Executing queries on data that is distributed amongst a set of institutions is an important task regularly needed in many data management systems. When the data is sensitive, then data use agreements need to be established before any data can be shared for central aggregation, which is typically a time-intensive process. One mechanism to avoid this inefficiency is to utilize cryptographic tools, specifically secure multi-party computation (MPC), which can allow for the desired functionality without requiring each participating database to share their information. For example, Chicagoland is a current project that attempts to leverage MPC to aggregate health records from multiple hospitals while keeping individual records at their site of origin alone.
While the Chicagoland system is designed to allow one party to prove certain facts about their own data, in general they are unable to demonstrate full compliance of their database with policy/regulation. For example, in the US, access to electronic health records is governed by hundreds of diverse, partially overlapping rules and regulations that depend on a variety of conditions such as the contents of the data (e.g., records pertaining to minors require higher levels of protection) and the geographic location of the data’s origin. Through the Catalyst seedling, we aim to augment the Chicagoland system with tools to support third-party auditability, and then demonstrate the viability of the resulting technology testing it in a real-world deployment. By providing an auditable private aggregation platform, the long-term goal of our efforts on Catalyst will be to allow improvements to health outcomes by providing rapid health monitoring while keeping a high level of security for patients’ information.
This work was supported by DARPA under Contract No. HR001120C0087, Distribution Statement A: “Approved for Public Release, Distribution Unlimited. If you have any questions, please contact the Public Release Center”. The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.