VaultDB: A Real-World Pilot of Secure Multi-Party Computation within a Clinical Research Network
This addresses privacy and regulatory barriers for clinical research networks, enabling distributed analyses without data sharing, though it is incremental as it applies an existing cryptographic method to a specific domain.
The authors tackled the problem of securely analyzing private clinical data across multiple institutions by developing VaultDB, a framework using secure multi-party computation to compute SQL queries without moving patient records, and demonstrated its efficiency and scalability in a real-world deployment across three health systems covering nearly 13M patients.
Electronic health records represent a rich and growing source of clinical data for research. Privacy, regulatory, and institutional concerns limit the speed and ease of sharing this data. VaultDB is a framework for securely computing SQL queries over private data from two or more sources. It evaluates queries using secure multiparty computation: cryptographic protocols that evaluate a function such that the only information revealed from running it is the query answer. We describe the development of a HIPAA-compliant version of VaultDB on the Chicago Area Patient Centered Outcomes Research Network (CAPriCORN). This multi-institutional clinical research network spans the electronic health records of nearly 13M patients over hundreds of clinics and hospitals in the Chicago metropolitan area. Our results from deploying at three health systems within this network show its efficiency and scalability for distributed clinical research analyses without moving patient records from their site of origin.