Investigating the Potential of Confidential Computing in Healthcare
Confidential computing will become key to protecting patient data as healthcare organizations seek to leverage cloud computing environments.
Source: Thinkstock
- Healthcare data analytics requires some of the highest data privacy and protection measures across the industry, making implementing privacy-preserving technologies a top priority.
Doing so requires health systems to investigate, assess, and potentially deploy a variety of solutions.
Cloud adoption has become increasingly popular for securing healthcare data, but there are key technologies used within the context of cloud computing that can enhance data protection.
Below, HealthITAnalytics will dive into confidential computing, an approach that could significantly bolster patient privacy as healthcare organizations move to cloud infrastructure.
WHAT IS CONFIDENTIAL COMPUTING?
IBM conceptualizes confidential computing as “a cloud computing technology that isolates sensitive data in a protected [central processing unit] enclave during processing. The contents of the enclave—the data being processed, and the techniques that are used to process it — are accessible only to authorized programming code, and are invisible and unknowable to anything or anyone else, including the cloud provider.”
Confidential computing serves to help ensure that cloud data remains confidential and protected as more organizations leverage public and hybrid clouds. This approach is particularly relevant for data privacy because it protects data that is in use or being processed.
Typically, cloud providers offer encryption services to protect ‘data at rest,’ such as those data in databases and storage solutions, and ‘data in transit,’ which refers to data moving along a network connection. ‘Data in use,’ however, can create a security vulnerability, as data is typically unencrypted during processing or analysis.
This can expose sensitive data, which can result in increased risks from network vulnerabilities, compromised hardware and software, or malicious actors.
Organizations that rely on cloud computing often benefit from using confidential computing to help protect their data.
Insights from Intel indicate that confidential computing can also help users looking to migrate to the cloud and do so with more confidence, knowing that data is secured at each step of its lifecycle. Additionally, the approach can help maintain data privacy during multi-party analysis and ensure compliance with data privacy and sovereignty laws.
USE CASES FOR CONFIDENTIAL COMPUTING IN HEALTHCARE
Like other industries, healthcare can utilize confidential computing to maintain data privacy and protect against cyberattacks, but its use cases are much broader.
The University of California, San Francisco (UCSF) Center for Digital Health Innovation (CDHI) is participating in research evaluating how confidential computing can be used in healthcare, particularly around securing advanced technologies like artificial intelligence (AI).
In 2020, CDHI launched a collaboration with Intel, Microsoft Azure, and Fortanix to build a confidential computing algorithm that leverages privacy-preserving analytics to support clinical algorithm development and validation.
The platform is designed to provide a zero-trust environment in which the privacy of healthcare data and the intellectual property of each algorithm are protected. This is achieved by leveraging a confidential computing infrastructure to enable the algorithm to interact with a curated dataset controlled by the healthcare organization that owns the data. This allows multiple parties or organizations to participate in the AI development and validation process without needing to trust each other.
CDHI’s research has also helped establish that confidential computing may bolster the development of outbreak response algorithms for COVID-19 and other public health threats. Another study further demonstrated that confidential computing could be successfully used for privacy-preserving contact tracing when combined with a smartphone application.
Experts have also found that confidential computing may benefit various Internet of Things (IoT) tools, including in the healthcare sector.
One 2021 study published in Multimedia Tools and Applications proposed a data exchange approach for IoT devices that uses confidential computing, encryption, and data fragmentation to secure healthcare data and ensure data sovereignty.
Researchers from Fortanix, writing in the Journal of Data Protection & Privacy earlier this year, highlighted concerns around the security of Internet of Medical Things (IoMT) devices, arguing that confidential computing could help provide both the data confidentiality and systemic security currently lacking in these tools.
ROADBLOCKS AND LIMITATIONS
Despite confidential computing’s significant potential, healthcare stakeholders must be aware of the limitations to its use and roadblocks to its adoption, which are primarily centered on the pitfalls of cloud computing more generally.
Much of what is holding confidential and cloud computing back across industries is that organizations and potential stakeholders often have limited knowledge of what these technologies are and how they work.
When organizations are at this early stage, identifying potential use cases either isn’t possible or isn’t a priority.
Cloud computing also isn’t a perfect data protection solution despite its focus on security.
A 2021 study published in the Journal of Medicine and Life highlighted this, noting that data security, availability, and integrity, alongside network security and information confidentiality, are significant hurdles to cloud security.
However, the researchers indicated that potential solutions like application programming interfaces (APIs) can be used with data encryption, authentication, and classification to help bridge some of these gaps.
Confidential computing plays a role in addressing these issues as well, but it has its own limitations that must be considered.
The method relies on ‘enclaves,’ or trusted execution environments (TEE), to protect sensitive data during computations. TEEs are designed to enable end-to-end security for data by providing an isolated area within a data processor where the data is inaccessible and private.
There is some research to suggest that TEEs may not be effective in certain scenarios.
Research from the Institute of Electrical and Electronics Engineers argues that existing TEEs are unsuitable for use in high-performance computing systems, which healthcare organizations may rely on to process growing amounts of complex medical data.
However, the authors note that TEEs have many benefits and could be improved as the high-performance computing landscape evolves.
