Pioneering new frontiers within regulatory boundaries

Computational governance enables machine learning on European healthcare data.
European hospitals face a unique challenge, balancing complex regulatory frameworks with the need to make valuable data available for reserach. Computational governance exists as a solution and enables compliant research on health data.
Jan Stuecke
Product Marketing
Published 2 February 2024

Roughly 20 years ago, researchers began to train advanced AI models to learn various complex tasks. Today, these models have made huge leaps forward in general accuracy and surpassed human performance in many foundational skills.

Foundation models surpass human performance. Source Norden, et al 2023

The potential applications of machine learning, deep learning and other data-driven analytics in healthcare are staggering. Yet, to enable a model’s potential, it must be trained on the best data available to ensure use-case specific accuracy. Furthermore, the EU AI Act requires model developers to adhere to transparency, bias and diversity standards, especially in important fields like healthcare. This type of diverse data is only found in healthcare institutions.

European hospitals hold the key to unlocking healthcare AI

European hospitals are dealing with a unique setting in data driven research. On the one hand they have the most complex regulatory frameworks to deal with but, on the other hand, some of the most valuable data to improve people’s health around the globe.

Working with European healthcare data using common approaches for compliant research such as de-identification or synthetic data either minimizes analytical utility or require serious investment from hospitals. Sometimes both. Synthetic data is also no silver bullet for eradicating data privacy concerns and, currently, European regulators have no tools to provide legal certainty for synthetic data usage in AI training.

Germany and France are pioneering initiatives such as the Healthcare Data Use Act and Health Data Hub, aiming to simplify access and provide legal certainty. But it is still unclear how much legal certainty these laws will provide and how use case-specific clashes with GDPR or the EU AI Act will be resolved. Also, this will all take a lot of time to be "ready for production". Until legal certainty is achieved, many European hospitals could be blocked in supporting research projects to improve patient care and, in the end, safe lives.

Computational governance is a solid approach available and used today, making it much easier to perform compliant research on European healthcare data with analytics, machine learning, or deep learning methods.

The concept of computational governance makes it possible to:

  • Generate insights without moving data out of a hospital’s environment

  • Run compliant analytics and machine learning on real-world data

  • Support a broad range of analytical algorithms

  • Seamlessly integrate into a researcher's workflow

Computational governance does not introduce another complexity into data preparation or require the masking of potentially crucial data points like with the HIPAA Safe Harbor method.

Computational governance lets you keep data at home, stay in full control, and adapt to changing regulatory needs quickly.

Computational governance enables compliant research in Europe

Before diving into use cases, let’s quickly understand what Computational Governance is.

Computational governance is a method to control, supervise, and track all aspects of computations on data. It works by enabling a data custodian to evaluate incoming compute requests, enforce privacy and security policies, and oversee the release of results. This allows data custodian organizations to ensure only secure and compliant computations run on their data and released results meet high privacy requirements. In short: computational governance is privacy, security and governance for ML and analytics in one workflow.

The federated computational governance approach of Apheris

The Compute Gateway and it's features are embedded in a security-hardened, federated architecture based on NVIDIA’s FLARE engine. Federation eradicates the need to move and centralize data, as computations are sent to the data and get executed within the data custodian‘s environment. This approach supports the GDPR’s principle of integrity and confidentiality (Art. 5 I lit. (f)), as raw personal data is never moved within, nor outside the product. Our Trust Center article includes full details on how Apheris helps you to stay GDPR compliant.

At the cornerstone of the Apheris computational governance solution, is the Compute Gateway including 3 key features:

  • Governance Portal

  • Model Registry

  • Compute Specs.

Governance Portal: The Governance Portal allows a hospital to define which computations are allowed on a dataset, the limits these algorithms must operate in, and which privacy-controls are mandated to ensure data privacy.

All this is defined in asset policies which empower hospitals to configure controls precisely to a use case and research purpose.

The combination of restricting computations and differentiating between data usage by purpose, caters to the GDPR principles of confidentiality through privacy-controls as well as purpose limitation (Art. 5 I lit. e and f GDPR).

Model Registry: The Apheris Model Registry is a collection of federation-ready, pre-ported models seamlessly usable within Apheris. All models have undergone thorough review with respect to security, privacy and compliance aspects. In addition, the model code is transparent to both – the data custodian and data consumer organization.

Each model comes with a model card, including metadata about the model as well as risk assessments and mitigation strategies - providing transparency and clear guidance for data custodians. Only models within the Model Registry can be selected for computations.

Compute Specs: Computations are transparently defined within compute specs. An ML Engineer selects a model from the model registry, specifies the target dataset and describes the purpose of the computation. After the ML Engineer submits a compute spec, the data custodian is able to assess it to ensure the computation complies with policies, therefore facilitating transparency, supervision, and governance obligations.

As the data custodian organization, in our case the hospital, has full control over which dataset is registered to a Compute Gateway, GDPR's requirement of accuracy and the right to be forgotten is easily controlled (Art. 5 I, lit. d, Art. 17 GDPR).

Use cases

If you are interested in the field of medical AI, you have almost certainly heard about the Swedish study published this year. Two teams of radiologists screened image data of 80,000 patients to identify cancer. One team supported by AI for screening and the other group used the traditional approach of double-screening. The AI-supported team was not only 20% more precise in their assessments but did so in half the time. The foundation for this breakthrough was the ability of training models on real-world data.

This is just one example of many published in recent papers. AI-powered progress is being made across the board:

Yet, without sufficient training on real world data, it might be difficult to achieve production grade accuracy for these models. As foundation models are broadly available, data becomes the differentiator.

Concluding thoughts

In conclusion, computational governance is an enabling technology for hospitals to join collaborations with researchers while gaining considerable benefits:

  • Data Safety: Data stays behind a hospital’s firewall

  • Productization: Any data of any level of sensitivity

  • Oversight: Fine-grained control of permitted algorithms and ML models

  • Observability: Detailed insights about who did what when with which algorithms

  • Compliant collaboration: Quickly adapt to new research projects or regulations

Apheris' Computational Governance approach ensures scalability and efficiency, vital in the complex regulatory landscape of European healthcare.

By utilizing federated learning and computational governance, hospitals can participate in critical research while maintaining data privacy and compliance with regulations like GDPR.

This setup not only streamlines workflows but also enhances the hospital's ability to adapt to regulatory changes swiftly. Ultimately, computational governance empowers hospitals to contribute significantly to healthcare advancements, leveraging their valuable data securely and efficiently.

Computational governance
Platform & Technology
Share blog post to Linked InTwitter

Insights delivered to your inbox monthly

Related Posts