Working towards better risk prediction for cardiac patients through secure data collaboration

Sharing data in healthcare: a necessity and a challenge

To measure treatment effects today, researchers often use prospective studies: to approach a group of patients in advance and convince them, for example, to agree to being followed over time or to regularly complete a survey after undergoing measurements or a treatment. This takes significant time to set up and relies heavily on patient cooperation. Moreover, minority groups and women are often unintentionally underrepresented in traditional prospective research.

Privacy Enhancing Technologies (PET) enables a different approach. They allow organisations to combine and analyse up‑to‑date patient data without exposing personal information. The technology protects the data while still allowing meaningful analysis.

Jannick Dorresteijn, internist and researcher at UMC Utrecht, is enthusiastic:
‘What’s remarkable about this development is that you conduct research in real‑world settings. It’s far more efficient, more inclusive, and you no longer need to wait years to build a dataset.’

The tension between security and progress

The urgency of secure data sharing and storage in the Netherlands became painfully clear recently. In a recent cyberattack on the national screening program, data belonging to 485,000 women was stolen from a central laboratory. Sarah van Drumpt, Cybersecurity and Public Health researcher at TNO, sees this as an important lesson: ‘This showed very clearly that you should keep data as close to the source as possible. You don’t want to gather everything in one place, because that makes it an attractive target.’

At the same time, measures designed to avoid privacy risks can seem at odds with the need to share data. Hospitals wanting to improve their treatments need insight into how similar patients are treated elsewhere. Researchers testing new medicines require data from multiple centers to draw reliable conclusions. Clinicians assessing patient risk need to understand what happens to patients after they leave the hospital. Insurers’ claims data helps with this, because it contains information from multiple providers and therefore offers a more complete picture of a patient’s care pathway and the treatment received.

Computing together without seeing each other’s data

Two promising PET approaches that address these challenges in healthcare are Secure Multi‑Party Computation and Federated Learning.

With Secure Multi‑Party Computation, organisations encrypt their data and bring it together for joint analysis. For each project, they agree with who is allowed to see what and which results may be used. ‘The system has access to all data, but it may only output results that comply with these rules, for example, outcomes based on sufficiently large groups’, Jannick explains. ‘If a calculation involves fewer than 100 people, the system may consider it too easy to trace back and block it.’ Project‑specific rules therefore allow you to tailor data collaboration to your needs.

Federated Learning works differently: instead of sending data to the model, the model is sent to the data. ‘This keeps the input within your own organisation, where you, as the responsible party, retain full control’, Sarah explains. ‘You only share the trained model, not the underlying patient data.’

A better risk model for cardiac patients

The collaboration between UMC Utrecht and Zilveren Kruis is one of the Secur‑e‑Health pilot projects, executed together with TNO, Erasmus MC, and Linksight. It shows the concrete value PETs can deliver.

UMC Utrecht uses the European SMART2 model to predict the likelihood of recurrent cardiovascular events in patients with existing vascular diseases. While widely used, the model does not account for regional variations within countries. The Secur‑e‑Health case arose from a need within the U‑Prevent platform (ORTEC Logiqcare) to demonstrate that local optimisation of SMART2 with PETs is feasible without causing a “substantial change” that would trigger a costly re‑certification by the Notified Body for each hospital.

‘If you live in a less affluent neighbourhood of a large city, your risk is higher than if you live in Bloemendaal or Blaricum’, Jannick explains. ‘Every hospital serves its own hospital service district. Clinicians know this, which is why they don’t always trust traditional risk predictions, because their patient group differs from the European average.’

‘In this project, the challenge was to combine insurer data with hospital data to make the model more specific to the local situation’, Sarah adds. Sharing such sensitive data between a hospital and an insurer is, of course, not something you can simply do. Using Secure Multi‑Party Computation, both parties were able to combine their datasets without exposing any underlying personal information.

The result is an optimised model that better reflects the local patient population. This enables clinicians to assess more accurately which patients need additional preventive care. Medical tools such as U‑Prevent can therefore support clinicians more effectively in determining an individual’s cardiovascular risk and in selecting a treatment that achieves the desired risk reduction. Using this optimised model strengthens trust in the instrument, meaning clinicians are more likely to adopt it in practice, and patients are more likely to accept it as part of their care.

Penetration test confirms the project's security

To validate the security level, Zilveren Kruis, part of Achmea, commissioned a penetration test on the Linksight software. Sarah explains: ‘Such a security test is a minimum requirement for insurer systems. It’s not something you normally do for a single project. The test showed that the technology offers real potential for carrying out research in a privacy‑friendly way using data from collaborating organisations.’

‘There’s always a human element’, she continues. ‘The organisations involved must jointly set the rules and configure them correctly. Things can still go wrong there. But compare this with how we often work today: you sign a contract and then exchange all your data. With PETs, you no longer need to hand over complete datasets. That alone significantly reduces the risks.’

Overcoming initial hesitation

The project took longer than initially planned, mainly due to caution among the parties involved. ‘This project took a long time because of reluctance on the part of the data privacy officers, security officers and legal teams’, Jannick recalls. Understandably so: the technology is new to many, and the data involved is highly sensitive.

From her position at TNO, Sarah witnessed how remarkable UMC Utrecht’s step was:
‘UMC Utrecht really dared to pioneer here, while other hospitals were still hesitant. And that makes sense, you need examples to see that something works.’

That is precisely why this project is so important, Jannick emphasises: ‘It makes the next comparable project easier, because we now have a precedent to point to.’

European Health Data Space calls for a new approach

The European Union is developing the European Health Data Space: a regulation intended to make it easier to exchange health data across countries and institutions. Sarah sees this as an opportunity for PETs: ‘Implementation experts already refer to Privacy Enhancing Technologies, but still at a very high level. With concrete examples like this project, PETs can become a recognised route. I hope they will increasingly be included in policy as a full‑fledged alternative to centralised data collection.’

Download the PET Travel Guide (pdf) to discover how your organisation can collaborate securely with data.