Top 5 confidential computing uses in healthcare

Big data meets private data in a perfect storm for healthcare. Confidential computing providers say they’ll make the cloud safer for medical data.

A medical professional types on a computer with medical equipment in the foreground.
Image: National Cancer Institute/Unsplash

Healthcare information is personal and private. For both legal and ethical reasons, it’s critical to keep it that way. Government regulations like HIPAA have been in the headlines a lot lately, but tech companies are still exploring how to implement them.

Many companies try to package privacy in different ways. Confidential computing is an initiative that often ends up spoken of in the same breath as patient and personally identifiable information privacy and has become a new frontier for cloud providers.

SEE: Hiring Kit: Cloud Engineer (TechRepublic Premium)

Confidential computing aims to protect data while it’s in transit, in use and at rest, combating attackers who use memory scraping to infiltrate data in use. It might involve artificial intelligence or machine learning and can work with traditional servers or virtual machines, but the definition is broad enough to include many different tools and approaches. Often it involves a trusted execution environment which walls data off from outside influence.

Confidential computing also allows AI algorithm developers to share large data sets without sharing IP. That is often where it crosses over with healthcare, as patient information and large, shared black box data sets would otherwise be a tricky combination. Confidential computing has several applications within the healthcare field.

Top 5 healthcare use cases for confidential computing

1. Protecting against cyberattacks

In general, confidential computing is a new way of thinking about protecting data. Protecting private patient information is a top priority for hospitals and other healthcare organizations in order to maintain trust and meet government regulations.

Meanwhile, attackers have started to target data on the move. Microsoft Azure demonstrates how TLS encryption and attestation are used to protect patient information, run machine learning on sensitive information or perform algorithms on encrypted datasets from many sources without opening doors for attackers. It reduces the attack surface visible from outside.

Fortanix demonstrates confidential computing’s use in healthcare security with its adoption of Intel Software Guard Extensions. This creates a hardware-based TEE or memory “enclave” around the computer where the AI workload is isolated and processed. This enclave exists entirely separately from the host operating system, hypervisor, root user and peer applications running on the same processor.

We’ll have more to say about AI later, but confidential computing is also being applied to get ahead of attacks on IoT medical devices and cloud data.

2. Meeting industry regulations

Confidential computing services are well aware of the many industry regulations around customer data. For example, HIPAA lays out specific rules for cloud computing.

IBM says they baked this understanding into confidential computing from the beginning. Their Hyper Protect iOS SDK for Apple CareKit encrypts data for the open-source healthcare app development platform. It can be used for dynamic care plans, tracking symptoms and connecting to care teams, all of which might involve moving sensitive PII from one place to another in the course of healthcare work.

3. Securing AI research

Healthcare workers can use AI to assist nurses and doctors in day-to-day tasks, analyze large amounts of data to improve early disease detection with pattern recognition, monitor heart conditions and train healthcare professionals. Naturally, there is a concern about creating huge volumes of data in a very private setting. Confidential computing can help with that.

Recently, Microsoft partnered with BeeKeeperAI to allow AI developers to access it through the Azure confidential computing environment.

“The opportunity for AI to enable the delivery of better healthcare outcomes continues to expand exponentially, but developers are limited by access to critical datasets to train and to deploy their algorithms,” said John Doyle, global chief technology officer at Microsoft, in a press release from BeeKeeperAI. “We are pleased to partner with BeeKeeperAI to help the healthcare industry develop the understanding and expertise it needs to leverage confidential computing within healthcare innovation.”

4. Secure contact tracing

Contact tracing has become a household phrase after COVID-19. Intel notes that confidential computing — based on the blockchain, in this case — is the backbone of MicrobeTraceNext, an AI project made in collaboration with Intel and Leidos.

Two blockchain keys and role-based security control protect PII. Intel Xeon Scalable processor platforms enable the ledger-based encryption, which makes all data access and data movements fully auditable and traceable and all transactions unchangeable. Confidential computing enhances secure contact tracing at the regional or state level.

5. Secure medical imaging

Intel also noted that medical imaging can benefit from confidential computing. They contributed Intel Xeon Scalable processors and AI acceleration to Federated Learning, a privacy project that allowed three hospitals to share a common AI model without sharing PII. Each hospital trained its AI model locally, then aggregated that data at a central server in the cloud. The aggregation made sure that the model could improve based on all three hospitals.

No patient information nor the AI model IP itself was shared. This distinction was enabled by Intel’s confidential computing. The AI model, which was trained to diagnose medical images, was learning from all three hospitals while secured against outside eyes.

Further reading

Explore more on automation in healthcare, gaming and the metaverse for patients, and how to keep AI from reflecting implicit human bias.

Leave a Reply

Your email address will not be published. Required fields are marked *