Study: New method of privacy enhancement for AI-powered medical data

BUFFALO, N.Y. ­­– Artificial intelligence has the potential to improve doctors’ ability to diagnose and treat sleep apnea. But the technology is not widely adopted due to fears that it does not safeguard patient data.

This could soon change.

A new University at Buffalo-led study – funded by a $200,000 IBM/State University of New York grant – shows how to safely encrypt AI-powered data as it travels from third-party cloud service providers, like Google or Amazon, to doctors and their patients.

The method, which relies on fully homomorphic encryption (FHE), proved 99.56% effective in detecting sleep apnea from a deidentified electrocardiogram (ECG) dataset that is available for research. Ultimately, the technique could speed up and improve the detection and treatment of sleep apnea, and be used in other health care applications where securing data is paramount.

“This work highlights how secure, encrypted data-processing can protect patient privacy while still enabling advanced, AI-based diagnostic tools. It offers significant potential for improving health care security in sleep apnea diagnosis and other areas,” said lead research investigator Nalini Ratha, PhD, SUNY Empire Innovation Professor in the Department of Computer Science and Engineering at UB.

The study was published at the 2024 International Conference on Pattern Recognition (ICPR), held Dec. 1-5 in Kolkata, India. Co-authors include Charanjit Jutla, a research staff member at IBM; Arjun Ramesh Kaushik, PhD student at UB; and MS students Tilak Sharma and Bharat Yalavarthi, who both recently graduated from UB’s computer science program.

Maximizing benefits, decreasing risks

AI can benefit doctors and patients alike, Ratha said. Machine learning offers several advantages, including faster, more efficient analysis, the ability to process large volumes of data and the potential for more accurate diagnosis.

For instance, deep learning algorithms are trained to identify patterns in the ECG signals that indicate disruptions in breathing or decreased oxygen levels during sleep, which are characteristic of sleep apnea. By analyzing large amounts of ECG data, these models can learn to detect subtle abnormalities that may be difficult for human doctors to identify, he explained.

It’s just the dissemination of the data, as well as the diagnosis results, that is troubling as it may violate patient privacy.

“If a cloud service provider like Google or Amazon runs an analytic on my data, they can potentially figure out what my sleep apnea status is and then start sending me ads to buy this or that,” he said. “The cloud service providers also may have arrangements with other companies to cross-sell me things. The sleep apnea information is only meant for my doctor; it’s not for public consumption, especially for generating advertisement revenue from my situation.”

Insurance companies could also capture the data and potentially raise premiums on sleep apnea patients because their conditions have been revealed.

“Once the first wall of confidentiality is broken, the information losses can cost the patient in many ways,” Ratha said. “Once you’re collecting all these ECGs without any constraints then you can try to make lots of unnecessary linkages. If anyone submits their ECG to a service provider on the internet, that’s where we come in. How do we prevent those service providers from misusing data?”

Faster and efficient processing of encrypted data

FHE-based analytics are known to be slower and more complex than traditional unencrypted data analytics methods.

The researchers overcame these drawbacks by developing new techniques that optimize key deep learning operations, enabling the FHE system to perform faster and cheaper.

Examples of these techniques, which encompass all stages of a deep neural network, include convolution, which is a method used to detect patterns; activation functions, like a rectified linear unit, which helps the model make decisions; pooling, which is used to reduce data size; and fully connected layer, which is a neural network in which each input node is connected to each output node.

Citing a standard example in FHE domain, Ratha used a gold analogy to explain how their encryption system works.

“If you want to build an ornament out of the gold, but you don’t want to give it directly to the jeweler because you don’t know what the jeweler will mix with it, you put it in a box,” he said. “The jeweler can touch the gold, but he cannot ever take it out of the box. The box is our encryption, the data is the gold, and the jeweler is the FHE-based algorithm that comes and touches the data but cannot pull it out of the box.”

Ratha emphasized that while they used sleep apnea for this study, their findings could apply to many analytics from data for X-ray images, MRIs, CT scans and other medical procedures.

“There are a lot of situations where privacy is paramount,” he said.