Project perspectives IV: interview with Davide Zaccagnini

In euCanSHare, Lynkeus is responsible for blockchain implementation within the data-sharing platform. Can you briefly explain, in lay terms, what blockchain technology is and why it was included in the platform design? Blockchain systems offer an entirely new paradigm to govern complex data ecosystems.  The core innovation is their peer-to-peer architecture which assigns full control to the community that participates in the ecosystem, instead of a central authority. Each node implements administrative roles giving the network the ability to govern itself on the basis of shared policies and rules. In healthcare, this is becoming a crucial paradigm to empower data subjects, i.e., patients, with actual control over their data and, at the same time, to reduce the cost of data transactions while preserving compliance. In many ways, blockchain is emerging as a key technology for enforcing GDPR while allowing data to be shared at scale.

What is the role of blockchain in euCanSHare? One of the main goals in euCanSHare is to increase transparency and trust when it comes to sharing research data, specifically in cardiology. Despite calls to Open Science and FAIR use of research data, we still have systemic frictions which slow down the speed of innovation and research. Data owners have very legitimate concerns about the use of their data, which must be addressed, and yet the system is simply not efficient enough to allow effective circulation of key data, whether for traditional research or development of medical AI applications. Blockchain can make these ends meet. On one side, it can enforce data access policies in a very robust way, as the ledger on which it runs is immutable, fully auditable and allows only transactions that are deemed legitimate based on the network’s policies. On the other hand, these policies are applied in real time, so that I can immediately know if a data set is accessible to me, based on my profile and what I plan to do with the data. This transparency in the process and the efficiency that comes with it are the key objectives of our work in this project.

What role smart contracts play in the system? How will they support data sharing and access management in the project? Smart contracts are, quite simply, sets of business rules that each participant in the network independently sets and manages. They capture policies or preferences of people or institutions as to how a given transaction should happen, or not, in the system. A smart contract might state that a data set cannot be used for marketing or profiling purposes. Once this clause is set, the system itself, without human supervision, will enforce it, denying access to all who are seeking data for marketing or profiling. In euCanSHare, we use smart contracts to capture the policies defined by Data Access Committees (DAC) and enforce their application.

What is the added value of using blockchain in respect to more traditional approaches? Primarily the empowerment of the individual, i.e., the data subject, and of any entity which wants to reduce data transaction cost while maintaining compliance. As an example, if a hospital wants to use routine clinical data for a new study, it faces the logistic nightmare of having to call patients back to the hospital to sign a new informed consent. Blockchain, plus a simple mobile app such as the one we developed in MHMD, solves the problem in a few clicks. The patient can update his/her consent in a matter of seconds, unlocking the value of the data. This, at the same time, allows very robust compliance controls, which are much harder to perform on centralized systems, as the record of all policies, their updates and the transaction executed, or denied, based on these policies are published in real-time on the ledger.

Which type of blockchain and smart contracts will be adopted in euCanSHare, and why? We are using in this and other projects Hyperledger Fabric (Hyperledger Fabric – Hyperledger), which offers high reliability and more operational efficiency than other blockchains and, at the same time, the ability to create private networks in which only authorized entities can participate. This is relevant in the biomedical sector, both for legal and business reasons. Hyperledger also allows to establish separate channels, each with its own ledger, a very flexible tool to create dedicated networks, with their specific policies and controls.

The euCanSHare blockchain will leverage the pilot experience of the MHMD project for the use of blockchain in healthcare. How will the project benefit from MHMD results? MHMD laid the foundation of our technology stack and in general pioneered the concept of peer to peer data ecosystems in medicine. It was really one of the first examples of how to implement the GDPR, which came into force during the project, in real-world healthcare scenarios. In euCanSHare and other projects, we are leveraging both the technology, including smart contracts, and our experience at the intersection of medicine, law and technology.

How can blockchain contribute to increase of data owners’ trust and favour the compliant data sharing across countries in line with Open Science tenets? Trust really depends on transparency and this is really where blockchain can shift the paradigm. When you have an open, public record of all the transactions, all the policies governing these transactions and complete flexibility for each player to set and modify his own policies at any time, you have transparency built directly into the system. This means that you remain in complete control of your data, applying whatever condition is important to you, but it also means that if I meet your conditions, I have access to data in real time, not after waiting for weeks, sending dozens of emails and through decisions processes that are, at times, far from clear. This, for us, actualizes the principle of Open Science and FAIR data sharing in a true sense.

What advice would you give to developers and entrepreneurs willing to utilize blockchain for their data infrastructures? Make sure your organisation is ready to embrace an entirely new paradigm and to really engage with your community. One of the values of doing so is that you can now reduce your legal liabilities. In the case of hospitals, for instance, you delegate the process of obtaining and enforcing consent to the system, which protects the hospital from potential misuse of personal information. The GDPR imposes server penalties in these cases. The second advice is to have a clear strategy for your institution in these new data-sharing models. As they become the norm, the volume of data actually shared will rise, and with it the opportunities for innovation that you’ll be able to realize.