Researchers have successfully employed secure multiparty computation (MPC) to conduct a privacy-friendly evaluation of patient data in a study focusing on MR-guided radiotherapy (MRgRT) for adrenal gland metastasis. The collaborative effort between LMU University Hospital in Munich, Germany, and Fondazione Policlinico Universitario Agostino Gemelli IRCCS in Rome, Italy, demonstrates a novel approach to overcoming data privacy challenges in medical research.
Precision in Adrenal Gland Metastasis Treatment
The study aimed to assess the efficacy of MRgRT in treating adrenal gland metastasis, a context where precision is crucial. Traditional imaging modalities often lack the resolution needed for utmost precision, necessitating wider safety margins and consequently, greater radiation exposure to adjacent tissues. The introduction of MR-Linac systems allows for real-time MRI scanning before and during radiation sessions, enabling on-the-fly adjustments to account for anatomical shifts and tumor movement. This adaptability is essential for treating metastases in the liver or adrenal glands, where tumors are located near critical organs and are prone to move with each breath.
Overcoming Data Privacy Challenges
Radiation therapy of adrenal gland metastases is relatively uncommon, largely because they frequently undergo surgical removal. This rarity poses challenges for evaluating and conducting in-depth analyses of radiation treatments, as the number of patients treated at any given center is often insufficient. Efforts to merge data from different sources are hindered by strict data privacy laws. Secure multiparty computation presents a viable solution by enabling joint data analysis while allowing sites to retain control over their data and protecting patient privacy.
Study Design and Methodology
This study was designed as a bicenter, prospective, longitudinal observational study without a control group. The treatment itself was administered solely per the pre-existing SOPs, based on best available evidence. There was no deviation from standard therapy planned. Clinical results were documented for quality control and quality assurance after the end of treatment and evaluated after the fact.
Instead of data being transmitted between the two sites for evaluation in a pseudonymised way, the data was to remain with the two clinical sites and was evaluated by jointly running a secure multiparty computation that will prevent each site from reconstructing the other sites’ data or processing them in a way that was not initially agreed on.
Secure Multiparty Computation Framework
The MPC framework included administrative and technical data protection measures. Administrative measures included amendments to the study protocol, cooperation agreements, patient informed consent, and ethics votes. Technical measures involved a secure multiparty computation backend, federated secure computing middleware, sandboxing, firewalls, VPNs, and TLS.
There are three servers connected in a peer-to-peer network secured by VPN and TLS. Their firewalls are configured to only allow ingress from each other and from a researcher by LMU University Hospital, Fondazione Policlinico Universitario Agostino Gemelli IRCCS, and LMU Munich, respectively. The servers each host an instance of Sharemind MPC, a framework for secure multiparty computation. Data is stored as distributed secret shares across all three servers such that security is guaranteed if there is no collusion between parties. To evaluate data in a privacy-friendly way, the servers of the parties must actively cooperate in all calculations.
Data Evaluation and Results
Evaluation was performed with Rmind, an interactive statistics environment similar to R offering protection for input and outputs of the study. The input data from Munich and Rome was loaded as private tables. Specific columns such as gender, age etc. were referenced. Most importantly, the data from Rome (N = 24 patients) and Munich (N = 24 patients) was concatenated into a larger dataset of N = 48 patients. In this way, quantiles and frequencies of the overall patient population were computed. Finally, subsets for specific events (such as dead/alive during follow up) and subgroups (e.g., by Eastern Cooperative Oncology Group (ECOG) Performance Status) were selected. Survival tables were then constructed by counting events per follow up month.
Implications for Personalized Oncology
By enabling joint data analysis while preserving patient privacy, MPC facilitates detailed studies on rare cancers and advances the field of personalized oncology. This approach can be particularly valuable in situations where data sharing is restricted by privacy regulations, allowing researchers to collaborate and gain insights from larger datasets.
