Federated Learning for Healthcare Domain - Pipeline, Applications and Challenges

Federated learning is the process of developing machine learning models over datasets distributed across data centers such as hospitals, clinical research labs, and mobile devices while preventing data leakage. This survey examines previous research and studies on federated learning in the healthcare sector across a range of use cases and applications. Our survey shows what challenges, methods, and applications a practitioner should be aware of in the topic of federated learning. This paper aims to lay out existing research and list the possibilities of federated learning for healthcare industries.© 2022 Copyright held by the owner/author(s).

PbDinEHR: A Novel Privacy by Design Developed Framework Using Distributed Data Storage and Sharing for Secure and Scalable Electronic Health Records Management

Privacy in Electronic Health Records (EHR) has become a significant concern in today's rapidly changing world, particularly for personal and sensitive user data. The sheer volume and sensitive nature of patient records require healthcare providers to exercise an intense quantity of caution during EHR implementation. In recent years, various healthcare providers have been hit by ransomware and distributed denial of service attacks, halting many emergency services during COVID-19. Personal data breaches are becoming more common day by day, and privacy concerns are often raised when sharing data across a network, mainly due to transparency and security issues. To tackle this problem, various researchers have proposed privacy-preserving solutions for EHR. However, most solutions do not extensively use Privacy by Design (PbD) mechanisms, distributed data storage and sharing when designing their frameworks, which is the emphasis of this study. To design a framework for Privacy by Design in Electronic Health Records (PbDinEHR) that can preserve the privacy of patients during data collection, storage, access and sharing, we have analysed the fundamental principles of privacy by design and privacy design strategies, and the compatibility of our proposed healthcare principles with Privacy Impact Assessment (PIA), Australian Privacy Principles (APPs) and General Data Protection Regulation (GDPR). To demonstrate the proposed framework, ‘PbDinEHR', we have implemented a Patient Record Management System (PRMS) to create interfaces for patients and healthcare providers. In addition, to provide transparency and security for sharing patients' medical files with various healthcare providers, we have implemented a distributed file system and two permission blockchain networks using the InterPlanetary File System (IPFS) and Ethereum blockchain. This allows us to expand the proposed privacy by design mechanisms in the future to enable healthcare providers, patients, imaging labs and others to share patient-centric data in a transparent manner. The developed framework has been tested and evaluated to ensure user performance, effectiveness, and security. The complete solution is expected to provide progressive resistance in the face of continuous data breaches in the patient information domain.

Implementation of data protection laws in the European Union and in California is associated with a move of clinical trials to countries with fewer data protections.

The European Union implemented data privacy laws in mid-2018 and the state of California enacted a similar law several weeks later. These regulations affect medical data collection and analysis. It is unclear if they achieve this goal in the realm of clinical trials. Here we investigate the effect of these laws on clinical trials through analysis of clinical trials recorded on the US's ClinicalTrials.gov, the World Health Organization's International Clinical Trials Registry Platform and scientific papers describing clinical trials. Our findings show that the number of phase 1 and 2 trials in countries not adhering to these data privacy laws rose significantly after implementation of these laws. The largest rise occurred in countries which are less free, as indicated by the negative correlation (-0.48, p = 0.008) between the civil liberties freedom score of countries and the increase in the number of trials. This trend was not observed in countries adhering to data privacy laws nor in the paper publication record. The rise was larger (and statistically significant) among industry funded trials and interventional trials. Thus, the implementation of data privacy laws is associated a change in the location of clinical trials, which are currently executed more often in countries where people have fewer protections for their data.

Challenges related to data protection in clinical research before and during the COVID-19 pandemic: An exploratory study.

Background: The COVID-19 pandemic brought global disruption to health, society and economy, including to the conduct of clinical research. In the European Union (EU), the legal and ethical framework for research is complex and divergent. Many challenges exist in relation to the interplay of the various applicable rules, particularly with respect to compliance with the General Data Protection Regulation (GDPR). This study aimed to gain insights into the experience of key clinical research stakeholders [investigators, ethics committees (ECs), and data protection officers (DPOs)/legal experts working with clinical research sponsors] across the EU and the UK on the main challenges related to data protection in clinical research before and during the pandemic. Materials and methods: The study consisted of an online survey and follow-up semi-structured interviews. Data collection occurred between April and December 2021. Survey data was analyzed descriptively, and the interviews underwent a framework analysis. Results and conclusion: In total, 191 respondents filled in the survey, of whom fourteen participated in the follow-up interviews. Out of the targeted 28 countries (EU and UK), 25 were represented in the survey. The majority of stakeholders were based in Western Europe. This study empirically elucidated numerous key legal and ethical issues related to GDPR compliance in the context of (cross-border) clinical research. It showed that the lack of legal harmonization remains the biggest challenge in the field, and that it is present not only at the level of the interplay of key EU legislative acts and national implementation of the GDPR, but also when it comes to interpretation at local, regional and institutional levels. Moreover, the role of ECs in data protection was further explored and possible ways forward for its normative delineation were discussed. According to the participants, the pandemic did not bring additional legal challenges. Although practical challenges (for instance, mainly related to the provision of information to patients) were high due to the globally enacted crisis measures, the key problematic issues on (cross-border) health research, interpretations of the legal texts and compliance strategies remained largely the same.

Incomplete COVID-19 Data: The Curation of Medical Health Data by the Virus Outbreak Data Network-Africa

The incompleteness of patient health data is a threat to the management of COVID-19 in Africa and globally. This has become particularly clear with the recent emergence of new variants of concern. The Virus Outbreak Data Network (VODAN)-Africa has studied the curation of patient health data in selected African countries and identified that health information flows often do not involve the use of health data at the point of care, which renders data production largely meaningless to those producing it. This modus operandi leads to disfranchisement over the control of health data, which is extracted to be processed elsewhere. In response to this problem, VODAN-Africa studied whether or not a design that makes local ownership and repositing of data central to the data curation process, would have a greater chance of being adopted. The design team based their work on the legal requirements of the European Union's General Data Protection Regulation (GDPR);the FAIR Guidelines on curating data as Findable, Accessible (under well-defined conditions), Interoperable and Reusable (FAIR);and national regulations applying in the context where the data is produced. The study concluded that the visiting of data curated as machine actionable and reposited in the locale where the data is produced and renders services has great potential for access to a wider variety of data. A condition of such innovation is that the innovation team is intradisciplinary, involving stakeholders and experts from all of the places where the innovation is designed, and employs a methodology of co-creation and capacity-building. © 2022 Chinese Academy of Sciences. Published under a Creative Commons Attribution 4.0 International (CC BY 4.0) license.

The Next Generation of eHealth: A Multidisciplinary Survey

Over the past two years, the spread of COVID-19 has spurred the use of information and communication technologies (ICT) in aid of healthcare. The need to guarantee continuity to care has promoted research and industry activities aimed at developing solutions for the digitalization of the procedures to be performed to provide health services, even in emergency scenarios. Digital collection, transmission, and processing of health data represent the starting point for fulfilling this innovation process but also bring heterogeneous challenges. These motivations led to the elaboration of this work, which analyzes innovative and technological tools for the development of digital health (eHealth) through the collection of multisectoral literature, produced thanks to the cooperation of varied research groups, thus providing a multidisciplinary survey. Since digital health is expected to be one of the leading applications of the sixth-generation (6G) wireless cellular networks, this paper covers the related telecommunications aspects. Furthermore, the exploitation of artificial intelligence paradigms to elaborate massive amounts of biological data is examined. Given the extreme sensitivity of health data, this paper also investigates security and privacy issues. In particular, the main techniques and approaches to guarantee security properties (i.e., anonymity, responsibility, authentication, confidentiality, integrity, non-repudiation, and revocability) are studied. Applications involving innovative electromagnetic systems for healthcare and assisted living services are described to provide an example of an eHealth scenario leveraging ICT. Finally, the telemedicine-related regulations of the European Commission are analyzed, with particular reference to the General Data Protection Regulation (GDPR).

Postpandemic Technopolitical Democracy: Algorithmic Nations, Data Sovereignty, Digital Rights, and Data Cooperatives

COVID-19 has hit citizens dramatically during 2020, not only creating a general risk-driven environment encompassing a wide array of economic vulnerabilities but also exposing them to pervasive digital risks, such as biosurveillance, misinformation, and e-democracy algorithmic threats. Over the course of the pandemic, a debate has emerged about the appropriate democratic and technopolitical response when governments use disease surveillance technologies to tackle the spread of COVID-19, pointing out the dichotomy between state-Leviathan cybercontrol and civil liberties. The COVID-19 pandemic has inevitably raised the need to resiliently and technopolitically respond to democratic threats that hyperconnected and highly virialised societies produce. In order to shed light on this debate, amidst this volume on "democratic deepening”, this chapter introduces the new term "postpandemic technopolitical democracy” as a way to figure out emerging forms and scales for developing democracy and citizen participation in hyperconnected and highly virialised postpandemic societies. Insofar as the digital layer cannot be detached from the current democratic challenges of the twenty-first century including neoliberalism, scales, civic engagement, and action research-driven co-production methodologies;this chapter suggests a democratic toolbox encompassing four intertwined factors including (i) the context characterised by the algorithmic nations, (ii) challenges stemming from data sovereignty, (iii) mobilisation seen from the digital rights perspective, and (iv) grassroots innovation embodied through data cooperatives. This chapter elucidates that in the absence of coordinated and interdependent strategies to claim digital rights and data sovereignty by algorithmic nations, on the one hand, big tech data-opolies and, on the other hand, the GDPR led by the European Commission might bound (negatively) and expand (positively) respectively, algorithmic nations' capacity to mitigate the negative side effects of the algorithmic disruption in Western democracies. © 2023, The Author(s).

Statistical Approach to Estimating Audience from MAC-Randomized WiFi Probe Requests.

In the past few years, the ability of wireless network operators to monitor audience using control frames emitted by client devices has been compromised, both by legislation treating client MAC addresses as private information and by the difficulty of distinguishing genuine client frames from those arising from the Internet of Things or from certain enhanced services. Here, a deterministic model, based on characteristics of human activity and on seasonal trends, is used to reveal underlying client statistics in raw MAC-randomized WiFi Probe Request data. The method proposes a candidate conversion factor, X, between probe request counts and the client population, which offers plausible predictions on real-world datasets.

The right to privacy and an implication of the EU General Data Protection Regulation (GDPR) in Europe: challenges to the companies

The article traces the European Union (EU)’s General Data Protection Regulation (GDPR) and implication in the Europe. In the era of global digitalisation, the right to respect private life, communication and the home has become a matter of protection. Protecting the right to privacy is a responsibility of a state which includes privacy of personal information, e.g. birth, messages, phone call and number and emails. Likewise, this study explains EU concern’s about its citizens’ privacy and the recent inclusion of the GDPR for the protection of natural persons. The article aims to explore individual fundamental rights and implications in the digital age, as well as cooperation data rules between companies and public bodies. At the same time, questions arise about the rightful implication of GDPR and the right to privacy of the public through protection, especially from tech companies. For validating the argument, various qualitative research methods were applied. The COVID-19 pandemic has raised a serious question over privacy rights protection by the government, which supports our findings that EU GDPR has a long road to go and have challenges. Its credibility of lawful data activities is also a matter of concern and a reliable promise by the member states and the EU. [ FROM AUTHOR] Copyright of Journal of Contemporary European Studies is the property of Routledge and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full . (Copyright applies to all s.)

Reflections about handling interview data from third countries at European universities: Collaboration opportunities and/or risky business for participants and researchers?

Through reflections about a case study concerning an unfeasible, planned research study on nurses’ working days during the COVID-19 pandemic, the article aims to describe and discuss legal and ethical challenges when conducting European-based research together with nurses in third countries. The article highlights how the General Data Protection Regulation challenges EU and non-EU research collaborations and research across borders in healthcare research. Digitally recorded interview data can be traced, putting both research participants and researchers at risk in relation to confidentiality, safety and potential critical views by national regimes. This raises ethical claims for research collaborations between EU and third countries and hampers the possibilities to make silent voices discernible through research. It is a questionable solution both to collaborate and not to collaborate with third countries such as China. Further reflections on the ways forward to facilitate research collaboration between EU and third countries are needed. © The Author(s) 2022.

The dawn of digital public health in Europe: Implications for public health policy and practice.

The COVID-19 pandemic has highlighted the importance of digital health technologies and the role of effective surveillance systems. While recent events have accelerated progress towards the expansion of digital public health (DPH), there remains significant untapped potential in harnessing, leveraging, and repurposing digital technologies for public health. There is a particularly growing need for comprehensive action to prepare citizens for DPH, to regulate and effectively evaluate DPH, and adopt DPH strategies as part of health policy and services to optimise health systems improvement. As representatives of the European Public Health Association's (EUPHA) Digital Health Section, we reflect on the current state of DPH, share our understanding at the European level, and determine how the application of DPH has developed during the COVID-19 pandemic. We also discuss the opportunities, challenges, and implications of the increasing digitalisation of public health in Europe.

The Processing goes far beyond "the app"- Privacy issues of decentralized Digital Contact Tracing using the example of the German Corona-Warn-App

Since SARS-CoV-2 started spreading in Europe in early 2020, there has been a strong call for technical solutions to combat or contain the pandemic, with contact tracing apps at the heart of the debates. The EU's General Data Protection Regulation (GDPR) requires controllers to carry out a data protection impact assessment (DPIA) where their data processing is likely to result in a high risk to the rights and freedoms (Art. 35 GDPR). A DPIA is a structured risk analysis that identifies and evaluates possible consequences of data processing relevant to fundamental rights in advance and describes the measures envisaged to address these risks or expresses the inability to do so.Based on the Standard Data Protection Model (SDM), we present the results of a scientific and methodologically clear DPIA. It shows that even a decentralized architecture involves numerous serious weaknesses and risks, including larger ones still left unaddressed in current implementations. It also found that none of the proposed designs operates on anonymous data or ensures proper anonymisation. It also showed that informed consent would not be a legitimate legal ground for the processing. For all points where data subjects' rights are still not sufficiently safeguarded, we briefly outline solutions. © 2022 IEEE.

Proportionate response to the COVID-19 threat? Use of apps and other technologies for monitoring employees under the European Union's data protection framework.

This article explores the potential uses by employers of contact-tracing apps and other monitoring technologies to mitigate the spread of COVID-19, and the potential concerns that these raise in the context of the European Union's General Data Protection Regulation. Given the imbalance of power in the employment relationship, the authors call for national laws to strengthen employees' ability to refuse the use of such apps and technologies after the end of the COVID-19 pandemic. When such tools are no longer needed to keep employees safe, additional regulations and guidance will be necessary to prevent future problems, such as function creep and other misuse by employers.

E-HEALTH AS A RESULT OF AI, A "PANDORA'S BOX" FOR PRIVACY?

In a growing, worldwide increase of aging population and a fundamental lack of suitable medical personal Ehealth can be a considerable help to support the fl aws in care and medical support. Ehealth is the next step in medical industry and medical communication on every level, from lifestyle advice to surgery and communication of medical data between professionals as well as between patients or governmental health authorities. In this respect it will be necessary to look into the ethical and legal acceptability of AI in the health discipline, considering the requirements of privacy, ethics and the protection of sensitive data as regulated in the GDPR. © 2022 Editions Weblaw. All rights reserved.

Towards Trustworthy Learning Analytics Applications: An Interdisciplinary Approach Using the Example of Learning Diaries

Learning analytics (LA) is an emerging field of science due to its great potential to better understand, support and improve the learning and teaching process. Many higher education institutions (HEIs) have already included LA in their digitalisation strategies. This process has been additionally accelerated during the COVID-19 pandemic when HEIs transitioned from face-2-face learning environments to hybrid and e-learning environments and entirely relied on technology to continue operating. Undoubtedly, there was never a time when so much student data was collected, analysed, and reported, which brings numerous ethical and data protection concerns to the forefront. For example, a critical issue when implementing LA is to determine which data should be processed to fulfil pedagogical purposes while making sure that LA is in line with ethical principles and data protection law, such as the European General Data Protection Regulation (GDPR). This article contributes to the discussion on how to design LA applications that are not only useful and innovative but also trustworthy and enable higher education learners to make data-informed decisions about their learning process. For that purpose, we first present the idea and methodology behind the development of our interdisciplinary Criteria Catalogue for trustworthy LA applications intended for students. The Criteria Catalogue is a new normative framework that supports students to assess the trustworthiness of LA applications. It consists of seven defined Core Areas (i.e., autonomy, protection, respect, non-discrimination, responsibility and accountability, transparency, and privacy and good data governance) and corresponding criteria and indicators. Next, we apply this normative framework to learning diaries as a specific LA application. Our goal is to demonstrate how ethical and legal aspects could be translated into specific recommendations and design implications that should accompany the whole lifecycle of LA applications. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Exploring the limits of joint control: the case of COVID-19 digital proximity tracing solutions

Referring to the judgment of the CJEU in Fashion-ID, some scholars have anticipated that, “at this rate everyone will be a [joint] controller of personal data”. This contribution follows this arguably provocative, but not entirely implausible, line of thinking. In the first part of the article, we highlight the ambiguities inherent to the concept of “joint control” and confront them with those pertaining to the notion of “identifiability”. In the second part, we investigate the effects of the broad legal test for joint control on the role of the individual user of BLE-based COVID-19 digital proximity tracing solutions. This offers the possibility to examine, at a theoretical level, whether the impact of the broad notion of joint control differs depending on the architecture of the system (i.e. centralized or decentralized). We found out that the strict application of the joint controllership test could lead to unexpected and, most likely, unintended results. First, an app user could, in theory, qualify as a joint controller with a national health authority regardless of the protocol’s architecture. Second, an actor could, again in theory, be considered as a joint controller of data that is not personal from that actor’s perspective. © 2021 Stephanie Rossello and Pierre Dewitte.

THE RIGHT OF THE PATIENTS TO THEIR PRIVACY IN THE MEDIA SPACE IN THE LIGHT OF CHURCH DOCTRINE AND POSITIVE LAWS OF THE REPUBLIC OF CROATIA

The speech about examples of violation in the context of discussion of the right to privacy is especially relevant in the modern, digital age. Although it directly concerns the protection of the inner area of the human person, his conscience, private and family life, it actually affects many areas of society. In the context of talking about the right to privacy, the role of the media is very important. The activities of the media are focused on the public sphere, they concern the right to information, and the right to privacy to the personal. Therefore, the legal regulations of both goods are often in conflict. When subjects are entitled to patients' privacy, the problem is further complicated by the fact that in some cases health care takes on the character of an issue of general interest. This was especially evident in the media coverage of the COVID 19 pandemic. Does it aim to provide some answers to questions such as: Is it in the public interest to know above the dignity of patients? When and why is it important not to diagnose patients? Who benefits from unethical and bioethical careless reporting? The ultimate purpose of the paper is to sensitize the media when it comes to presenting facts about a person's health condition, guided by positive civil laws, principles of church doctrine and provisions in the canon law area. The intention of the paper is not to properly assess individual cases, but to open questions with a general overview and prevent the negative consequences of the wrong approach and insensitivity to the issues that are the subject of this paper. © 2022 University of Split. All rights reserved.

Practices and Attitudes of Bavarian Stakeholders Regarding the Secondary Use of Health Data for Research Purposes During the COVID-19 Pandemic: Qualitative Interview Study.

BACKGROUND: The COVID-19 pandemic is a threat to global health and requires collaborative health research efforts across organizations and countries to address it. Although routinely collected digital health data are a valuable source of information for researchers, benefiting from these data requires accessing and sharing the data. Health care organizations focusing on individual risk minimization threaten to undermine COVID-19 research efforts, and it has been argued that there is an ethical obligation to use the European Union's General Data Protection Regulation (GDPR) scientific research exemption during the COVID-19 pandemic to support collaborative health research. OBJECTIVE: This study aims to explore the practices and attitudes of stakeholders in the German federal state of Bavaria regarding the secondary use of health data for research purposes during the COVID-19 pandemic, with a specific focus on the GDPR scientific research exemption. METHODS: Individual semistructured qualitative interviews were conducted between December 2020 and January 2021 with a purposive sample of 17 stakeholders from 3 different groups in Bavaria: researchers involved in COVID-19 research (n=5, 29%), data protection officers (n=6, 35%), and research ethics committee representatives (n=6, 35%). The transcripts were analyzed using conventional content analysis. RESULTS: Participants identified systemic challenges in conducting collaborative secondary-use health data research in Bavaria; secondary health data research generally only happens when patient consent has been obtained, or the data have been fully anonymized. The GDPR research exemption has not played a significant role during the pandemic and is currently seldom and restrictively used. Participants identified 3 key groups of barriers that led to difficulties: the wider ecosystem at many Bavarian health care organizations, legal uncertainty that leads to risk-adverse approaches, and ethical positions that patient consent ought to be obtained whenever possible to respect patient autonomy. To improve health data research in Bavaria and across Germany, participants wanted greater legal certainty regarding the use of pseudonymized data for research purposes without the patient's consent. CONCLUSIONS: The current balance between enabling the positive goals of health data research and avoiding associated data protection risks is heavily skewed toward avoiding risks; so much so that it makes reaching the goals of health data research extremely difficult. This is important, as it is widely recognized that there is an ethical imperative to use health data to improve care. The current approach also creates a problematic conflict with the ambitions of Germany, and the federal state of Bavaria, to be a leader in artificial intelligence. A recent development in the field of German public administration known as norm screening (Normenscreening) could potentially provide a systematic approach to minimize legal barriers. This approach would likely be beneficial to other countries.

Using the SQuaRE series as a guarantee for GDPR compliance

In a context where the availability of information represents the opportunity for companies to gain a competitive advantage in the market through the use of sophisticated AI algorithms, data quality assumes a strategic role. With this paper we want to show that the adoption of an international quality measurement standard such as the one present in the SQuaRE series can on the one hand improve the ethical aspect of machine learning algorithms and on the other hand meet the requirements imposed by the European Community regarding the protection of personal data of citizens in Member States (GDPR). Indeed, although the attention to the protection of personal data is mainly directed towards the aspects of security and confidentiality, in a holistic view we should also evaluate the risks arising from the absence of quality in the data. In this context, we consider consistent and of reference for the international community the choice of the Italian legislator made for the Public Administrations. Since 2013 the Agency for Digital Italy (AgID) has suggested the adoption of ISO/IEC 25012 for public administrations in charge of managing databases of national interest. In the article, we propose a methodological approach that ensures the governance of data quality and some open questions regarding the homogeneity of the selected measures. © 2021 for this paper by its authors

FROM SHARING TO SELLING: CHALLENGES AND OPPORTUNITIES OF ESTABLISHING A DIGITAL HEALTH DATA MARKETPLACE USING BLOCKCHAIN TECHNOLOGIES.

During the COVID-19 pandemic, we witnessed how sharing of biological and biomedical data facilitated researchers, medical practitioners, and policymakers to tackle the pandemic on a global scale. Despite the growing use of electronic health records (EHRs) by medical practitioners and wearable digital gadgets by individuals, 80% of health and medical data remain unused, adding little value to the work of researchers and medical practitioners. Legislative constraints related to health data sharing, centralized siloed design of traditional data management systems, and most importantly, lack of incentivization models are thought to be the underpinning bottlenecks for sharing health data. With the advent of the General Data Protection Regulation (GDPR) of the European Union (EU) and the development of technologies like blockchain and distributed ledger technologies (DLTs), it is now possible to create a new paradigm of data sharing by changing the incentivization model from current authoritative or altruistic form to a shared economic model where financial incentivization will be the main driver for data sharing. This can be achieved by setting up a digital health data marketplace (DHDM). Here, we review papers that proposed technical models or implemented frameworks that use blockchain-like technologies for health data. We seek to understand and compare different technical challenges associated with implementing and optimizing the DHDM operation outlined in these articles. We also examine legal limitations in the context of the EU and other countries such as the USA to accommodate any compliance requirement for such a marketplace. Last but not least, we review papers that investigated the short-, medium-, and long-term socioeconomic impact of such a marketplace on a wide range of stakeholders.