In the medical industry, data circulation is a difficult matter. After years of attempts by industry, research, and academia, there are still many difficult-to-solve problems: Who owns the medical data?

As a new type of production factor, the importance of data has long been self-evident.

In the medical industry, data circulation is a very difficult thing. After years of attempts by industry, research, and academia, there are still many difficult-to-solve problems: Who owns the medical data? How to desensitize to ? How to ensure safety? These are the fundamental reasons why it is difficult for medical data to be widely used.

Without security as a guarantee, the value of data can only remain on paper. Medical data in particular requires caution, as it is a matter of human life and health and should not be trivial.

How to effectively solve this problem? A golden key called "private and secure computing" may become the key to solving the contradiction between medical data privacy security protection and open sharing.

(Note: The main content of this article comes from Shanghai Children’s Hospital Dean Yu Guangjun. His original speech is very transparent. If you are interested, you can read it. You can also understand that Good Doctor Finance has made a translation in some sense. .)

The 42nd article of "Industry Observation" of Good Doctor Finance.

Speech / Dean Yu Guangjun

Article Architect / Hua Ge

Produced / Good Doctor Finance

01

Why do they become information islands?

Because of the risks, we would rather block the flow of medical data than to block it.

It sounds obscure, but it is not difficult to understand.

For example, rare disease involves multiple systems and organs of the human body, and the clinical symptoms are complex, making it difficult for many clinicians to diagnose in a timely manner. Xiao Li was treated in hospital A. His symptoms and examination results showed that he might be a rare disease, but there was a lack of local doctors. With enough clinical experience, in order to make a more accurate diagnosis, the traditional approach can only recommend that he go to a high-level hospital in a big city.

Can we export the rare disease diagnosis and treatment capabilities of high-level hospitals to the outside world? The answer is of course "can". The method is data empowerment, using diagnosis and treatment data from high-level hospitals to output the value of the data through a series of "calculations". Therefore, relevant platforms and technologies are needed to process the medical data of rare diseases, which can not only ensure the security of the data, but also realize the value utilization of the data. However, the realistic answer is that it is difficult. The key reason behind is that it is difficult to fully share medical data.

Currently, different hospitals have established their own databases. When seeing a doctor in the same hospital, the doctor can provide guidance on treatment and prescribe medicine based on the patient's past data. However, these data are only kept as an archive and their intrinsic value is not exerted. Therefore, it is necessary to find a good technology to make this data usable without being leaked, and comply with the requirements of regulatory systems.

It can be seen that the use of medical data is urgently needed and is widely distributed in other scenarios. For example, in cross-domain telemedicine, the consulting party needs to obtain patient data such as images, examination reports, and medical records; in commercial insurance review and settlement, insurance companies need to obtain patient data such as medical vouchers, expenses, and medical record homepage; when analyzing the use of drugs , pharmaceutical companies need to obtain the efficacy and adverse reactions of drugs; in multi-center clinical studies, all parties involved must summarize the medical record data before processing and analyzing...

"Data security is the first priority, Even if the overall informatization of the hospital is a little behind," a manager of a tertiary hospital in Beijing has emphasized many times.

This also highlights the embarrassment of medical data: hospital data is particularly private. Once leaked, hospitals and related parties will be held accountable.

Therefore, for a long time, many hospitals have been conservative about digitalization and Internetization. They keep the data firmly in their hands and avoid making mistakes if they don't use it. This way to avoid risks.

Although everyone knows the value of data, from a practical perspective, there are still some obstacles, including policy, human nature, security, ethics, etc. Medical data circulation is risky, and many hospitals would rather block it than open it up, which has resulted in the emergence of two isolated islands:

Internal: information isolated island

In recent years, under the guidance of government policies, more than 70% of hospitals currently have Medical informatization has been realized, and initial results have been achieved at the infrastructure construction level. However, less than 3% of hospitals have achieved data interconnection, and the geographical differences are obvious, which also limits the flow of medical data and information.

External: Island of Value

The open circulation of medical data can greatly improve efficiency and save costs. Through more open data, primary medical care can assist tertiary hospitals to effectively diagnose some cases; tertiary hospitals can complete the patient consultation process more quickly, saving time; patients can also reduce the cost of repeated medical treatment. But the current medical data is just an island of value that is not open to the public.

Although there are a lot of problems in the circulation and opening of medical data, fortunately, there are not no solutions.

Currently, some AI companies are entering the market and are using technology to solve this sensitive issue, trying to break the island phenomenon of medical information and value.

02

Privacy and security computing technology

Realizing the full life cycle management of medical data

Release the value of data

Privacy and security computing technology is a beneficial solution and path to solve the contradiction. It can be realized that the original data does not leave the platform, and the data is used after authorization. Through calculation Unleash the value of your data.

In the medical field, because of the strong demand, the rapid verification, iteration, and maturity of this technology have far exceeded the imagination of practitioners.

But how we understand this new technology can be seen from the speech given by Yu Guangjun, President of Shanghai Children's Hospital, at the first Data X Conference held by Yifang Jianshu in Shanghai recently. Specific to the actual application of this technology, it can be roughly divided into four modules: data circulation, data sharing, data security, and data governance.

(Note: It’s a bit theoretical, you can skip it if you don’t understand it. In short, you have to know that someone has thought deeply and deeply, and the security details of each link of the demands of all parties have been designed.)

1. From the data circulation dimension:

• Standards for privacy and security of medical information

As early as 2017, Director Yu Guangjun of Shanghai Children’s Hospital raised a key question: “Who owns the medical data?”

In detail, it includes the property rights of real-world health and medical big data, the privacy protection of personal medical and health information in the process of data collection, transmission, storage, processing, and use; the hierarchical classification system and data of health and medical big data The scope of openness, the conditions and processes for data openness, the responsible subjects for data protection, etc., to establish a data security and privacy protection system that meets the needs of real-world health and medical big data openness and sharing and is based on a combination of laws, regulations, management mechanisms, and technical means.

• Data classification

Director Yu Guangjun of Shanghai Children’s Hospital introduced that in terms of data classification, it is divided into three first-level indicators: doctor review/scientific research use/patient inquiry, role definition, permission allocation, login and greeting account, data adjustment There are 14 secondary indicators and 26 third-level indicators such as reading/data preparation, data application, data approval, data desensitization , data transfer, data use, data destruction/identification, query information, operation permissions, etc.

Director Yu Guangjun of Shanghai Children’s Hospital pointed out that after identifying potential medical information privacy security risks in three typical situations (doctor consultation, patient inquiry, and scientific research use), he then proposed privacy protection goals and objectives in each situation. Corresponding control measures have been formed into the "Guidelines for the Prevention and Control of Medical Information Privacy Risks" (currently adopted and incorporated into the national standard "Information Security Technology Healthy Medical Data Security Guidelines").

• Application process review

The data application process for different privacy levels is different. The higher the privacy level, the stricter the requirements for applicants, the more materials need to be submitted, and the more reviewers. For example, for RIF data with the highest privacy level, only researchers with considerable experience in the research field can apply, and the research must be approved by the ethics committee and then reviewed by the hospital data center and medical data committee.

2. From the data sharing dimension:

On the basis of clarifying the content, scope and business logic of health and medical big data, it uses the analytic hierarchy process and factor analysis method to support scientific research data, government statistical supervision, personal health data access and The commonalities and differences of the needs of different users such as third-party industry value-added are analyzed to form a multi-category and hierarchical multi-data sharing model in the field of health care based on the combination of needs and information security.

• Desensitized and open

Open data resource pool model: For regional medical data resources that have been desensitized and can be fully open to the outside world, the data owner will continue to externally one-way dissemination based on public welfare attributes

• Hierarchical control

Manageable Data hierarchical sharing model: A portion of big data resources with different value levels, confidentiality levels, and protection levels are conditionally shared by data owners with the help of information management and control methods.

• Value sharing

Credible data value sharing model: For professional big data resources, the data owner builds a shared environment isolated from the business data production environment, processes the resources, and forms shared and available value knowledge.

3. From the data security dimension:

• Stakeholder analysis

Define and in-depth analyze the positions and interrelationships of stakeholders in each scenario, such as micro data, meso data and macro data, to determine the content of the data sharing mechanism.

• Consensus mechanism forms

After forming a real-world data sharing strategy based on stakeholder analysis, it implements operability, interest balance and regulatory traceability, allowing privacy computing technology research to provide a safe and credible execution environment for consensus strategies.

• Privacy computing and secure sharing

After information integration, distributed ledgers, smart contracts, and privacy and security computing, it finally implements the real-world multi-source health and medical big data secure sharing application practice. This is the data security sharing strategy based on the consensus mechanism.

4, from the data governance dimension:

By studying the three alliance data governance models of alliance leader governance, shared trust third-party governance and distributed governance, according to the different coupling degree alliance types, the safe and trustworthy collection of clinical data is studied and scientific research analysis programs. In addition to the theoretical basis for

, there are already relevant companies that can put the theory into practice. Luo Zhen, CEO of Yifangjianshu, a leading domestic privacy and security computing company, once pointed out that the future development of privacy and security computing should be re-examined from the perspective of unlocking the value of data.

According to public information, Yifang Jianshu is committed to building a "data and computing Internet", with privacy and security computing, blockchain and other technologies as the core, and starting from technical requirements such as security, trustworthiness and efficiency, it is helping all parties in the industry. Data participants can make data available and invisible, ensure information security, and explore data value.

From a technical perspective, unlike traditional methods, the original data leaves the data platform and its privacy and security cannot be guaranteed. However, Yifang Jianshu's idea based on privacy and security computing technology is that the original data does not leave the data platform and only the value of the data is output. At present, this new technology has many implementation cases in medical, government affairs, marketing and other fields.

Nowadays, Yifang Jianshu has achieved city-level privacy and security calculations, and realized the data-based and intelligent industrial Internet for regional industries. It is not only based on big data governance, but also serves the big data application requirements of end users, and has been used in many industries. Industry and multi-industry implementation.

Someone is doing this hard work, this is a good start.

03

In fact, there are many cases

proving that the value of data can be unlocked through technology.

There is no implemented technology, it is just a mirror image.

The most common sentence that many privacy and security computing technology service providers hear when expanding their customers is: "We want to see who has already used privacy and security computing before making a decision."

The learning of AI algorithms requires continuous training and data is also like this. Only when it is implemented in the scene can the technology run faster and calculate more accurately, thereby releasing the value of data through technology.

has a long road from technology to implementation. Fortunately, privacy and security computing are also constantly evolving, and many typical cases have been accumulated. The following is an example of the projects of Yifang Jianshu Company and Shanghai Children's Hospital, one by one. dismantling.

Case 1: Trusted Computing and Value Allocation

For example, in 2017, Xiamen launched hierarchical diagnosis and treatment. At that time, Yifang Jianshu introduced the intelligent triage clinical auxiliary diagnosis and decision-making system into grassroots doctor workstations, allowing rare diseases to be treated in the community Diagnosis can be achieved at the grassroots level, allowing critical illness to be prioritized for referral after diagnosis.

This kind of assistance is based on the data analysis of a large number of medical records and treatment plans of doctors in tertiary hospitals, and a general empirical model is summarized. Even young doctors with little experience can use the auxiliary system to give appropriate diagnosis and treatment plans and perform AI capability output based on the data. , to make up for the lack of experience and ability of grassroots doctors.

This is a typical way to unlock the value of data through technology. What grassroots doctors really lack is experience. In addition to relying on time and case accumulation, there may be a faster way to gain experience. With the help of data and technology, this process can be shortened.

In this process, the data is reasonably shared through privacy and security computing technology. In addition to trustworthiness, there are also some new problems in practical application scenarios, such as how to solve the problems of data management, data value distribution and data rights confirmation?

Yifang Jianshu combines privacy security computing and blockchain technology to develop Xledger to provide tamper-proof data storage certificates and smart contracts for the XDP Alliance and IoDC, achieving full life cycle management of data, and smart contracts guarantee value distribution. Ensure the rights and interests of data owners.

In addition, through the independent research and development of the data annotation tool GoldFinger, it not only supports efficient user annotation, but can also better serve the needs of AI applications. GoldFinger can ensure that data is strictly isolated during use, and the pre-annotation capability can also be expanded to the crowdsourcing mode , taking into account efficiency and security.

Case 2: Three-medicine linkage and medical record sharing

Another example is that the subject of the Shanghai Science and Technology Commission in May 2019 is the application demonstration of key technology research and application of the "three-medicine linkage" of medical, medical insurance and medicine based on the blockchain.

Judging from the results, this project is based on blockchain to realize the access, authorization and service of electronic medical record data in online diagnosis and treatment of Internet hospitals, and realizes electronic prescription external dispensing and prescription transfer services, commercial insurance settlement services, electronic medical record sharing, Three-medicine joint supervision support services for prescription circulation and commercial insurance underwriting services.

simply understands that through blockchain technology, private data within the hospital can be shared internally through authorization. Hospitals can independently open some data authorizations to a limited extent, allowing third parties to perform corresponding data calculations and obtain the results they need. This refers to results in a statistical sense and does not involve any personal information. The data is verified and managed by a "security center" to ensure the mutual trust mechanism between the data demander and the data owner. Finally, corresponding supervision is provided to ensure that the data usage process and output results are compliant.

Yu Guangjun, president of Shanghai Children’s Hospital, pointed out that driven by blockchain technology, medical consortium electronic medical record information can be shared securely, and medical information sharing within and between hospitals can also be achieved. With privacy and security computing, data demand parties Related situations can be queried rather than obtaining the raw data itself.

Combined with the application scenarios of Yifang Jianshu to understand this technology, Yifang Jianshu built a multi-point trigger monitoring and intelligent early warning solution for infectious diseases. This project not only uses medical-related data, but also enterprise data, Public opinion data, map data, spatio-temporal data, etc. have been managed and modeled in the entire environment.

Through this project, we can realize the intelligent prevention and control of known infectious diseases and the early detection and early warning capabilities of unknown infectious diseases. Through the joint calculation of multi-source data, we can achieve epidemic prediction, management and control, epidemic prevention, research, etc.

unlocks security because of technology;

unlocks data because of security;

unlocks circulation because of data;

unlocks value because of circulation.

04

Thinking of Good Doctor Finance

In the future, the construction of a trusted data medical alliance

A few years ago, the big data industry was booming driven by capital, but the industry soon discovered that the rapid development had caused data security issues to be ignored. . Where does the data of some related companies come from? Where to go? It's hard to tell.

Currently, if you want to bring out the value of data and speed up the circulation of data, you still face great challenges. Data security is a basic survival issue for the industry to prosper and develop.

If this problem is solved through privacy and security computing, blockchain and other related technologies, then we can enjoy the future: on the personal side, the medical insurance side, the hospital side, the medical side, the disease control side, the scientific research side, the physical examination side, Genetic testing can all be interoperable... It will be possible to create a credible, controllable, and accessible medical data medical consortium.

Image source: 2021DataX Conference Yifang Jianshu CEO Luo Zhen’s speech

In this way, for patients, it saves time, money and worry; for doctors in tertiary hospitals, the treatment data will be clearer and more accurate; for For community hospitals , it not only truly plays the role of hierarchical diagnosis and treatment, but also improves the medical treatment capabilities of grassroots doctors.

If the scope is expanded, the patient's data is synchronized to the pharmacy, which can directly help place orders and purchase medicines, deliver them directly to the door, and social security can also be settled directly...

Before medical care is truly automated and digitalized , the first thing is to constantly reiterate the importance of data privacy, and then to gradually bring this privacy security technology to its extreme.

What is exciting is that what is circulated in the medical industry is not a string of cold data, but a warm, researchable, and life-sustaining solution.

Breaking the ice has just begun.