NSF funds software to safeguard patient data during COVID-19 research
As medical professionals continue in their quest to learn more about the strange and unpredictable novel coronavirus, research is moving at a rapid pace – with robust and widespread data sharing a key component.
But security concerns are a major sticking point, as scientists and researchers weigh what data, and how much of it, to share. New technology funded by the National Science Foundation aims to help make those decisions with patient privacy top of mind.
WHY IT MATTERS
The $200,000 NSF grant has been awarded to computer scientists at the University of Texas at Dallas and Vanderbilt University Medical Center to develop an open-source tool that can help providers and policymakers make more informed decisions about how they share data.
While de-identified aggregate stats may do well enough for epidemiological models that track disease spread on a macro level, effective research into how new diseases like COVID-19 move among patient populations, affecting different people in very different ways, demands person-level data. As public health researchers leverage technology for contact tracing, there are, rightly, significant concerns about patient privacy.
For the UT Dallas project, Dr. Murat Kantarcioglu, professor of computer science in the school's Erik Jonsson School of Engineering and Computer Science, along with Dr. Brad Malin, vice chair for research in biomedical informatics at Vanderbilt is developing a tool that can help weigh the risks that a person might be identified when their health data is shared with researchers.
Kantarcioglu and Malin, who have also worked together assessing the privacy risks involved with genomic data, acknowledge that most tools to evaluate the risks of data sharing don't account for changes in a disease’s spread over time or location. Given that COVID-19 can change quickly, day-to-day, the data used to assess its spread might vary the same way, they note.
The decision-support software they're developing aims to assess whether sharing data about patients' locations or medical histories might increase the risk of identification if specific information such as medications or smoking status were viewed in combination with location data. If that were determined to be the case, the tool could flag certain instances where data was only able to be shared on a restricted basis with researchers.
THE LARGER TREND
There are major concerns for patient privacy, as COVID-19 research continues and contact-tracing apps become more widespread.
An International Digital Accountability Council report has shown that many COVID-19 apps are missing key security measures. And a recent sample of 50 COVID-19 apps from around the world found that just 16 promised to anonymize, encrypt and secure the data they collect.
Senators have recently introduced a bipartisan bill aimed at protecting the health information of people who opt in to COVID-19 exposure notification apps. The Exposure Notification Privacy Act – introduced by Sens. Maria Cantwell, D-Washington, and Bill Cassidy, R-Louisiana – requires public health officials to be involved with any exposure-notification systems, mandates user consent for their participation and the ability to request the deletion of their data at any time, and prohibits any commercial use of the data, among other specifications.
ON THE RECORD
"The issue is: What kind of details can we give to researchers while protecting a patient’s privacy?" said Kantarcioglu, in a statement. "It’s possible that disclosing certain features about a patient’s medical history may make it easier to identify a person.
"We would like to give researchers as much data as possible for this kind of analysis," he added. "But we want to make sure that the risk of a person being identified is low."