The potential for artificial intelligence to transform health care is huge, but there’s a big catch.
AI algorithms will need vast amounts of medical data on which to train before machine learning can deliver powerful new ways to spot and understand the cause of disease. That means imagery, genomic information, or electronic health records—all potentially very sensitive information.
That’s why researchers are working on ways to let AI learn from large amounts of medical data while making it very hard for that data to leak.
One promising approach is now getting its first big test at Stanford Medical School in California. Patients there can choose to contribute their medical data to an AI system that can be trained to diagnose eye disease without ever actually accessing their personal details.
Participants submit ophthalmology test results and health record data through an app. The information is used to train a machine-learning model to identify signs of eye disease (such as diabetic retinopathy and glaucoma) in the images. But the data is protected by technology developed by Oasis Labs, a startup spun out of UC Berkeley, which guarantees that the information cannot be leaked or misused. The startup was granted permission by Stanford Medical School to start the trial last week, in collaboration with researchers at UC Berkeley, Stanford and ETH Zurich
The sensitivity of private patient data is a looming problem. AI algorithms trained on data from different hospitals could potentially diagnose illness, prevent disease, and extend lives. But in many countries medical records cannot easily be shared and fed to these algorithms for legal reasons. Research on using AI to spot disease in medical images or data usually involves relatively small data sets, which greatly limits the technology’s promise.
“It is very exciting to be able to do with this with real clinical data,” says Dawn Song, cofounder of Oasis Labs and a professor at UC Berkeley. “We can really show that this works.”
Oasis stores the private patient data on a secure chip, designed in collaboration with other researchers at Berkeley. The data remains within the Oasis cloud; outsiders are able to run algorithms on the data, and receive the results, without its ever leaving the system. A smart contract—software that runs on top of a blockchain—is triggered when a request to access the data is received. This software logs how the data was used and also checks to make sure the machine-learning computation was carried out correctly.
“This will show we can help patients contribute data in a privacy-protecting way,” says Song. She says that the eye disease model will become more accurate as more data is collected.
Such technology could also make it easier to apply AI to other sensitive information, such as financial records or individuals’ buying habits or web browsing data. Song says the plan is to expand the medical applications before looking to other domains.
“The whole notion of doing computation while keeping data secret is an incredibly powerful one,” says David Evans, who specializes in machine learning and security at the University of Virginia. When applied across hospitals and patient populations, for instance, machine learning might unlock completely new ways of tying disease to genomics, test results, and other patient information.
“You would love it if a medical researcher could learn on everyone’s medical records,” Evans says. “You could do an analysis and tell if a drug is working on not. But you can’t do that today.”
Despite the potential Oasis represents, Evans is cautious. Storing data in secure hardware creates a potential point of failure, he notes. If the company that makes the hardware is compromised, then all the data handled this way will also be vulnerable. Blockchains are relatively unproven, he adds.
“There’s a lot of different tech coming together,” he says of Oasis’s approach. “Some is mature, and some is cutting-edge and has challenges.”