Moving Beyond Traditional Data Protection: Homomorphic Encryption Could Provide What’s Needed for Artificial Intelligence

A study published in 2024 in JMR Medical Informatics found that artificial intelligence (AI) models using multi-institutional data sets processed with homomorphic encryption outperformed AI models using data from one institution processed with standard encryption.

Such research shows how homomorphic encryption offers promise to health information (HI) professionals as a data protection tool.

Homomorphic encryption makes it easier to leverage data from multiple organizations to fuel AI tools – a task that is often difficult in healthcare due to stringent data privacy regulations and concerns. To appreciate homomorphic encryption’s full potential, HI professionals need to understand what this technology does, recognize its benefits, and address challenges associated with adoption and implementation.

Understanding A New Encryption Option

Traditional encryption protects data in transit and at rest but leaves gaps when data is in use or between lifecycle stages. Thus, when data is decrypted for use, it becomes exposed – a vulnerability hackers often exploit. Such gaps leave potentially dangerous weak links in data security strategy, says Ravi Srivatsav, co-founder and CEO of DataKrypto, a data security company in Burlingame, CA.

In contrast, homomorphic encryption allows computations to be performed directly on encrypted data. This distinction makes homomorphic encryption uniquely suited for privacy-preserving data analytics and cross-institutional research, according to Robert Coombs, founder and CEO at Baton Health, a credentialing company in Brooklyn, NY.

Homomorphic encryption “has transformative potential for HI professionals by enabling secure collaboration and data sharing,” Coombs says. “This can lead to more comprehensive datasets for AI and machine learning (ML) models, improving the accuracy and utility of predictions, such as postoperative outcomes or disease risk stratification.”  

In addition, the privacy advantages associated with homomorphic encryption are crucial for HI professionals because they are apt to “play a critical role in ensuring the successful and compliant implementation of AI and machine learning in healthcare settings,” Srivatsav says. Using confidential information to train AI and ML models and for generative AI queries and outputs exposes data to malicious access and exploitation. Phishing and ransomware attacks also target AI models, Srivatsav says.

While more stringent data access and monitoring policies can help thwart this unwanted activity, HI professionals must leverage applications with-built in homomorphic encryption to ensure data protection.

“While other steps can help stop malicious actors from accessing sensitive data, they are not failproof,” Srivatsav notes. “When threat actors find their way through, fully homomorphic encryption ensures that the data they access is unusable and can’t be tampered with or poisoned.”

Such improved data protection is a feature that healthcare professionals should not ignore. Homomorphic encryption  also enables secure collaboration and compliance with many privacy acts in various governments and other international standards, says Paul Baka, managing director of SSLTrust and Verokey, a website security provider based in Australia.

Homomorphic encryption improves confidence in the system by enhancing analytical capabilities and providing a way to gain more detailed information and make better choices, according to Rary Baloch, CEO and founder of RDSECLABS, a cybersecurity company in London.

A 2022 article in BMC Medical Ethics examined how technologies such as homomorphic encryption might comply with data protection and research ethics frameworks. Researchers conducted interviews with experts from Swiss hospitals and research institutes, including legal and clinical data management staff and clinical and legal ethicists.

The study said “researchers and decision-making bodies, such as research ethics committees, should receive ongoing training about computational technologies and data driven research.” Researchers concluded that general consent forms should be amended to give patients the opportunity to opt out of having their data anonymized using advanced privacy enhancing technologies. They also suggested that a public education campaign could be used to explain how technologies such as homomorphic encryption work to help patients understand how their data will be processed.

Recognizing Various Forms

According to Srivasta, in addition to recognizing how homomorphic encryption differs from traditional encryption, it’s important to understand that this tool comes in various forms such as:

• Partially homomorphic: Supports only one type of operation (e.g., addition or multiplication).
• Somewhat homomorphic: Supports a finite number of operations.
• Fully homomorphic: The most powerful form of homomorphic encryption, fully homomorphic allows for an infinite number of operations for an infinite amount of time. Fully homomorphic encryption enables analytical functions to run directly on encrypted data while yielding the same encrypted results as if the functions were run on plain text.

Confronting Challenges on the Path Forward

Although there are many advantages associated with homomorphic encryption, HI professionals can expect challenges as well.

Slower performance could lead to extended processing times and can delay AI/ML outcomes, introducing governance challenges for timely decision-making. Indeed, homomorphic encryption is “computationally intensive, which can slow things down, and requires special expertise that many organizations don’t have,” Baka says. “It will be expensive especially for smaller healthcare organizations. And it’s not always easy to integrate into existing systems.”

KJ Haywood, Principal CEO at Nomand Cyber Concept, a consulting firm in Grapevine, TX, recommends that healthcare organizations cautiously move toward the adoption of this new technology.

“Homomorphic encryption is a promising tool for HI professionals, but its adoption should consider resource constraints and ongoing advancements,” Haywood says. “I would compare this to building a cutting-edge medical facility, where success depends on balancing costs, using the latest technology, and consulting with specialists to ensure it runs efficiently.”

John McCormack is a Riverside, IL-based freelance writer covering healthcare information technology, policy, and clinical care issues.