FAQ

MedCo employs advanced cryptographic tools and privacy-enhancing techniques such as homomorphic encryption, secure distributed protocols and distributed ledger technologies. They are combined and optimized to enable effective and efficient privacy-preserving sharing of sensitive medical data. More can be found in this paper.

MedCo is open source and available in GitHub. The repositories for the latest release are listed here, and the information on how to deploy, use, and to develop on top of this software can be found in the documentation page.

MedCo is currently licensed under a EULA (End User License Agreement). You can freely use this software for non-commercial purposes. If you are planning to use it commercially, please contact us.

No, to the best of our knowledge, MedCo is the first system that has been deployed in hospitals and provides this level of data protection.

Absolutely, we are in discussions with other hospitals in Switzerland. With appropriate authorizations, we will also explore international partnerships.

MedCo can be used for both treatment and research.

• On the side of research, MedCo-Explore can be used to assess the feasibility of a possible subsequent investigation, by identifying the number of individuals that would fit a given research hypothesis. Using this number, the scientist can decide whether it is appropriate to launch a medical-research project and where. Then the researcher will make use of MedCo-Analysis, which will release statistical results.

• With appropriate approvals, MedCo can also be used for treatment purposes. A medical professional can, for example, use MedCo to guide her decision-making process to diagnose and/or treat her patients.

MedCo includes several security features that offer a wide range of benefits:

• End-to-end data protection (i.e., at rest, in transit and during computation) against unauthorized access to data. This protection is achieved through homomorphic encryption.
• No need for a central trusted authority, thanks to the use of multi-party computation.
• Access control through encryption and fine-grained user-role management.
• Immutable decentralized logging of all queries through a distributed ledger.

For MedCo to fully function, each institution must prepare its data in a common format by following agreed standards. Once encrypted, the data can be subject to external queries through the Web interface. Data encryption is performed by a dedicated software module that is separate from the MedCo query system and that runs at the medical institutions. This means that the MedCo query-system never accesses the unencrypted data. The dedicated software module is secure because it does not transfer any data outside of the hospital IT network and  loads only encrypted data into the MedCo database. A common governance framework has to be jointly established by the institutions that use MedCo to build a data-sharing network in order to define who has access to the system, with which role, and under which conditions.

No, MedCo can be used for any kind of medical data, provided that the data is homogeneous across participating institutions.

MedCo has not yet been used in Switzerland on COVID-19 patient data, but this is absolutely doable, and we (EPFL) are working on it, with international partners.