Dov Fox

PRINCESS: Privacy-protecting Rare disease International Network Collaboration via Encryption through Software guard extensionS.

Motivation: We introduce PRINCESS, a privacy‐preserving international collaboration framework for analyzing rare disease genetic data that are distributed across different continents. PRINCESS leverages Software Guard Extensions (SGX) and hardware for trustworthy computation. Unlike a traditional international collaboration model, where individual‐level patient DNA are physically centralized at a single site, PRINCESS performs a secure and distributed computation over encrypted data, fulfilling institutional policies and regulations for protected health information. Results: To demonstrate PRINCESS’ performance and feasibility, we conducted a family‐based allelic association study for Kawasaki Disease, with data hosted in three different continents. The experimental results show that PRINCESS provides secure and accurate analyses much faster than alternative solutions, such as homomorphic encryption and garbled circuits (over 40 000× faster). Availability and Implementation: https://github.com/achenfengb/PRINCESS_opensource Contact: shw070@ucsd.edu Supplementary information: Supplementary data are available at Bioinformatics online.

Protecting genomic data analytics in the cloud: state of the art and opportunities

The outsourcing of genomic data into public cloud computing settings raises concerns over privacy and security. Significant advancements in secure computation methods have emerged over the past several years, but such techniques need to be rigorously evaluated for their ability to support the analysis of human genomic data in an efficient and cost-effective manner. With respect to public cloud environments, there are concerns about the inadvertent exposure of human genomic data to unauthorized users. In analyses involving multiple institutions, there is additional concern about data being used beyond agreed research scope and being prcoessed in untrused computational environments, which may not satisfy institutional policies. To systematically investigate these issues, the NIH-funded National Center for Biomedical Computing iDASH (integrating Data for Analysis, ‘anonymization’ and SHaring) hosted the second Critical Assessment of Data Privacy and Protection competition to assess the capacity of cryptographic technologies for protecting computation over human genomes in the cloud and promoting cross-institutional collaboration. Data scientists were challenged to design and engineer practical algorithms for secure outsourcing of genome computation tasks in working software, whereby analyses are performed only on encrypted data. They were also challenged to develop approaches to enable secure collaboration on data from genomic studies generated by multiple organizations (e.g., medical centers) to jointly compute aggregate statistics without sharing individual-level records. The results of the competition indicated that secure computation techniques can enable comparative analysis of human genomes, but greater efficiency (in terms of compute time and memory utilization) are needed before they are sufficiently practical for real world environments.

Genome Privacy: Challenges, Technical Approaches to Mitigate Risk, and Ethical Considerations in the United States

Accessing and integrating human genomic data with phenotypes are important for biomedical research. Making genomic data accessible for research purposes, however, must be handled carefully to avoid leakage of sensitive individual information to unauthorized parties and improper use of data. In this article, we focus on data sharing within the scope of data accessibility for research. Current common practices to gain biomedical data access are strictly rule based, without a clear and quantitative measurement of the risk of privacy breaches. In addition, several types of studies require privacy‐preserving linkage of genotype and phenotype information across different locations (e.g., genotypes stored in a sequencing facility and phenotypes stored in an electronic health record) to accelerate discoveries. The computer science community has developed a spectrum of techniques for data privacy and confidentiality protection, many of which have yet to be tested on real‐world problems. In this article, we discuss clinical, technical, and ethical aspects of genome data privacy and confidentiality in the United States, as well as potential solutions for privacy‐preserving genotype–phenotype linkage in biomedical research.

The Expressive Dimension of Donor Deferral

What if anything is wrong with the government policy that excludes men who have sex with men (MSM) from giving blood? Federal guidelines require that blood collection agencies permanently refuse donation by men who have had sexual contact with another male any time since 1977, the year that HIV is thought to have been introduced to the United States. The FDA justifies lifetime MSM deferral on the ground that it reduces the risk of transmitting the virus that causes AIDS. This short essay argues that the ethics of this policy depend on three dimensions of wrongful discrimination: discriminatory intent, discriminatory effect, and discriminatory expression. Discriminatory intent turns on whether illegitimate attitudes such as homophobia or irrational fear motivated enactment of the MSM deferral policy; discriminatory effect turns on whether the policy causes material or psychological harm; discriminatory expression turns on whether the policy communicates a social meaning - independent of any bad intent or bad effect - that reinforces the inferior social status of gay men as less respected members of the political community. Teasing apart these components is not just a matter of semantics. Doing so clarifies the policy’s moral stakes and shows why its expressive dimension is the greatest reason for disquiet. The wrong of discriminatory expression does not necessarily mean that the exclusion policy is not justified, in the absence of robust risk analyses and HIV screening, to protect public health. But it demands of the FDA a suitably worthy purpose, enacted with sufficient consideration of available alternatives, to offset the expressive costs that its exclusion incurs to the terms on which we understand ourselves and relate to others

A community effort to protect genomic data sharing, collaboration and outsourcing

The human genome can reveal sensitive information and is potentially re-identifiable, which raises privacy and security concerns about sharing such data on wide scales. In 2016, we organized the third Critical Assessment of Data Privacy and Protection competition as a community effort to bring together biomedical informaticists, computer privacy and security researchers, and scholars in ethical, legal, and social implications (ELSI) to assess the latest advances on privacy-preserving techniques for protecting human genomic data. Teams were asked to develop novel protection methods for emerging genome privacy challenges in three scenarios: Track (1) data sharing through the Beacon service of the Global Alliance for Genomics and Health. Track (2) collaborative discovery of similar genomes between two institutions; and Track (3) data outsourcing to public cloud services. The latter two tracks represent continuing themes from our 2015 competition, while the former was new and a response to a recently established vulnerability. The winning strategy for Track 1 mitigated the privacy risk by hiding approximately 11% of the variation in the database while permitting around 160,000 queries, a significant improvement over the baseline. The winning strategies in Tracks 2 and 3 showed significant progress over the previous competition by achieving multiple orders of magnitude performance improvement in terms of computational runtime and memory requirements. The outcomes suggest that applying highly optimized privacy-preserving and secure computation techniques to safeguard genomic data sharing and analysis is useful. However, the results also indicate that further efforts are needed to refine these techniques into practical solutions.

Preserving Genome Privacy in Research Studies

As the cost of genome sequencing continues to fall, whole genome sequencing data have become a viable alternative for improving diagnostic accuracy and supporting personalized medicine. Although they have the potential to advance public health and accelerate scientific discoveries, massive collections of genomic data also raise significant concerns about individual privacy. Like traditional clinical information, human genomes may reveal information about individuals (e.g., identity, ethnic group, disease association, predisposition to diseases such as diabetes or cancer, etc.) Even more concerning is the fact that the information is shared with ancestors and descendants, and thus loss of privacy may put the privacy of the entire family at risk. Genome privacy is a big challenge for the entire biomedical community, particularly since scientific discoveries depend on data sharing and obfuscation of data is not a good option to protect privacy. Multiple factors are involved in genomic privacy research. The components that can be used to better protect genome privacy include, but are not limited to, legal, ethical and technical aspects, e.g., federal laws, policies and regulations, informed consent policies, data use agreements, secure data repositories, as well as privacy-preserving data analysis methods. However, genome privacy challenges cannot be addressed by any single component alone. We envision that better privacy protection can be achieved through the incorporation of multiple components. The goal of this chapter to introduce the state-of-the-art in genome privacy research. This chapter begins with an introduction of genome privacy followed by an overview of the legal, ethical and technical aspects of genome privacy. After formalizing the genome privacy problem, we will review existing attack models on genomic data. The techniques for mitigating these attacks are discussed. This chapter concludes with the discussion of the challenges and the future directions in genome privacy research.

Medical Malpractice Claims in Radiation Oncology: A Population-Based Study 1985-2012

PURPOSE The purpose of this study was to determine trends in radiation oncology malpractice claims and expenses during the last 28 years and to compare radiation oncology malpractice claims to those of other specialties. METHODS AND MATERIALS We performed a retrospective analysis of closed malpractice claims filed from 1985 to 2012, collected by a nationwide medical liability insurance trade association. We analyzed characteristics and trends among closed claims, indemnity payments (payments to plaintiff), and litigation expenses. We also compared radiation oncology malpractice claims to those of 21 other medical specialties. Time series dollar amounts were adjusted for inflation (2012 was the index year). RESULTS There were 1517 closed claims involving radiation oncology, of which 342 (22.5%) were paid. Average and median indemnity payments were

The patient said he would rather die: Should you let him?

276,792 and

Privatizing procreative liberty in the shadow of eugenics

122,500, respectively, ranking fifth and eighth, respectively, among the 22 specialty groups. Linear regression modeling of time trends showed decreasing total numbers of claims (β = -1.96 annually, P=.003), increasing average litigation expenses paid (β = +

DISABILITY-SELECTIVE ABORTION AND THE AMERICANS WITH DISABILITIES ACT

1472 annually, P ≤ .001), and no significant changes in average indemnity payments (β = -