Fully Homomorphic Encryption: the next big thing for Healthcare data
What is Fully Homomorphic Encryption?
Fully homomorphic encryption (FHE) is an encryption scheme that enables analytical functions to be run directly on encrypted data while yielding the same encrypted results as if the functions were run on plaintext.
The common methods of storing and sharing sensitive data with colleagues and partners have weak links. Today, files are often encrypted in transit and at rest, but decrypted while in use. This provides hackers and insiders with repeated opportunities to exfiltrate unencrypted data. FHE plugs these holes. It allows the manipulation of data by permissioned parties while it remains encrypted, minimizing the time it exists in its most vulnerable state.
In conjunction with other techniques, FHE also makes it possible to selectively restrict decryption capabilities, so people can see only the portions of a file that they are entitled to, and are necessary for them to do their work.
Fully Homomorphic Encryption Example: Analysis of Private Medical Data
Situation: A medical researcher wants to compute descriptive statistics on a population of lung cancer patients at a hospital
Complication: The hospital is unable to share its private medical records with the researcher due to the HIPAA privacy rule.
Resolution: The hospital encrypts its sensitive data using a fully homomorphic encryption scheme, so that the data is protected while also able to be computed on.
How It Works:
The hospital homomorphically encrypts its medical records and sends them to the medical researcher’s cloud computing environment. Because the data is encrypted, it is fully protected and private in the cloud. Next, the researcher runs its analytical functions on the homomorphically-encrypted data in the cloud, manipulating the data while it remains encrypted.
Last, the researcher downloads the encrypted output, and decrypts the result to reveal the plaintext answer. Notice that the sensitive medical record data is encrypted end-to-end, and is only decrypted when revealing the final answer behind organizational firewalls.
Without a doubt, FHE promises to transform one of the most important aspects of protecting privacy and confidentiality — the notion that we can compute upon data while it remains in an encrypted state. In these early days, it’s important for enterprise to get used to and identify those use cases where FHE will be most impactful, especially as it will coexist alongside traditional forms of encryption that continue efficiently serving their purposes.
While FHE certainly won’t put an end to the ominous data breach notification arriving by mail, it promises to go a long way to reducing exposures that lead to these events. Moreover, for entities that walk the tightrope of extracting value from data while preserving privacy, putting FHE into practice may prove to be an impactful way to maximize both.