A Privacy-Preserving Framework for Conducting Genome-Wide Association Studies Over Outsourced Patient Data

Due to the sheer volume of data, data owners (e.g., hospitals or other data collectors) tend to outsource their data to cloud service providers (CSPs) for the purpose of storage and analytics. However, privacy concerns about genomic and phenotype data significantly limit the data owners' choice. In this work, we propose the first solution, to the best of our knowledge, that allows a CSP to perform efficient and privacy-preserving search and analysis over encrypted genomic and phenotype data that is multi-tenant, i.e., owned by multiple hospitals. We first propose an encryption mechanism for phenotype data, where each data owner is allowed to encrypt its data with a unique secret key. Moreover, the ciphertext supports privacy-preserving search and, consequently, enables the identification of the case and control groups for a genome-wide association study (GWAS) without any privacy violations. Furthermore, we provide a per-query based authorization mechanism for a client to access and operate on the data stored at the CSP. Additionally, we apply multi-key fully homomorphic encryption to encrypt genomic data and show how to compute GWAS statistics (e.g., chi-square distribution test) over the ciphertext of individuals in the identified case and control groups. Thus, for the first time, the proposed scheme provides privacy-preserving computation for the entire GWAS pipeline. Finally, we implement the proposed scheme and run experiments over a real-life genomic dataset to show its effectiveness. The result shows that the proposed solution is capable to efficiently identify the case/control groups and subsequently conduct GWAS on the identified case/control groups.

Automated summary

Due to the privacy concerns of genomic and phenotype data, data owners often outsource their data to cloud service providers (CSPs) for storage and analysis. In this work, we propose a solution that enables privacy-preserving search and analysis over encrypted genomic and phenotype data owned by multiple hospitals. We introduce encryption mechanisms for phenotype data and multi-key fully homomorphic encryption for genomic data, allowing efficient identification of case/control groups and computation of GWAS statistics without privacy violations.