Table of Contents
Fetching ...

A sandbox study proposal for private and distributed health data analysis

Rickard Brännvall, Hanna Svensson, Kannaki Kaliyaperumal, Håkan Burden, Susanne Stenberg

TL;DR

The paper addresses privacy-preserving distributed analysis of health data under EHDS governance by proposing a sandbox study within the SARDIN project to test privacy-enhancing technologies. It envisions the Health Data Bank as an edge-based platform where analysis tasks are sent to local data locations, leveraging federated analysis, secure aggregation, and differential privacy to avoid central data collection. Four open proxy datasets (Heart, Framingham, Adult, BRFSS) are used to evaluate privacy-utility trade-offs across centralized, decentralized, and secure decentralized scenarios, with metrics such as the critical DP parameter $\epsilon$. Results show that combining secure aggregation with differential privacy enables significantly lower privacy loss for larger federations while preserving accuracy, guiding guidelines for data controllers and EHDS alignment. The work aims to inform policy, platform design, and cross-domain privacy practices, extending PETs beyond healthcare.

Abstract

This paper presents a sandbox study proposal focused on the distributed processing of personal health data within the Vinnova-funded SARDIN project. The project aims to develop the Health Data Bank (Hälsodatabanken in Swedish), a secure platform for research and innovation that complies with the European Health Data Space (EHDS) legislation. By minimizing the sharing and storage of personal data, the platform sends analysis tasks directly to the original data locations, avoiding centralization. This approach raises questions about data controller responsibilities in distributed environments and the anonymization status of aggregated statistical results. The study explores federated analysis, secure multi-party aggregation, and differential privacy techniques, informed by real-world examples from clinical research on Parkinson's disease, stroke rehabilitation, and wound analysis. To validate the proposed study, numerical experiments were conducted using four open-source datasets to assess the feasibility and effectiveness of the proposed methods. The results support the methods for the proposed sandbox study by demonstrating that differential privacy in combination with secure aggregation techniques significantly improves the privacy-utility trade-off.

A sandbox study proposal for private and distributed health data analysis

TL;DR

The paper addresses privacy-preserving distributed analysis of health data under EHDS governance by proposing a sandbox study within the SARDIN project to test privacy-enhancing technologies. It envisions the Health Data Bank as an edge-based platform where analysis tasks are sent to local data locations, leveraging federated analysis, secure aggregation, and differential privacy to avoid central data collection. Four open proxy datasets (Heart, Framingham, Adult, BRFSS) are used to evaluate privacy-utility trade-offs across centralized, decentralized, and secure decentralized scenarios, with metrics such as the critical DP parameter . Results show that combining secure aggregation with differential privacy enables significantly lower privacy loss for larger federations while preserving accuracy, guiding guidelines for data controllers and EHDS alignment. The work aims to inform policy, platform design, and cross-domain privacy practices, extending PETs beyond healthcare.

Abstract

This paper presents a sandbox study proposal focused on the distributed processing of personal health data within the Vinnova-funded SARDIN project. The project aims to develop the Health Data Bank (Hälsodatabanken in Swedish), a secure platform for research and innovation that complies with the European Health Data Space (EHDS) legislation. By minimizing the sharing and storage of personal data, the platform sends analysis tasks directly to the original data locations, avoiding centralization. This approach raises questions about data controller responsibilities in distributed environments and the anonymization status of aggregated statistical results. The study explores federated analysis, secure multi-party aggregation, and differential privacy techniques, informed by real-world examples from clinical research on Parkinson's disease, stroke rehabilitation, and wound analysis. To validate the proposed study, numerical experiments were conducted using four open-source datasets to assess the feasibility and effectiveness of the proposed methods. The results support the methods for the proposed sandbox study by demonstrating that differential privacy in combination with secure aggregation techniques significantly improves the privacy-utility trade-off.
Paper Structure (27 sections, 3 figures, 4 tables)

This paper contains 27 sections, 3 figures, 4 tables.

Figures (3)

  • Figure 1: Illustration of a network of three edge nodes and a central coordinating node that make up a minimal example of the Health Data Bank. Only program code and aggregate results are communicated over the network, while source data remains at the edge node. Data protection is enhanced by secure aggregation and differential privacy.
  • Figure 2: Privacy-utlity trade-off for the thalach column of the entire heart dataset (assuming only one node, K=1) reported as the 95% confidence band of disclosed value for 10000 samples at each value of the privacy parameter epsilon. We note from the right panel (b) that the sampled values for variance remain non-negative for the log-normal mechanism.
  • Figure 3: Privacy-utlity trade-off for the thalach column of heart dataset for different sizes of the federation (K) reported as the 95% confidence band for 10000 samples at each value of the privacy parameter epsilon. The red dash-dotted line displayed the critical t-value for making meaningful decisions by the test -- its intersection with the upper confidence envelope of the disclosed t-stat yields for each K yields its critical epsilon value.