Data Privacy and Security in Genomics and Healthcare

For most individuals, storage of genomic information raises concerns regarding data privacy, and with good reason. Current medical research studies and databases harbor numerous potential vulnerabilities in their approach for protecting participant identity. This in turn raises broader issues about safeguarding user privacy as more information becomes readily accessible to the public. These issues are becoming more and more challenging, as genomic technologies and information are used increasingly outside of research and healthcare settings.

Health data are an increasingly popular target for hackers, as this data can sell for more money than credit card numbers in an increasingly sophisticated black market, including the dark web or darknet, where such private information is sold and resold.

Health data security should remain a top priority for governments, pharmaceutical companies, biobanks, and clinical research organizations of all sizes. At Shivom, we’re taking the approach of blockchain technology to store patient data, solve privacy and identity issues, reduce vulnerability to cyber-attacks, and secure valuable IP.

More information on blockchain technology can be found here (link to previous blog re blockchain). The reason for using blockchain are numerous, but one important aspect is that the consequences of even a single cyber-attack penetrating a network of patient data can be devastating, resulting in enormous losses. An ever-increasing amount of high-profile cyber-attacks have hit companies in recent years. For example, last years attack on Quest Diagnostics which provides diagnostic services to millions of Americans each year. The company joined the list of healthcare companies targeted by hackers when it announced a data breach that exposed the health information of about 34,000 people (link to story). Other data breaches were even bigger, for example, in 2016 when US health insurance giant Anthem (a part of the Blue Cross Blue Shield Association) announced a massive breach that compromised the data of 78.8 million people. Attackers gained unauthorized access to Anthem’s IT system and obtained personal information from customers such as their names, birthdays, medical IDs, social security numbers, street addresses, email addresses and employment information, including income data (link to story).

Another unsettling case was when in spring 2017 attackers stole half the US population’s sensitive personal data, Social Security numbers and credit card numbers from the credit reporting agency Equifax, yet individuals were not notified by the company until September. It has been marked as the worst data breach in US history (link to story). The Equifax hacking has created uncertainty over an estimated 143 million Americans who could be facing a serious threat of identity theft for the rest of their lives. On average, every day there are breaches in global healthcare systems. In the US, the majority (59.2%) of breached patient records were attributable to insider incidents. This clearly demonstrates that there is a significant security risk associated with centralized ownership of personal records.

At Shivom, we believe decentralization of the health and R&D data using blockchain is a step in the right direction for protecting personalized health records and all associated healthcare data. Although 100% crime prevention is impossible, using blockchain, we can gain the possibility of full detection, accountability, and audibility across highly complex systems.

We believe blockchain technology will help to reconcile the often-competing values of privacy and innovation.

The reason for this is that many people do not have confidence about giving out their personal health data online. This means they are less likely to use online services and applications, which can help foster innovation and drive personalized and self-managed healthcare.

We aim to change that mindset — providing safety and trust to all users. We will put the data owner in control, by implementing fine-grained consent and smart contracts on top of all processes. Valid, informed, freely given consent must be explicit for data collected and the use cases of the data. Blockchain technology will make sure that data privacy is not violated and that all participants are able to prove “consent” (opt-in), and any consent may be withdrawn at any time. For data storage, this means that when outsourced data storage on federated remote cloud infrastructure is used, only the data owner, not the cloud service or participants of the Shivom ecosystem, holds the decryption key.

Effective data protection means putting individuals in control of their personal information. We enable this by strengthening existing rights and by increasing access to those rights. The idea is simple. It’s the users’ data and they will decide how it’s used.

— By Axel Schumacher,CEO of Project SHIVOM

Natalie Pankova,CSO of Project SHIVOM