Health Records are a gold mine

Hoarding Data is profitable

Data has become the most powerful economic driver of the last decade, with companies like Google and Facebook achieving market dominance through data collection and analysis. However, this has brought with it significant debate around the issues of personal data and privacy.

The current model of data-driven businesses is based on the collection (and acquisition) of as much data as possible, from as many sources as possible, in order to analyse and provide meaningful and actionable insights. Big tech companies are essentially data hoarders. The bigger the data-set, the better. Alarming cases from last year include Google buying transaction data from Mastercard, and IMS Health saying they have collected data on over 500 Million patients.

In the US, government legislation clearly stipulates a requirement for all medical data provided to third parties to be anonymized. Unfortunately this legislation is decades old, and the tools that are currently available for data-mining make it trivial to correlate identities across multiple databases and cross referencing it with publicly available information, effectively de-anonymizing data.

While the privacy implications of hoarding health records are definitely underestimated and should be discussed more often, it must be equally stressed that this kind of statistical analysis is of paramount importance in the development of new treatments, therapies, and in general for all kinds of quantitative research.

In Europe, privacy laws are much more restrictive, and have mostly hindered the development of this kind of data giants, with individual hospital groups have developed their own data-sets and researching independently. This has obviously lead to smaller sample sizes, less statistical analysis, and the overall reduction of research efficacy.

While pooling data is positive for research, it is clear that centralizing all health records in a few giant tech companies has serious privacy and wealth concentration implications

The best of both worlds: MPC Technology

MPC (multi party computation) technology, as the name suggests, works by splitting and encrypting information across multiple parties in order to perform data analysis.

Each individual piece of this distributed database is useless on its own, but usable in conjunction. This allows for multiple parties to share confidential data, encrypting and merging it in order to perform complex analysis, while at the same time never actually disclosing the contents of individual data-sets.

This seemingly impossible task is achieved through a clever use of encrypted secret sharing, allowing for the creation of strict data policies on a distributed database, guaranteeing strong privacy but at the same time flexibility for authorized analysts.

Merging data from multiple health providers is obviously a hugely profitable endeavor, as the market for healthcare data is currently valued at over 20 Billion $ and projected to grow to 70 Billion USD by 2025.

MPC technology allows health service providers to pool their data without actually giving it away. By allowing hospitals to license use of their data instead of selling it, this technology would provide recurring, perpetual revenue for hospitals. By providing the opportunity to license and pool third-party data on a one-off basis, the advantage of big data analysis companies would be greatly reduced, and conversely smaller researchers would be empowered.

Privacy by design

MPC technology is built with confidentiality in mind. The data is never actually shared with third parties. The data owner is always in charge, and the records never actually leave the licensor’s servers.

This is by far the safest approach for healthcare providers. In the past, companies who have sold or given data to third party companies have later found they had little or no control of who actually ended up seeing it. Companies can re-sell these assets to third parties with no need for authorization or notification to the original data owner.

The conservative approach to privacy applied in most European countries has so far mostly blocked this kind data marketplace from developing.

At, we believe technology should empower individuals, but also preserve their integrity and privacy.

We believe users shouldn’t have to worry about protecting their privacy, because privacy should be built in to systems.

This is why at we see great future in MPC and other encryption technologies, and approach systems with a privacy by design approach.