Advancing Biomedical Innovation With Policies Supporting Privacy-Enhancing Technologies

Consider a consortium of cancer research institutions seeking to develop a new precision medicine for breast cancer. Doing so entails analyzing patients’ genomic and phenotypic data to identify mutations that predict response to a new drug. Each institution has data from thousands of patients, and the effort would be significantly enhanced by pooling the data across institutions to increase the size and diversity of the patient sample, but data privacy and security concerns currently make this very difficult.

How could medical scientists access and analyze sensitive patient data—such as genomic, clinical, and pharmacological data—while protecting patient privacy? Swedish statistician Tore Dalenius was among the first to pose the question of privacy-preserving statistical databases in 1977. These issues have only become more salient since then, as growing quantities of data are becoming available.

Several decades after Dalenius grappled with the problem of privacy-preserving methods, the United States and Sweden entered into a bilateral cooperation agreement (first in 2016, renewed in 2024) to accelerate cancer research by encouraging greater science and technology exchange between the two countries. The March 2024 U.S.-Sweden Cancer Summit, held at the Swedish Embassy in Washington, D.C., following the renewal of the agreement, convened academic scientists, medical doctors, policymakers, industry leaders, and advocates. Participants highlighted that years later, challenges with cross-country data sharing continue to be a significant impediment to advancing bilateral cancer innovation due to data privacy and security concerns.

Much progress has been made in the field of privacy-enhancing technologies (PETs) in recent years, including in differential privacy, federated learning, fully homomorphic encryption (FHE), and secure multi-party computing. By improving privacy protection and facilitating secure collaborative research, PETs could complement good data-sharing policies to enable the analysis of sensitive medical data and support biomedical innovation.

Consider again the consortium of cancer research institutions. FHE allows computations to be performed on encrypted data without decrypting it. Using FHE, the institutions could securely combine their encrypted datasets and perform joint analysis. Encrypted data from each institution would be analyzed to find common mutations linked to drug efficacy, and only the aggregate findings would then be decrypted using a decryption key, maintaining privacy throughout the process. This approach could facilitate precision medicine advances while reducing the risk of compromising patient privacy.

Much work remains to be done in PET development, implementation, and adoption, but recent policies could support such advances. In October 2023, the White House issued an executive order, “Advancing a Vision for Privacy-Enhancing Technologies,” spearheaded by the Office of Science and Technology Policy (OSTP), which called for the design, development, and deployment of privacy-enhancing technologies. And on April 29, 2024, a new bill, the “Privacy Enhancing Technology Research Act” (H.R.4755), passed the House and is currently in the Senate. The bill would require the National Science Foundation (NSF) to support research and development of PETs and would direct the OSTP to coordinate with other federal agencies to accelerate PET development, deployment, and adoption.

Organizations leading efforts in PET development and adoption include U.S.-based OpenDP,Duality Technologies, and Actuate, and UK-based OpenMined. Duality Technologies has worked with several top research institutions, such as the Dana-Farber Cancer Institute, to advance medical research and improve oncology outcomes. Policies that support PET advances can foster increased use of sensitive data in sectors such as biomedical research and thus accelerate biomedical innovation.