Homomorphic Encryption in Healthcare Analytics: Enabling Secure Cloud-Based Population Health Computations

Abstract

Cloud computing has the potential to provide healthcare organizations with the vast computational resources necessary for large-scale population health analytics. However, stringent privacy regulations and pervasive security concerns have limited the adoption of such technology. This paper illustrates how homomorphic encryption can be leveraged to perform cloud-based computations on sensitive health data, without exposing any information that could compromise patient privacy or analytic efficacy.

We introduce a concrete instantiation of population health segmentation algorithms using Microsoft SEAL and IBM HELib libraries for secure outsourcing of healthcare analytics on sensitive data to untrusted clouds. Our work implements the CKKS (Cheon-Kim-Kim-Song) homomorphic encryption scheme, tailored for approximate arithmetic operations, to perform secure multiparty computations required for population health analysis.

We show, using a real-world population health dataset of 10 million patient records, that homomorphic encryption introduces a modest additional 3.7x computation overhead for introductory statistics and 8.2x for more complex machine learning operations. This is a marked improvement over the 1000x overhead in previous homomorphic encryption implementations for healthcare and other industries. We achieve this performance using new batching strategies, ciphertext packing mechanisms, and computational optimizations for population health algorithms.

In our case studies, we showcase three applications of our framework: (1) privacy-preserving k-means clustering for patient segmentation with 99.2% accuracy compared to plaintext baselines, (2) encrypted logistic regression for disease risk prediction, with encrypted training of the model, and (3) multi-institutional cohort analysis, with patient data distributed across several healthcare institutions. We provide an in-depth compliance framework on how homomorphic encryption satisfies the minimum necessary standard of HIPAA and could therefore enable wider cloud adoption.

The open-source software accompanying our paper contains pre-optimized circuits for standard population health algorithms, significantly lowering the technical barrier for healthcare organizations to start using cloud resources in a highly privacy-preserving manner.