Roughly 3% of the Netherlands’ children – about 120,000 a year – suffer some form of abuse, according to the Dutch government, so health care professionals in the country have developed a standardized tool to identify abuse when a child is brought to a hospital emergency room with bruises, broken bones or worse.
Called Child Abuse and Neglect’ (SCAN), the tool, currently used across more than 60 hospitals in the Netherlands, consists of a set of screening questions designed to identify potential abuse, including an assessment of the child’s injury against their medical history and developmental level, the timeliness of the guardian seeking medical help and the appropriateness of their responses. But sharing individual level patient data across institutions requires explicit consent, which is unlikely to be given by individuals attempting to conceal their actions. As a result, abusive parents regularly evade detection by driving to different hospitals each time their child’s injuries require care.
In a partnership between Dutch scaleup Roseman Labs, UMC Utrecht and other hospitals, pediatrician Eline van den Heuvel and technologist Marc Padros developed a solution to the challenge of linking the sensitive data. The “NSK dataspace” (dataspace for SCAN data) allows the sharing of pseudonymized patient-level data to gather insights about abused children and improve the overall quality of care across hospitals in the network. While providing the option to link and analyze data on a granular level, the platform only shares results in the form of de-identified or aggregated datasets.
The approach ensures that both the critical data and metadata remain secure, addressing the privacy and data traceability concerns that have hindered previous collaboration efforts; ultimately leading to better detection and management of child abuse cases, says Freya de Mink, business development manager at Roseman Labs, which has developed technology that safeguards confidentiality by keeping input data encrypted.
It is just one of the ways that access to data in ways that don’t compromise the rights and safety of individuals and communities is already showing promise in the health sector.
“To fully unlock AI’s potential, it is important to look beyond individual hospital workflows and address a critical missing piece: secure, privacy-preserving data sharing across the entire healthcare ecosystem. Without it, even the most advanced AI solutions will remain constrained by data silos, limiting their ability to drive truly transformative change,” says de Mink.
Other sectors, such as cybersecurity, are using Roseman Labs’ privacy enhancing technology (PET) to swap data and enhance collaboration between companies and organizations. (see The Innovator’s Startup Of The Week story.) Some 100 corporates are using it to anonymously exchange data about ransomware attacks with each other as well as with law enforcement and government officials. And the city of Rotterdam has successfully used Roseman Lab’s technology to access the effectiveness of a government program for preschool children while protecting individual’s privacy.
PETs were recognized in the Top 10 Emerging Technologies of 2024 report, co-published by the World Economic Forum and the scientific publisher Frontiers, as a transformative innovation poised to significantly influence society and address critical global issues. The Innovator interviewed one of the contributing researchers to the Emerging Technologies report, PET expert Lisette van Gemert-Pijnen, Professor, Persuasive Health Technology, University of Twente in the Netherlands, and has conducted its own reporting as part of a collaboration between The Innovator and Frontiers. The series will aim to help executives get an early glimpse of scientific and technological developments and put them into context for business.
State of Play
Access to increasingly large datasets – especially when using AI – can transform research, discovery and innovation. However, until recently concerns around privacy, security and data sovereignty have limited the degree to which high-value data in sectors like healthcare can be shared and used nationally and globally. PETs enable the sharing and use of sensitive data in ways that address these concerns.
One example of PETs is Multi-Party Computation, an encryption technology that is being embraced by Roseman Labs and ZorgTTP, a Dutch not-for-profit foundation that focuses on privacy security in data collaboration. Rather than recreate datasets with the same characteristics as the raw data, this approach allows encoded data to be analyzed without the raw data being directly accessible.
Other PET technologies include AI-powered synthetic data and p., Synthetic data mimics the patterns and trends in sensitive datasets but do not contain sensitive information that could be linked to individuals or compromise organizations or government. Synthetic data are used in clinical settings when data are scare and to train AI models for predictive care. Polymorphic pseudonymization, a data protection technique where each participating entity receives a unique set of pseudonyms for the same individual, preventing them from linking records across different sources based solely on the pseudonym. This approach is useful in situations where data needs to be shared across different research groups or service providers, as it enhances privacy while still allowing data linkage within each group’s own context. This technique is deployed more widely than Multi-Party Computation because it has been around for much longer.
Multi Party Computation was also used in a collaboration between university medical centers and a large insurer in the Netherlands. Normally privacy rules would prohibit the sharing of patient information between the research centers themselves and also with the insurance company, but a PETs approach developed with the help of ZorgTTP, successfully allowed the linking of localized information about critical heart failure patients, helping to refine risk prediction, says Bastiaan van Schijndel, the innovation manager at ZorgTTP, which has been working with PETs technologies since 2007.
It is an example of how data collaboration can really further medical research,” says van Schijndel.
He says the Dutch project on heart failure was successful for several reasons: it focused on a specific question, making it easier to align prompts. Everyone involved in the project -including the compliance people -were briefed at the start of the project on how the technology works and why it is safe. And participants were required to give updates every two weeks on progress and be available to answer questions from lawyers and compliance officer. All of these things helped build trust in the technology and the partnership, he says.
The Dutch partnership is part of a larger consortium experimenting with PET technologies that also includes Canada, Portugal, Germany and Finland. Each country is currently using PETs for different kinds of projects, but the learnings are being shared, says van Schijndel.
But the biggest accelerator for PETs is likely to be the European Health Data Space Regulation (EHDS)which entered into force on 26 March this year. The EHDS regulation aims to establish a common framework for the use and exchange of electronic health data across the EU. It aims to enhance individuals’ access to and control over their personal electronic health data, while also enabling certain data to be reused for public interest, policy support, and scientific research purposes. The goal is to foster a health-specific data environment that supports a single market for digital health services and products by establish a harmonized legal and technical framework for electronic health record systems.
The EHDS promises to:
- empower individuals to access, control and share their electronic health data across borders for the healthcare delivery
- enable the secure and trustworthy reuse of health data for research, innovation, policy-making, and regulatory activities
- foster a single market for electronic health record (EHR) systems, supporting both primary and secondary use.
Barriers Remain
While the benefits are obvious barriers remain. “One of the big issues is the quality of the data,” says the university of Twente’s van Gemert-Pijnen. “In mental and public health, data is not always user friendly and sometimes not collected in a systematic way.” What’s more the healthcare sector is notoriously resistant to change; healthcare professionals often lack the skillsets to collect uniform data and extract relevant insights; and adoption of policies crucial to underpinning PETs is currently uneven across the European Union.
While in Denmark the government has mandated one centralized system for collecting healthcare data, in the Netherlands hospitals use different electronic health systems which can’t talk to each other, she says. And, in a recent survey of university hospitals in the Netherlands, 95% of 1100 specialists surveyed reported that they experience problems with data availability and 97% said that this impacts patient safety. “In the Netherlands one centralized system for primary healthcare is impossible at the moment,” says van Gemert-Pijnen, although the government is working on legislation to try and change that.
Scaling up PET “will require a paradigm switch in how we deal with data and how we manage data,” says van Gemert-Pijnen. It will take time and require a change in attitude and behaviors.
“It is not a problem with standards, it is about willingness to do it and may require governments to embed common standards for data sharing into law, “she says.
Policy makers themselves will need to get up to speed on PETs and some of the weaknesses of private enhancing technologies will need to be addressed, says van Gemert-Pijnen.
Despite their potential, synthetic data and homomorphic encryption have several limitations, notes the 2024 Top Ten Emerging Technologies report. These include poor representation of potentially significant edge cases or outliers in the case of synthetic data and the potential ability to infer or reconstruct sensitive data despite the de-identification inherent in both techniques. Further work on the technologies and the use of policies surrounding them as well as adequate communication to build trust in these techniques will be necessary to realize the full potential of PETs, she says.
Why Companies Should Start Experimenting Today
Still, Roseman Labs and ZorgTPP argue that it is important for companies to start experimenting with data sharing through data spaces with the help of PETs now. Roseman Lab’s de Mink points to the Netherlands SecureNed cybersecurity project that includes a network of 5000 participants, including more than 100 large corporates. By exchanging data while protecting privacy law enforcement was able to bust up a criminal ring of hackers and the government gathered national statistics on ransomware attacks, information that was previously impossible to collect. “Companies keep telling us they want to wait until they are sure PETs works at scale,” says de Mink. “What more proof do you need? ‘
Both she and ZorgTTP’s van Schijndel say that the successful projects with innovative PETs they have worked on started small with a specific goal. “Don’t wait,” de Mink advises corporates. “Choose a project and a use case today. Data at the source will not be perfect when you start using it, but it is the only way to work towards data that is more usable and reap the rewards.”
This article is content that would normally only be available to subscribers. Sign up for a four-week free trial to see what you have been missing.
To access more of The Innovator”s FutureScope article click here.
