 Okay 1121, I guess we can get started Awesome. Well, hello everyone. Good morning. Good afternoon. Good evening wherever you are in the world Thank you for joining our talk today My name is Andrew Weiss. I'm the lead architect working with the University of Maryland Baltimore County in partnership with software And I want to introduce you to Bruno as well Hi, everyone. I'm Bruno Avalam research scientist at Intel Labs So thanks Bruno So today, of course, we want to talk about how we're bringing trust and privacy preserving smart contracts to clinical trials in health care We'll just jump right into it. Bruno if you want to go to the next slide So clinical trials today really are the six are critical to the success of new treatments For novel vaccines drugs medical devices and many more Many of you may be familiar with Clinical trials as they pertain to discovery of new vaccines related to COVID-19 over the pandemic in the last year I'm really they're designed to facilitate research and grab and gather crucial information For answering questions around efficacy safety and so forth trials can be sponsored by various organizations from chemical companies and other health care entities But they can really only be initiated after they've been approved by an applicable authority or committee such as that Institutional review board And if you've participated in clinical trial, maybe as a patient You'll be aware of the fact that you have to give consent to actually participate in that trial or inform consent And that's for the disclosure of your data or agreeing to the trial parameters from a safety perspective and when you Release consent for the clinical trial. You're then you're going to be working with Clinicians and researchers working alongside those clinicians and other experimenters that are going to be collecting data From that clinical trial to conduct research and experiments And typically those researchers are going to come from different hospital networks or networks of universities and so forth What if you want to go next slide? So to dig into this a little bit more detail I mentioned earlier you have this notion of an institutional review board or IRB These IRBs can be local to the participating institutions or entities that are facilitating the clinical trial the IRB ultimately defines illegal parameters For the trial itself and ultimately scrutinizes the trial for safety And within the trial you're going to have investigators In different types of investigators that are responsible for conducting the studies according to the study protocol and Conveying to the potential participants the risk and potential benefits of actually participating in the trial And what's super important in this as I mentioned earlier is that any researchers or individuals collecting information from these patients Must obtain the full and informed consent of these individuals in order for their data to be disclosed and the experiments to take place Ultimately here, of course regulatory bodies and regulations and processes to take the flow of these clinical trials and Regulatory bodies such as here in the US the US Food and Drug Administration Ultimately set the standards to which these trials have to be compliant in any point in time these trials can be automated And furthermore you're going to potentially have multiple Institutions that are involved in the trial Maybe you have multiple universities or multiple entities that are interested in gathering the information from the trial And collecting information from their participating subjects So trials have very in-depth parameters assigned to them are time-consuming potentially costly And ultimately have to abide by a number of controls Within each organization in institution So ultimately at the end of the day really safety is key and paramount to clinical trials And it's really a shared responsibility between the sponsoring entity the investigators the institutional reports and in many cases the regulatory authorities such as the FDA for which These drugs devices and other components are being sold you go to the next slide Bruno But of course related to clinical trials. There really are a number of challenges that we discovered In working with the University of Maryland Baltimore County in that many clinical trials succumb to considerable time and cost and these costs on average in the US at least range from 1.5 million to face one clinical trials separate of 60 million in phase three clinical trials and Oftentimes these trials span multiple years in terms of data collection And so forth And when it comes to costs a lot of these costs are spent on antiquated IT And antiquated technologies that are associated with centralized systems And these are all managed by the entities individually and separate from one another Furthermore data collection of course is key but being able to share that data and manage that data securely in a privacy-preserving fashion without compromising these assets or Is very difficult in a multi-site clinical trial With the centralized systems, you know, unless you give these other institutions access to those systems And there's parameters that get that access. It's very difficult to share that data and then of course compliance makes this even more challenging in terms of adhering to the critical security controls that are enforced within these systems today You go to the next slide other challenges Related to the actual conform consenting process for patients themselves While patients are signing a document Allowing for their data to be shared in the clinical trial These documents are merely point-in-time documents whether they're paper-based or electronic-based And oftentimes the document text is very high-level and doesn't allow for the granularity that you could potentially allow for Such as being able to control which data fields and which elements and patient information is being shared in that trial There's also a limited audit capability within a multi-site trial So it's difficult for multiple parties to audit consents And like I said earlier the systems very centralized on the consensors stored in the electronical medical records That are managed by those local systems And there's a lot of incumbent technologies that have around for quite some times such as the research electronic data capture or red cap system and others and Then related to cyber security, of course, which is top of mind for everyone. There's limited traceability in terms of the document signature chain The next library So here at UMBC We've done a lot of research into this space and we've developed blockchain technology on top of the hyperledger ecosystem And like I said, this is based on extensive research into clinical trials and medical data exchange And in partnership with the university founded startup software, which is founded owned and operated by university faculty software licenses technology from the university and patents from the university To develop innovative blockchain based solutions in the realm of health care the next slide And so based on all of this research and working jointly with IBM Intel We've come up with a proposal for addressing the challenges highlighted in clinical trials that I mentioned earlier And this approach is really rooted in a transparent trust network built on the hyperledger fabric and fabric private chain code technologies And collectively they facilitate the flow of the informed consent process and the analysis of collected data without compromising patient privacy and data integrity This approach really gives subjects more control over the consenting process and the granularity to which they're willing to share Their information and enables ultimately more secure multi-party information sharing All powered by the intrinsic properties of distributed ledger technology and the blockchain At its core you go the next slide Bruno So the sequence flow is as such at a high level Let's you have let's say you have Tom who's with a sponsoring entity that's looking to start a new study Tom is going to put together the requisite study materials and consent proposal templates All of that is committed on the blockchain as separate transactions Tom will send that to approval Or for approval to the IRB The institutional review review board will review that Approve that and of course that approval is then committed to the blockchain I and all of the participating Organizations or sites that are participants on this network will be notified of this And thus they can verify the approval documents under their own processes While still working in an automated in an agile fashion The participating subjects or patients can then receive digital consenting forms which are backed and tied to The blockchain itself and instead of being pointed time documents It's effectively an overlay on top of a consent document that provides information from the underlying blockchain Such as the time at which they're signing and what exactly they're sharing which gives patients more control over Whether they want to allow or revoke consent at a given time and that information can be shared to all of the Institutions participating in the network, but in a privacy preserving way, which Bruno will talk about here shortly and Of course using the intrinsic properties of the blockchain behind the scenes thus making it easier for patients to participate in the clinical trial And bringing them into the 21st century in terms of e-consents in healthcare clinical trial processes The next slide Okay, so want to turn over to Bruno to talk a little bit more about the underlying technology That we've been working through Yeah, so thanks Andrew So summarizing what Andrew said these clinical trials have a set of requirements for example Whatever framework solution you you come up with It should support The cooperation of multiple institutions It should support regulatory compliance in the several forms of data access control and protection Now we acknowledge that With the hyperledger fabric you can achieve basically all of them since hyperledger fabric or similar frameworks would provide Trust decentralization for letting multiple institutions cooperate. It still allows to audit operations that are performed on the on the blockchain and it has several it has some means for identity management and data protection now a Question that comes up is By using a framework like this. Do we make any progress on on privacy? for the subjects that are involved now to answer this question it's useful to look at the scenario before and after using this framework now before the subjects used to give consent to the to the IRB or to the institutions managing the trial and then they would provide the data to Experimenters and investigators therefore they would have to completely trust that these investigators would do the right thing and always follow the Protocol approved for the trial now Using a framework like fabric. Well, we cannot make the Consent form gathering and the approval of trials, but still the data would be sent directly to investigators and and experimenters so the subjects would have to Fully trust them that they follow the broad the protocols so Many things have changed we have several means for auditing data but in the end the problem was transformed to a digital problem for the subject now we have a solution to This privacy issues and that involves the use of Fabric per a chain code now we introduced FPC last year at the Appalachic global forum So we'll just give a brief overview of of this framework. It essentially extends hyperledger fabric by providing confidentiality for For chain codes. So what happens is that FPC wraps the fabric chain code or smart contract Inside an an Intel SGX enclave that takes care of protecting the confidentiality and integrity of the code and data That constitute the chain code now the Intel SGX enclave is Essentially a set of instructions available on the processor that allows you to create a trusted execution environment and the processor will take care of Encrypting any data that belongs to this process in memory Thereby completely isolating that from any other application running on the platform for example the operating system the app advisor and Even any administrator of the platform itself so with this mechanism, we're able to Isolate the chain code from the peer component and the organization that owns this peer component in fabric and the chain code is able to preserve some Keep some secrets also among the secrets. We can have some cryptographic keys which we use for example to Encrypt key value pairs or data that is stored on the ledger and that you would be public therefore FPC still works as fabric does but any data that you will see on the ledger will be stored in encrypted form now another question that comes up is that okay, how can the clients Communicate with this chain code making sure that they can preserve The confidentiality of their data right when they send it to the chain code Well, the answer is pretty simple and it's by using hardware-based attestation These is essentially digital signature computed by the hardware itself Which will describe what is running inside them inside an enclave in this case that the right chain code is running in a genuine enclave and The client will be able to verify together with the hardware manufacturer that that indeed a legitimate signature and The chain code is running in a legitimate enclave. So by using this we're able to protect the subject data from peers organization and clients and Additionally, we're able to program enclaves so that the data can be released according to pre-established policies and these policies could be implemented for example by the institutions that run the trial so by Plugging this FPC chain code inside them inside the Solution involving blockchain. This is how the trust the relationships are or would change Now I've already introduced the parties involved and here you can see the trial approval a chain code that supposed to be the regular chain code on the hyperlager fabric that Andrew described before before any solution and that's where The blockchain it will take care of gathering and recording the consent from users as well as any approved trials now with the FPC chain code in the middle then The the subjects would not provide the data directly to investigators and experimenters But rather to the FPC chain code itself because it's able to Preserve the confidentiality of the subject data at the same time Before we had that the IRB of the institution would delegate Would give full trust to the investigator to conduct the study and investigator would be responsible in this case well The investigator will keep the responsibility to run the study, but there be could Basically delegate part of the compliance To the FPC chain code to make sure that the subject data is Handled according to the policies approved in the study so what would happen in this case is that the Investigator would not be able to delegate directly the experimenter to do something because experimenter now or the investigator They don't have access to the subject data instead. They all have to go through the FPC chain code in order to Perform the required approvals and get the data for the experiments So the investigator would delegate any tasks Through the FPC chain code the FPC chain code could check that the trial is approved that that the investigator gave approvals for specific specific experiment and If the experimenter belongs to the right institution and is using the right tools for example here We have an experiment application inside another SGX enclave then the FPC chain code would Approve the release of this data just for the execution of that experiment without ever releasing the data to the experimenter and Only allowing the experimenter to see the final result of the of the experiment itself Okay so we produce the demo to showcase this new This new architecture and this excuse me Bruno. I'm sorry to interrupt The is everyone seeing the same slide or are you advancing slides? I? Am now in the demo slide okay is Yep, so I can see the correct side. Yep. Okay, okay I'm not sure if there was a challenge with some people seeing the same slide, but okay I'm sorry for interrupting go ahead Okay, so I was saying we we prepared this demo and That has this architecture again, you know the part is involved here and in the fabric network essentially there are Two chain codes the regular one that takes care of consent and trial approval and the FPC chain code which will take care of managing the policies related to Data protection and released for for that trial Now to be clear the part related to Consent trial approval and so the regular chain code that belongs to the solution previously described by Andrew so we build on that, but this would not be part of of this demo Now we implemented all the rest and particularly these Data registration experiment approval in provisioning phases now it's worth noting that Some tricks that we used for particularly on the subject side is is that We don't Send entire data to the experiment approval chain code simply goes The data might be Large and it wouldn't be a good idea to Share that on the ledger although in encrypted form simple because there could be several parties participating and Maintaining the ledger so we would have a high degree of replication for Large amount of data so instead what we do here is we Let the subject Encrypt the data and upload that to an external storage service So we always preserve the confidentiality of the data and instead we register the Decryption key for that data To the experimental approval chain code After that the experimenter will take care of Of Submitting new experiments for for approval these experiments will be Reviewed and possibly approved by the investigator and only at that point When the right approvals have been Gathered in all the checks in the experiment approval chain code pass then that fpc chain code will take care of provisioning the external experimentation service Always through an encrypted channel to preserve the confidentiality of the subject data In that will allow the experimenter to To finally run the experiment of course, there is a one more step in this case in the sense that the data thing The experiment provisioning phase only involves decryption keys. So the experimentation service will Grab the encrypted data from the storage service Decrypt that and finally really run the experiment that would give the final result to the experimenter So an interesting thing compared to previous approaches here is that Is that the subject in the RB? They don't have to trust investigator and experimenters to To do the right thing and necessarily do audits Possibly to detect violations post facto, but rather we have real-time checks In the experimental approval service that makes sure that only the right actions are performed in order to maintain the confidentiality so Back to the demo so this is a joint work with several people again at UMBC and soft thread IBM and Intel was quite a bit undertake and Here we have a Short video of the demo the reason for the video the reason for the video and not the live demos because as you can see there are several parties involved in the orchestrating a demo with three or four parties and Eight to ten Web services would be quite difficult So here we have our effort demo the different parties Sorry about that Okay data provider experimenter investigator the data provider in this case is our Subject that has to provide the data for the experiment we have Some PDFs those are the patient data forms we will see those in detail to understand what kind of Sensitive data the patient is sending for the experiment we have Diagnose Python function This will be our data analytics that the experimenter wants to run over the subject data I don't sorry again, okay And one last thing on the right We have our console just to Log the actions of our Services out as they make progress, okay, so now looking in Okay, sorry again the play and stop doesn't work as expected unfortunately, okay So the patient data Is a normal PDF where the user would have to to fill this form with his own Data like the name birthday and so on and particularly would have to Answer some questions and these questions will be the sensitive data that will be used in the In the experiment, so it is crucial to preserve the confidentiality of that so going to the data provider or playing the As the data provider at this point we want to upload the field form patient one We select all the right field to say How we want to share that and we will upload it now the upload as I mentioned before will work in three steps the Subject will take care of encrypting the data first then it will register the decryption keys with the FPC chain code and Finally, it will upload the encrypted data to the external storage service at this point the data is ready and The experimenter now wants to run experiment on that data now It's worth noticing here that the experiment application is already available to the experiment It can already run that however the experimenter that does not have access to the subject data It's not authorized to have that so what it's doing here is to is submitting a new experiment for approval and here The experimenter says, okay. I want to use this Diagnose Python function. This is the implementation it uses a pie torch in this case and It will basically run machine learning classifier over the subject data to To get the probability for the patient to have the disease stated in the form, okay, so the experiment gets submitted to the FPC chain code and at this point the experimenter just has to wait for approval from the investigators in this case three investigators who are notified of the new experiment and They can go ahead and review that in reviewing that they can see is an experiment about presumptive diagnosis of nephritis of renal pearl v's origin and the additionally they can see all the description of the experiment including the Code that the experimenter wants to run after they Review that and they see that everything is fine particularly that it's not arbitrary code that that would Break the confidentiality of the subject data. They can go ahead verify approve and Finally send the approval to the FPC chain code Which will record that on the blockchain at this point one of three investigators has approved the experiment and For the policies that have been implemented. This is this is enough. So this experimenter is notified can see that the Experiment has been approved and now it's ready to First launch the instance of the experiment. So this is Again an application running in a in an sgx enclave so it can be verified by means of a At the station hardware based at the station by the fbc chain code and in particular it will have Public encryption key so that the fbc chain code can send the data or the decryption key in this case of the data in encrypted form Directly to the experiment application We're not starting to rub but we're almost out of time here. So I think want to open it up for maybe one question top See almost done sure really few seconds the sense that the experimenter carry on the experiment and Grab the final decision, which is the probability of the subject of having the disease so this concludes the demo and Yeah, we can take some questions at this point I don't know if you can load it Bruno that question is how do you deal with side channel attacks? Intel ancient sgx enclave have been shown to be vulnerable to those attacks Yes, correct So for now those those attacks are orthogonal so we We assume that there are Other defenses possible on the platform to deal with those in the case Enclaves are compromised. I just want to mention that these enclaves are registered on the blockchain so People parties involved can always verify the enclaves that are available and particularly the latest security TCB the trust computing base That they that they used so in the end they have to make a trust decision whether to trust that or not or whether to Ask for an upgrade awesome Well, thank you so much Bruno. Thank you so much to all of you that participated in today's session Really appreciate you taking the time out and hopefully this was valuable content Yeah, thank you everyone