1.Introduction

Reports of data breaches from healthcare organizations are growing in number and severity. The problem is worsened by the way that data is shared between healthcare systems, either within a national healthcare system or between countries using transnational patient summaries. The structure of disaggregated healthcare systems in federated healthcare poses challenges of greater order. This is because small patient numbers with identical diagnoses are distributed across siloed datasets in different jurisdictions without independent access that would allow their data to be linked. These patients form a potentially high-impact subgroup where the size of any one part of the subgroup does not meet the threshold for publication, but where aggregation of the associated parts of the whole makes publication desirable and unjustifiable. Therefore, a solution is proposed, legal barriers permitting, that can integrate these patient data to allow for the required statistical analysis to be completed in a distributed form across separate systems.

Owing to issues of patient confidentiality, privacy-preserving techniques that operate on encrypted patient data are the only viable option. Data encryption also allows for the separation of powers required to meet legal requirements around accessing patient data. In addition, the partition of data means data are not shared and reside at source, meaning that no single system has access to full data for all patients from the other systems. We discuss the use of Secure Multi-Party Computation techniques for this purpose and apply the technique to a federated healthcare record linkage and ontological classification use case.

1.1.Background and Motivation

In healthcare, patient data is constantly being produced, from routine check-ups to emergency hospital visits. This data covers wide and varied information, often touching on the most intimate aspects of personhood. With modern healthcare’s increasing digitization, the amount of healthcare data being produced increases. However, due to the sensitive nature of this data, confidentiality isn’t the only focus; privacy preservation of patient data is of increasing importance. This is especially the case when healthcare data is to be analyzed collaboratively: historically, this data was siloed within a single healthcare provider’s systems, but the collaborative research potential that could be unlocked by bringing together data from different systems is now recognized.

There is growing recognition of the necessity of privacy-preserving solutions that allow features of joint healthcare data to be explored without compromising patient privacy. While widespread data breach events have cycled onto and off the front pages of international news publications for the last several years, the consequences of insufficient data protection within hospitals and similar settings cannot be overstated. The fallout from such data breaches is not limited to financial losses incurred in hacks and legal fees; the squandering of patient trust can have far-reaching effects on healthcare outcomes. Outside of these consequential failures, the motivations for ensuring patient data effectively resists unsolicited access are bolstered by several concurrent societal and technological developments, the legal incision between these often blurring.

The ability to analyze electronic health records across disparate healthcare organizations is increasingly important. While secure data transfer remains a priority, the mounting discussion on data ownership and the blockchain-like rise of decentralized connected devices across numerous industries introduces intriguing new use cases for secure multi-party computation methods. For the span of federated healthcare, solutions that allow parties to compute statistics across a curated portion of data without revealing the data or even their parameters off-network would minimize the risk of reidentification. Thus, small and large healthcare organizations have increasingly voiced the need for such a system; an industry poised to benefit from the resultant performance and safety improvements stands at the cusp of contamination management: integrated care, medical research, and Big Pharma.

1.2. Research Objectives

The general aim of this thesis project is to contribute by working with secure multi-party computation and developing generic frameworks for healthcare and clinical research. The goal of the work is to enable the analysis and visualization of patient data across federated healthcare systems without compromising patient privacy. More specific detail on our overall objectives for the broad area of secure multi-party computation in healthcare can thus be presented:

1. a) Review existing secure multi-party computation techniques in the healthcare literature to understand current approaches and reported issues. b) Understand the patient and clinician perspective on sharing patient data using existing workflows and techniques. c) Build a generic secure multi-party computation framework for privacy-preserving summary statistic calculation across multiple data sources. d) Enable workflow management through the identification of new or appropriate use of existing technical solutions to implement clinical trials and patient care pathways where shared information is based on secure multi-party computation of patient data across multiple healthcare providers and/or patient-owned health data. e) Explore the potential for shared decision-making in the context of multi-party computation to generate Group Patient Reported Outcome Measures during a consultation to support decision-making.

It is not our intention to study the privacy risks of the added noise of differential privacy, nor do we wish to broach existing secure multi-party computation work related to the medical industry. Our primary advantage will be our focus on existing medical professional behavior and techniques. The outputs of the research will directly contribute to the field of secure multi-party computation and would also have considerable scope and power for the ethical sharing of patient data generally. Our own research will collate a detailed assessment in this direction. A secondary but also valuable output will be to further encourage collaboration between local and national care providers for equitable patient care. We plan to conduct a thematic analysis of anonymized interviews and publish the results.

2.Foundations of Secure Multi-Party Computation

Secure multi-party computation (SMPC) is an important privacy-enhancing cryptographic technique. Its core idea is to enable a set of parties to jointly compute a function with the guarantee that none of the inputs will be disclosed to anyone but each individual party. In general, secure computation provides a principled way to implement multi-party computation capabilities in a country where privacy and integrity are among key requirements. Techniques and protocols for secure computation have been subjects of extensive research at both theoretical and practical fronts. Security Goals Guaranteeing the confidentiality and integrity of the data to be computed upon are essentially two fundamental security goals for secure multi-party computation. More precisely, we want the computed result to be maintained confidential and be the only output produced by the joint computation. Also, we require the computation to be faithfully performed on authentic data, i.e., the result should reflect the outcome of the computation of the actual inputs faithfully. Beyond these fundamental securities, more advanced security notions requiring imbalances of the parties, fairness or cheating detection and identification may need to be achieved in specific applications. Cryptographic Techniques Underlying Secure Computation From the cryptographic perspective, secure multi-party computation ensures that each party can locally check the correctness of the computation and will not allow the exposure of any sensitive information. There are various theoretical frameworks underpinning related but not identical interactive or non-interactive secure computation concepts which are endowed with distinctive advantages or limitations. Unfortunately, the promising theoretical results might not guarantee straightforward and practical implementation. Despite the fact that many efficient protocols for different secure computation problems have been developed to date by the research community, the required extensive but complex cryptographic operations remain an obstacle for the practical collective computation of big data.

2.1.Definition and Principles

Secure Multi-Party Computation (SMPC) can be defined as a mathematical theory and a set of cryptographic techniques. The primary aim, though, is to perform a joint computation of a number of parties’ private inputs, such that those inputs are not revealed to anyone except the designated output partners. In other words, a privacy-preserving computation is performed where privacy is understood with respect to what is learned from the outputs. Security implies participants learn nothing more about the inputs than the output of the computation partnered with their own input – i.e., privacy only holds with respect to what is learned. There are different formulations of what is meant by “fairness” or “showing that no one is lying.” It is also possible to have detection of cheating – that is, a participant who gives out enough information is discovered and “punished.” These basic definitions and terms must be agreed upon if we are to scale from an abstract, theoretical level of application in well-controlled scenarios to applications in real-world, complex systems. The goal is to be able to perform precisely the same computations that are performed in today’s healthcare organizations, where all data is drawn from all patients and analyzed, but without anyone learning anything about the data beyond what is strictly necessary for the data analytics to be performed. It is important that the formal definitions focus on what is learned rather than where data is stored, how many parties there are – these should be irrelevant (unless what is learned is conditioned on these features). You could try to define security in terms of the impossibility of “linkage attacks” – that is, by using input/output information, the attacker can link their own information with the set of recreated inputs. But this is probably not sufficiently general. These basic definitions and terms must be agreed upon if we are to scale from an abstract, theoretical level of application in well-controlled scenarios to applications in real-world, complex systems.

2.2. Key Techniques

The key techniques nowadays used in SMPC are modern and efficient cryptographic tools and protocols, which allow secure multi-party computation (MPC). Modern techniques are based on well-established cryptographic and theoretical foundations regarding distributed computing. Many of these techniques are based on using various cryptographic methods such as encryption and decryption, both public-key and symmetric. These techniques typically enable two or more parties or servers to jointly compute a randomized version of a certain function, where neither server knows the inputs for which the function was computed nor the resulting output or intermediate steps of the function. These modern techniques have been proposed because of the need for privacy-preserving and confidentiality of different parties participating in the computation or analysis, such as in healthcare.

Some of the most crucial cryptographic techniques that are used are Homomorphic Encryption (HE), particularly Fully Homomorphic Encryption Protocol (FHE), which allows computation on encrypted values. It allows computations on encrypted data or messages, which in turn yield an encrypted computation result, without prior decryption of either the encrypted operands or the operator. Consequently, when the decryption step is performed using the secret key, the result obtained is consistent with what would have been obtained had the operands been operated upon directly instead of their encrypted forms. Secret Sharing (SS) is another cryptographic technique used to protect a number of secrets for confidential sharing. This technique divides a certain secret or sensitive information into parts or shares, such that each participant owns a single share. These shares are then distributed among different servers or participants for storage or authentic repossession. Secure multi-party computation has been applied to the healthcare domain for various analytics such as predictive modeling, patient risk stratifications, and cohort identification. These techniques have been widely used in large-scale healthcare or EHR analytics because of their ability to provide privacy-preserving and secure solutions for different parties, allowing them to conduct collaborative analysis while maintaining the confidentiality of their private data. These modern techniques provide an incentive for various large organizations or multiple healthcare systems to adopt a federated approach for sharing their patient data for collaborative analysis. In this survey, we will discuss various advanced, efficient, and practical cryptographic techniques that underpin current secure multi-party computation systems being used and their relevance to healthcare. Understanding these techniques will provide insight into some of the advancements in secure modern multi-party computation systems.

3.Privacy-Preserving Analysis of Patient Data

The issues surrounding privacy-preserving analysis of patient data primarily relate to patients’ information and its sensitivity, as well as to legal restrictions and obligations. Medical privacy regulations dictate that some data may not be shared across systems. These, like excellent data security, are meant to protect patients. However, advances in genetics, payment systems, and consumer-driven healthcare also dictate that patient data be usable and readily available. In research settings, patient privacy has always been and continues to be important primarily due to ethical obligations. This importance grows when more of the data being analyzed can be directly linked to an individual person. Researchers, analysts, and data providers all want to maintain a balance between making data accessible and protecting patients’ privacy. Sharing sufficient data for analyses that answer key health policy and planning questions can be accomplished without revealing personal information. When personal health facts are obtained or accessed in error or by a hacker, data-associated risks occur. Although many risks are associated with the release of individual medical records, we focus on those with the greatest potential impact. These include kidnapping, identity theft for drugs, blackmail, and job or insurance denial.

In most situations, a distributed, consortium-centered approach to data analysis that brings analysts to the data, rather than the data to the analysts, is preferred over a centralizing, data repository individual centered strategy. Possible benefits to the consortium approach include more straightforward legal considerations, greater analytical and procedural flexibility, and, in many cases, timelier data access. Misconduct when managing personal health facts, even if not accompanied by any of the most damaging releases, can seriously affect the participants’ trust in an identifiable patient health facts system. Particular concerns have arisen recently around the direct release to the public of unaggregated data when identifying information, such as dates of birth, is still included. Therefore, there are many interdependent factors that need to be taken into account when providing access to patient data for analysis.

Safe, privacy-preserving ways to analyze patient data that address all of these concerns are needed. The methods have to be trustworthy but not costly. Techniques with formal privacy guarantees can address many of these problems, but they may ‘over-protect’ and reduce accuracy in some instances. The secure multi-party computation framework has the potential to mitigate these challenges and can be used as a basis to demonstrate improvements over existing systems using classifiers, and also as a basis for a solution to process rivals’ data securely.

3.1.Challenges and Considerations

When considering the privacy-preserving analysis of patient data across federated healthcare systems through multi-party computation, there are some considerations and challenges that must be addressed. This involves reviewing the existing challenges in clinical and epidemiological research. The following paragraphs examine these considerations in detail.

Currently, healthcare organizations are interested in sharing their clinical and other data for clinical and epidemiological research. Data in healthcare systems is heterogeneous across different organizations due to differences in infrastructure, such as varying database vendors, and patient populations due to regional limitations of each healthcare institute, compounded by differing regulations, standards, and vendor-specific functionalities across institutes. Exchanging this data between these disparate infrastructures across different entities requires patient-led data sharing to obtain results on a large, global scale.

When multiple parties contribute parts of their datasets to draw insights, biases and inaccuracies can be amplified; those responsible for research may not be aware of regional variations. The information available in such analysis results could also be used by malicious parties to uncover private information about the patients and potentially deanonymize them, thus breaching their privacy. All these factors together can greatly affect research studies’ translatability to reality, and vice versa. When considering privacy-preserving analysis in healthcare, mature governance frameworks must take into consideration the right to health combined with the right to privacy; the public health benefit from a research paper should not have an imposing effect on individuals’ privacy. Some practical challenges associated with the use of multi-party computation in healthcare include the heterogeneity of data structures across different healthcare systems and the need for data to be formatted into analysis-ready datasets. Tools for the automated conversion of diverse data types into analysis-ready formats generally exist in data analysis platforms. Importantly, in the context of cross-organization data sharing, most organizations are unlikely to share full datasets, motivating the use of privacy-preserving techniques to securely derive insights across datasets. Additionally, data protection laws introduce significant regulatory roadblocks that organizations are often unable to overcome.

Reporting on data with many missing patients was considered a priority concern to reduce the patients’ risk of reidentification. Given that a certain threshold for low-information cells is reached, reporting of cell sizes was skipped. Using such rules on when to suppress certain information incurs the risk of enriching information to researchers. Researchers may, by assessing the lack of information in the reports, derive rough estimates of the number of patients in the dataset. Practical measures to understand the intra-organ data, as well as the output of a privacy-preserving analysis, include principles of a need-to-know basis and data minimization, which restrict an individuals’ information to that relevant for a particular research question, and any information that is not necessary to be processed is not processed.

3.2.Existing Approaches

Privacy-preserving analysis of patient data in healthcare is a known research field. Multiple methodologies are already in use in healthcare settings that attempt to combine adequacy and privacy. A widely discussed solution to providing data adequacy and privacy in healthcare is offered by making use of a privacy mechanism called differential privacy. Another widely discussed approach is to use secure computation and, more specifically, secure multiparty protocols to guarantee that privacy would not be breached. Today, issues can already be found that use homomorphic encryption, which is one of the types of secure multiparty computation.

Both discussed methodologies suffer from the fundamental issue: by incorporating privacy in algorithm computations and neglecting information about unimportant details, a study could introduce bias. There is a whole range of methods that give hope to solve the mentioned problems; the examples are secure multiparty computations. This happens since SMC essentially enables computation on data that cannot be read and processed all in one place. SMC covers those methods that are used to perform computation on data that is in the possession of different parties that do not want the data to be shared with the other party and, at the same time, are looking for specific results. This technology requires parties to compute cryptographic protocols via data they hold to find answers that no one can see. This assures the privacy of the data managed via cryptographic protocols.

4. Federated Healthcare Systems

Federated healthcare systems deal with patient data management in different, independent, and

decentralized healthcare entities and sites. They offer an environment in which patients can be cared for in a coordinated fashion, receiving high-quality healthcare without having to step outside of their own local and familiar healthcare facilities. A federated system can also be defined as a system in which isolated data items are distributed or replicated at multiple sites, such that data processing happens at the same site as the data items, and interactions exist between those sites. If an entity enrolls a patient, the patient’s information will be available at the entity’s site, with a subset of the information shared and kept updated with dual encryption at the coordinating body’s site based on trust and agreements between the entities to share selected information.

Each member of a federated healthcare system, the coordinating body and the facilities, can be considered as mashup healthcare systems. The facilities perform as members of the coordinating body if they coordinate the entities’ data and enable secure sharing in the system. Confidentiality-preserving predictions of diseases can justify the need to share national patient data, as these predictions contribute to increased patient safety and global predictive modeling. However, federated systems are known to challenge the realization of collective healthcare knowledge by having different ways of collecting, storing, and processing patient data. Members in the systems are independently governed and as such require localized management and trust. The benefits of federated systems are improved data accessibility where the processing sites are also the data holding sites, and the local environment is familiar and collaborative to the patient. The main constraint is achieving technical and legal requirements that ensure federated systems are not antithetical to data protection laws.

Where the entities have the potential of working within or across federated systems, it is important to provide options for securing integration operations. Generally, possible integration options are determined by obtaining extracts from relevant datasets, securing their movement or integration by the body partners, and summarizing results. There are, however, options that have evolved as healthcare systems improve inter-working functionalities across regions. Clinical research networks for medical imaging exemplify federated imaging datasets across research hubs. Images exposed initially on distributed nodes are sold to a federator node, while keeping the local image copies private. Security principals use a secure federation node to access indexed data from a guard; this makes indexing digital imagery simple for busy workflow and management systems. Finally, healthcare billing research is in operation through the secured access method. Each service organization creates a tailored and unrestricted profile report that is stored at the central administration site in accordance with the Data Protection Act. The shared information hub provides linking, matching, and secure release of detailed tailored reports. Research findings at the national level are published as aggregated results. Consequently, operational frameworks for entities already operating within or across federated systems alongside that of the body partners in the healthcare management domain are presented.

4.1.Definition and Architecture

4.1 Definition and Architecture

In federated healthcare systems, multiple healthcare entities can perform joint statistical analysis without sharing or centralizing their data. In other words, the data of the participants remain in the institutions’ systems, and the result of the computation can only be observed by the participants. If designed in an appropriate way, this federated structure is not a direct target for cyberattacks, as the adversary would need to infiltrate all or most healthcare entities to gain the data suitable for re-identification and corrupt the results of the analysis. Essentially, this makes analysis in such systems less vulnerable to malevolent participants than traditional plaintext sharing systems. Benefits of this approach include that resource requirements for network and storage will not be as high as traditional plaintext sharing systems and will make such systems attractive for smaller institutions. In short, federated systems are multiple datasets distributed across multiple locations, collaborating with each other while all contributing to one result.

Different healthcare entities, such as hospitals, insurance, and research, join a federated network. Core components for analysis surround federated learning: data in the respective databases remains local in edge servers, and decentralized processing through secure multi-party computation. Only the results of the computation — be it the learned global model or model parameters — are shared with the edge servers and centralized in the result server of the AI/ML participant defining a federated healthcare system. Such systems are traditionally open, but they can be adapted for use as a private network. The architecture conceived uses a private version of the open federated network. All edge and result datastore instances must support the use of secure multi-party computation.

4.2. Benefits and Challenges

4.2.1. Benefits Federated systems for health data sharing have several potential advantages. The systems allow access and contributions from a wide array of institutions, including academia, local practices, hospitals, pharmacies, and diagnostic service providers. By leaving data in local databases, federated systems seek to respect patients’ preferences for care close to home. Local control and governance decrease the likelihood of data being used without local benefit. Furthermore, the degree of privacy protection is directly under local control. If one decides that particular research is only ethical in an options system, such a system could easily be built in the federation. Thus, it is easier for data controllers of the individual institutions contributing data to audit the use of the data. Further, as a privacy by design mechanism, the needed external data-use agreements are minimally complex, essentially stating that an institution can use the federation with a joint data-use governance without getting re-evaluated for every project as long as they use the system in compliance with the overarching terms agreed to when joining. These systems can also encourage collaboration between data holders, optimizing health data quality through data matching. Overall, they could be particularly good for data arising from routine care, where patients are treated according to established best practices and where a broad patient population analysis is required to establish which treatment modality is likely to have the best outcomes.

4.2.2. Challenges Federated systems require significant local investment in data infrastructure in individual institutions. Data from different sources often have yet to be internally standardized, and because they still represent actual practice, they can change frequently. For these reasons, international federations should be built with an algorithmic ability to pull data from the contributing systems while respecting a location’s perspective on what is the routine practice. Integrating data from various sources also complicates the handling of the data. The development of robust governance rules to navigate variations in terminology and data protection rules has been a significant roadblock in the development of these federations. In addition, the regulatory landscape varies concerning access to and use of health care data in different countries. Finally, while the responsibility for decisions on data access and control currently lies with the individual data controller, federations linking controllers have to provide ways to manage these decisions also at a superordinate level. Nonetheless, this information can allow an institution to consider both the advantages in research data that access to a federation can afford and the possible governance costs, and may allow them to improve their use of data within individual institutions. Moreover, recognizing the current informatics background of data holders can allow for better support and resources to be made available.

5.Applications in Healthcare

Decisions made by healthcare facilities, professionals, and researchers have a direct and often profound impact on humans. Though many decisions are complex, data-driven decisions are increasingly demonstrated to improve patient outcomes. In these next sections, we describe some potential applications of secure multi-party computation in many fundamental process domains. These sections are certainly not exhaustive, but they should give a sense of the range of changes that could occur.

Case Study: Collaborative Disease Tracking. It could be practical to collect known details from multiple sources and look for conjunctions” particularly for rare incidences such as certain types of cancer. Visual inspection or automated methods can determine which conjunctions are interesting for detailed analysis, location of a potential environmental hazard, etc. Though the Washington Department of Health might be ready to launch such disease tracking on its system, others might not be. There are many possibilities for using SMPC to transform areas of healthcare. For example, physicians and clinics could compare their data to that of others and better run clinical trials or ethics reviews on patient data with enhanced scrutiny and respect for individual privacy. Clinical data might be shared privately. Other advanced features of this datasharing system include splitting smoking gun liability data into different parties with no one able to actually prove the smoking gun. Again, throughout we note where enabling this class of use requires studying the legal and ethical implications. An anonymous reviewer suggests the example of auditing the federal tax system without collecting all personal information in one place to reduce vulnerability to theft, privacy invasions, and political misuse.

Finally, in many areas, powerful publicly funded research structures do not currently share data. SMPC can allow different organizations to conduct joint operations while keeping inputs private. As an example, this improves the efficiency of the hierarchical clinical trial system. That is, a few cases can be studied with complete privacy for the consultants to provide limited guidance on whether “to stay the course or revise procedure. In general, multi-institutional researchers can improve statistical power by using population strata administered by one institution to answer questions posed by another. In the same vein, SMPC can be used as a privacy-preserving mechanism to protect identity during such large-scale data mining and linkages. In the following text, the section “Limitations and Ethical Considerationsâ€​ concludes with a discussion relevant to parts of this section. In particular, nowhere do we take a stand on whether the application in question should be pursued—some questions should be explored fully in advance as a condition for their being ethical.

5.1.Disease Surveillance and Outbreak Detection

Secure multi-party computation (SMPC) or privacy-preserving computation can be used within healthcare settings to share data and jointly carry out computations. In this situation, SMPC would allow multiple healthcare organizations to share and analyze streams of patient hospital data to monitor any increases in patients entering hospitals diagnosed with influenza, COVID-19, or C. difficile. SMPC can calculate and share streaming statistics without revealing which patients are in the hospital or the results of any calculations carried out on the patient data. Instead, each data provider can be allowed to learn about data to which they have contributed, but no one could link the results of that computation to any other specific patient or information available only to another data providing entity. In such cases, it would be highly beneficial for multiple hospitals to perform this kind of analysis using data across all the sites. In the early 2000s,

prospective disease surveillance using record linkage was identified as a key service for the Northwest Public Health Observatory. SMPC could provide a useful tool for sharing such information without the need to establish a data safe haven or to re-identify or pseudonymize data to create a centralized database across multiple healthcare sites.

Proof that data sharing can enhance public health can be found in the experience where effective security and privacy methods for doing so were developed with a matter of urgency, particularly in the UK with a partnership. Providing the most up-to-date statistics on the number of admissions involving patients within a geographical region would support public health responses such as pressure on A&E, transfer of patient cases between hospitals, bed allocation, and secondary prevention. It could be used to identify, evaluate, forecast, and intervene to prevent the adverse effects of events including disease outbreaks, e.g., for airborne diseases, bio-terrorist attacks, or for any adverse events, i.e., respondents admitted to accident and emergency departments (A&E) and/or hospital admissions, from or involving individuals with special radiological or nuclear characteristics. The data signals which could be transmitted are important for event observatory impacts because early impacts can be mitigated effectively through an appropriate response. For example, an outbreak patient scenario could lead to restricted air travel, ‘front-line’ medical staff illness and quarantine, pharmaceutical stockpile redistribution, etc. Finally, understanding when and how these types of signals could change is important in defining triggers for appropriate government, emergency services, and hospital internal policy responses. Little work has been done on early signals for a range of potential future emergency scenarios with the broad capability to affect beyond the interests of a single country. The work aimed to fill this gap using an approach called scenario-based Delphi.

5.2. Clinical Trials and Research

Clinical Trials and Research: Secure multi-party computation can be a useful solution in many forms of multisite clinical trials and research. To obtain robust outcomes, clinical trials and research often require the collection of diverse patient data from a variety of different locations. However, the data sharing process requires privacy measures to be in place, which is a potential application for secure multi-party computation. While securing data sharing is primary, the use of privacy-preserving techniques is beneficial for assured participant trust and may influence study participation rates. There are very few examples of secure multiparty computation being approved for use in clinical trials. However, successful implementations include a trial claiming increased efficiency and integrity of generated data. The impact of secure multi-party computation on outcome analysis, trial management, and participant involvement requires further exploration with wider adoption. Overcoming regulatory hurdles and technical challenges, such as compatibility between existing hospital systems, pose key barriers to wide uptake.

Regulation Approval: The privacy utility of secure multi-party computation in clinical trials has been acknowledged by regulators. Regulatory authorities require ongoing progress in international privacy legislation, collaboration with regulators, and compelling data security outcomes to demonstrate that secure multi-party computation represents an acceptable approach for use in meeting regulatory requirements. The guidelines recommend a PC approach to local protocols and close consultation, ensuring that all privacy and research ethics issues are addressed. The large amounts of patient data routinely transferred between healthcare settings are difficult to de-identify, meaning that greater security standards would allow this information to finally be removed from the hospital walls. Whereas de-identification currently mandates the relational database to be stored within the hospital, proprietary secure multi-party computation operation will allow the relational database to be transferred across multiple healthcare sites and even third-party data sharing platforms. In conclusion, privacy infringements concerning patient data would no longer be a barrier to data sharing and analysis.