My Health - My Data

MyHealth-MyData (MHMD) was conceived and implemented to develop technologies for controlling personal data and at the same time to increase the scale of data-exchanges between citizens, public and private organisations for data-driven research and innovation. The MHMD Consortium thus developed new tools to enforce privacy, security, and regulatory compliance at each stage of the technology lyfecycles, i.e. implementing identity protection by-design achieving the following main objectives:
o The implementation of a blockchain infrastructure for biomedical data exchange, orchestrated by smart-contracts and realising a GDPR-compliant access control layer for both individual and institutional data assets.
o The validation of this infrastructure in operational settings, including commercial third parties and citizens acting as data providers, and demonstrating how it directly empowers individuals and organisations with intuitive tools to manange their data
o The implementation and testing of secure computation systems (homomorphic encryption, secure multi-party computation, federated learning with untrusted black box) as a novel solution to leverage sensitive data sources bringing the algorithms to the data, supporting advanced data-driven scenarios such as medical AI-systems development
o The development of the first dynamic consent framework based on blockchain, that allows to enforce the GDPR including the right to be forgotten, and its validation in real world settings
o The pioneering use of syntetic data, including artificial cardiovascular images, in the training of clinical AI solutions and the demonstration of their disruptive potential as a solution for truly scaling up data exchanges at industry level
o The study of citizens’ actual behaviour vis à vis their believes, opinions and preferences on a real world data sharing platform, providing key insights into design principles on which data exchange systems should be implemented in biomedicine.

"During the first period, MHMD focused on the development of a prototype capable of demonstrating key features of the system for hospitals, patients and researchers. The prototype was released in June 2018 and allowed hospitals and individuals to share data on the secure network and track their transactions, specifying permissions and consent policies; it also allowed interested researchers to browse the Data Catalogue (without leading to any risk of data breach) and to eventually access the selected cohort of de-identified datasets in full compliance with the GDPR. The set of integrated metadata appearing on the Catalogue is, in fact, purposely minimal while multi-layer secure computation and privacy-preserving methods are used in the background to compile aggregate query results estimating basic statistics and datasets’ contents to allow researchers and businesses to evaluate what information sources are relevant to their work.
On the basis of these key goals the MHMD Minimum Viable Product (MVP) was developed and released during the second period which focused on: 1) A full compliance analysis of the GDPR, ""by-design"" implementation in the platform; 2) the successful internal testing of security and privacy preserving features and functionalities 3) the following, successful, public hacking challenge of the platform, further validating its robustness and privacy preserving design 4) the deployment of the platform in all four participating hospitals demonstrating data exchange scenarios in real world settings 5) the release of the individual app and its testing in the general European population involving also a private third party data provider (Medicus AI)"

At the socio-economic level, MHMD contributes to rebalancing EU competitiveness in the biomedical sector with advanced privacy-enhancing technologies, while preserving European higher privacy and data security standards for individuals. This is mainly achieved thanks to both (1) its blockchain-based architecture for simplifying data sharing for hospitals, through advanced privacy-preserving and security tools; (2) its GDPR-compliant data sharing model designed for scalability at the industry and societal levels.
MHMD also supports patients in getting control over their personal health data, while protecting both the data subject and her personal data, thanks in particular to its smart-contract powered dynamic consent mechanism.
The combination of these innovations leads to the creation of a novel European ecosystem, involving a network of data sharing centres (e.g. hospitals, clinics, labs) interested in feeding the platform by providing access to their wealth of data thanks to MHMD privacy enhancing features, secure and trustable conditions, thus enabling the set up of a knowledge network, revolving around an “Information commons”, providing continuous data flow from individuals and healthcare providers to the research community, harnessing data for improving European competitiveness in the field of precision and personalised medicine. The ultimate impact sought by MHMD was to:
1) To facilitate access to sensitive health data while maintaining privacy and security in compliance-by-design with the GDPR.
2) To allow individuals to gain a new level of control over their data, using a dynamic consent interface and being generally more engaged in the management of their health data;
3) To unlock the value of large (big) biomedical data sets and thus foster innovation, including the development of medical artificial intelligence solutions.
MHMD managed to provide these impacts, supporting the creation of an advanced data-driven ecosystem for the biomedical sector, sustaining EU competitiveness while enabling the full implementation and enforcement of the newly-introduced GDPR, which was one of the principal value proposition of the project. The development of tools for secure and privacy-preserving data analysis (the “visiting mode”), including also federated machine learning, establishes a robust proof of concept for this new data access modality showing how it can support the biomedical innovation value chain, from biomedical research to AI development. Additionally, the project pioneered a novel methodology for creating fully synthetic datasets, managing to combine the richness and granularity of individual dataset with the complete anonymity generated through an algorithm, and not directly linked to any specific individual. The usage of this methodology at scale will significantly facilitate the creation of significant and high-quality datasets free from the GDPR-related privacy concerns and regulatory burdens associated with standard datasets, benefitting both the industry and the biomedical research.