Case study

Encryption prescription for medical data

We’re part of an international research study investigating the use of advanced encryption to keep our medical data secure.

The issue

Advances in clinical medicine mean we are able to treat and diagnose a growing number of even the most serious health conditions. But as our medical knowledge base expands, so does the amount of clinical data collected by health services. These rich data sets often contain sensitive patient information - and keeping these details secure is a growing concern especially in the light of new data protection regulations.

The issue of data security also limits the ability of researchers to analyse data in the search for diseases such as cancer. Cancer data is held in locations all over the world and this information could be digitalised, labelled, collected, stored and interpreted as part of the search for potentially life saving diagnosis and treatment. But, the information belongs to a countless number of individuals – and their right to data privacy weighs just as much as the dream of curing a lethal disease.

The research

Professor Delaram Kahrobaei from York’s Department of Computer Science is part of a team researching the use of an encryption method known as fully homomorphic encryption (FHE). Often described as the ‘holy grail’ of cryptography, it is already used in engineering and mathematical applications - now researchers are exploring its use in the medical field as a method of ensuring even the most sensitive medical information is kept secure.

The advantage of FHE is that it allows computational analysis to be carried out on data that is already encrypted, without the need for the data to be decrypted first - and made potentially insecure. It relies on the use of decryption keys to provide secure access to the results of data analysis, which in a hospital setting could include clinical information such as statistical analysis, genomic or medical data. It is a method which opens up the possibility of the secure transfer of encrypted data from a client to an external organisation for analysis with the returned encrypted results only accessible to the client.

The outcome

The research has added to developments in the use of FHE in medical applications, including allowing clinicians to access analytical models without having to share patients’ medical data. As part of the research, FHE was tested in a collaboration between computer scientists, mathematicians and computational medical scientists at the University of York, City University of New York and the University of Michigan. The study aimed to classify breast cancer data as benign or malignant – completely preserving data-privacy.

The lesson is clear: fully homomorphic encryption could be the foundation for bringing healthcare into the digital era.

Professor Delaram Kahrobaei
Lead researcher
Featured researcher

Delaram Kahrobaei

Professor Kahrobaei is Chair of Cyber Security at the University of York.

View profile