelled out in the business agreement.”
Developing
innovative technological services is exciting work, with the potential to
reshape the health care ecosystem worldwide. But along with the excitement is
the challenge of keeping data safe and secure. Taking advantage of the many
secure computing enclaves available on the market allows us to do just that.
