FAQ
Here you can find answers to the most common questions
What is MedCo?
There are two main sources of information about MedCo, the core technologies and cryptographic protocols and tools used are explained in detail in our paper published at IEEE/ACM TCBB. The software, modules, and packages for the prototype are described in the documentation page, together with the information needed to deploy and test it. Do not hesitate to contact us if you have any questions/problems.
How does MedCo work?
MedCo employs advanced cryptographic tools and privacy-enhancing techniques such as homomorphic encryption, secure distributed protocols and distributed ledger technologies. They are combined and optimized to enable effective and efficient privacy-preserving sharing of sensitive medical data. More can be found in this paper.
Is MedCo available online?
MedCo is open source and available in GitHub. The repositories for the latest release are listed here, and the information on how to deploy, use, and to develop on top of this software can be found in the documentation page.
Under which license is MedCo released?
MedCo is currently licensed under a EULA (End User License Agreement). You can freely use this software for non-commercial purposes. If you are planning to use it commercially, please contact us.
Are there similar systems already installed in hospitals, in Switzerland or abroad?
No, to the best of our knowledge, MedCo is the first system that has been deployed in hospitals and provides this level of data protection.
Do you envision an extension of the deployment beyond the 3 hospitals?
Absolutely, we are in discussions with other hospitals in Switzerland. With appropriate authorizations, we will also explore international partnerships.
Can MedCo be used for medical treatment or for research?
MedCo can be used for both treatment and research.
- On the side of research, MedCo-Explore can be used to assess the feasibility of a possible subsequent investigation, by identifying the number of individuals that would fit a given research hypothesis. Using this number, the scientist can decide whether it is appropriate to launch a medical-research project and where. Then the researcher will make use of MedCo-Analysis, which will release statistical results.
- With appropriate approvals, MedCo can also be used for treatment purposes. A medical professional can, for example, use MedCo to guide her decision-making process to diagnose and/or treat her patients.
What are the main privacy and security benefits provided by MedCo?
MedCo includes several security features that offer a wide range of benefits:
- End-to-end data protection (i.e., at rest, in transit and during computation) against unauthorized access to data. This protection is achieved through homomorphic encryption.
- No need for a central trusted authority, thanks to the use of multi-party computation.
- Access control through encryption and fine-grained user-role management.
- Immutable decentralized logging of all queries through a distributed ledger.
What are the efforts required to maintain the system?
For MedCo to fully function, each institution must prepare its data in a common format by following agreed standards. Once encrypted, the data can be subject to external queries through the Web interface. Data encryption is performed by a dedicated software module that is separate from the MedCo query system and that runs at the medical institutions. This means that the MedCo query-system never accesses the unencrypted data. The dedicated software module is secure because it does not transfer any data outside of the hospital IT network and loads only encrypted data into the MedCo database. A common governance framework has to be jointly established by the institutions that use MedCo to build a data-sharing network in order to define who has access to the system, with which role, and under which conditions.
Is MedCo usable only for oncology data?
No, MedCo can be used for any kind of medical data, provided that the data is homogeneous across participating institutions.
Can MedCo be used for the privacy-conscious sharing of COVID-19 patient data?
MedCo has not yet been used in Switzerland on COVID-19 patient data, but this is absolutely doable, and we (EPFL) are working on it, with international partners.