Exciting experience in participating EDM forum commissioned projects Protect Patient Privacy When Sharing Data for CER 12/01/11 – 6/01/12 Write a commissioned paper (i.e., systematic review of privacy technologies of sharing data for Comparative Effectiveness Research) and present the paper at the June 15, 2012 EDM Forum Stakeholder Symposium. Making distributed models accessible and useful to data analysis 08/15/ /15/13 Test a practical user interface to Grid LOgistic REgression (GLORE) across clinical sites. 1

Motivation We want to provide researchers a set of tools that enable efficient global data analyses without accessing patient-level health records. The EDM forum commissioned project provides us an opportunity to access the viability of distributed model that builds model without sharing data. 2

Distributed data analysis 3

4

5

6

7

8

Foundation of GLORE 9 Suppose m-1 features are consistent over k sites In each iteration, intermediary results of a mxm matrix and a m- dimensional vector are transmitted to k-1 sites No exchanging of raw data Wu Y, Jiang X, Kim J, et al. Grid Binary LOgistic REgression (GLORE): building shared models without sharing data. J Am Med Inform Assoc 2012;2012:758–64.

Grid Logistic Regression as a webservice 10 MIT license Healthcare research Data collection Algorithm development Software implementation Results verification

Challenges and solutions Privacy challenge Ji Z, Jiang X, Wang S, et al. Differentially private distributed logistic regression using private and public data. BMC Med Genomics 2014;7:S14. Efficiency challenge Wu Y, Jiang X, Kim J, et al. Grid Binary LOgistic REgression (GLORE): building shared models without sharing data. J Am Med Inform Assoc 2012;2012:758– 64. Institutional privacy concern Wu Y, Jiang X, Ohno-machado L. Preserving Institutional Privacy in Distributed Binary Logistic Regression. In: AMIA Annu Symp. Chicago, IL: –8. UI challenge Jiang W, Li P, Wang S, et al. WebGLORE: a web service for Grid LOgistic REgression. Bioinformatics 2013;29:3238–40. Implementation challenge Jiang W, Wang S, et al. Development of a web service for model building in a distributed network, eGEMs (under revision),

Beyond WebGLORE How to collaborate more efficiently and securely ? o Efficiency : Data user can delegate a part of collaborative studies into a cloud environment o Security : public cloud cannot learn any information about the underlying data protected by the cryptographic technologies 12

Beyond WebGLORE How to collaborate more efficiently and securely ? o Efficiency : Data user can delegate a part of collaborative studies into a cloud environment o Security : public cloud cannot learn any information about the underlying data protected by the cryptographic technologies 13

Beyond WebGLORE How to collaborate more efficiently and securely ? o Efficiency : Data user can delegate a part of collaborative studies into a cloud environment o Security : public cloud cannot learn any information about the underlying data protected by the cryptographic technologies 14

An Analogy: Alice’s necklace Alice has some gemstones and gold 15

An Analogy: Alice’s necklace Alice has some gemstones and gold She wants to ask a worker to assemble raw materials into a necklace 16

An Analogy: Alice’s necklace Alice has some gemstones and gold She wants to ask a worker to assemble raw materials into a necklace 17 But, Alice is worried about theft. She wants the worker to process the raw materials without having access to them

An Analogy: Alice’s necklace Alice solves the problem by locking the materials in a glove box 18

An Analogy: Alice’s necklace Alice solves the problem by locking the materials in a glove box She asks the worker to assemble the necklace in the box 19

An Analogy: Alice’s necklace Alice solves the problem by locking the materials in a glove box She asks the worker to assemble the necklace in the box She unlocks the box to get the necklace without worry about theft 20

The Analogy in Homomorphic (HM) Operations HM Encryption: put things inside the locked box o Anyone can do this (e.g., a mail drop box) o Health data privacy can be protected by HM encryption 21

The Analogy in Homomorphic (HM) Operations HM Encryption: put things inside the locked box o Anyone can do this (e.g., a mail drop box) o Health data privacy can be protected by HM encryption HM Decryption: take the results out of the box o Only the person who has the key o Authorized researchers, stakeholders, etc. 22

The Analogy in Homomorphic (HM) Operations HM Encryption: put things inside the locked box o Anyone can do this (e.g., a mail drop box) o Health data privacy can be protected by HM encryption HM Decryption: take the results out of the box o Only the person who has the key o Authorized researchers, stakeholders, etc. HM Evaluation: work on the materials o Anyone can do it. o Compute encrypted data in a cloud environment without sacrificing the privacy. 23

What can we do now using Homomorphic Encryption (HME)? 24 Fully HME (e.g., enable unlimited number of both addition and multiplication on encrypted data) Fully HME (e.g., enable unlimited number of both addition and multiplication on encrypted data) Partial HME (e.g., enable either addition or multiplication on encrypted data, but not both) Partial HME (e.g., enable either addition or multiplication on encrypted data, but not both) Leveled HME (e.g., enable a certain number of both addition and multiplication on encrypted data) Leveled HME (e.g., enable a certain number of both addition and multiplication on encrypted data) Flexibility Complexity Low High Medium

Challenges and solutions 25 Supporting more types of operations o HM encrypted data currently only support basic addition, multiplication or bit-wise shifting operations. o Approximate advanced operations with addition and multiplication operations. E.g., Logarithm or exponential operation can be approximated by series expansion, which includes only addition and multiplication operations

Challenges and solutions 26 Supporting more types of operations o HM encrypted data currently only support basic addition, multiplication or bit-wise shifting operations. o Approximate advanced operations with addition and multiplication operations. E.g., Logarithm or exponential operation can be approximated by series expansion, which includes only addition and multiplication operations Supporting floating number o All the HM operations are taken place on integer o Use fixed point approximation E.g., the floating number 0.5 can be represented by an integer of 128 with respect to a base 256 (0.5 = 128/256)

Challenges and solutions 27 Supporting more types of operations o HM encrypted data currently only support basic addition, multiplication or bit-wise shifting operations. o Approximate advanced operations with addition and multiplication operations. E.g., Logarithm or exponential operation can be approximated by series expansion, which includes only addition and multiplication operations Supporting floating number o All the HM operations are taken place on integer o Use fixed point approximation E.g., the floating number 0.5 can be represented by an integer of 128 with respect to a base 256 (0.5 = 128/256) Complexity issues o HM operations are computationally demanding o Use Parallel computing to speed up HM operations o Leverage partial HM, leveled HM and fully HM operations in different use cases.

Future work 28 Homomorphic encrypted federated-cloud computing

Thank you! What is next ? o Two brief presentations to set the stage o Breakout sessions in the afternoon 29 “Analytical Methods for a Learning Healthcare System” Michael Stoto, Georgetown University “Distributed Statistical Model Fitting In Federated Networks: A user guide” Daniella Meeker, RAND Corporation and Jared Murray, Duke University Room 304 Room 313