A comprehensive tool for creating and evaluating privacy-preserving biomedical prediction models

Johanna Eicher; Raffael Bild; Helmut Spengler; Klaus A Kuhn; Fabian Prasser

doi:10.1186/s12911-020-1041-3

A comprehensive tool for creating and evaluating privacy-preserving biomedical prediction models

BMC Med Inform Decis Mak. 2020 Feb 11;20(1):29. doi: 10.1186/s12911-020-1041-3.

Authors

Johanna Eicher¹, Raffael Bild², Helmut Spengler², Klaus A Kuhn², Fabian Prasser^{3

4}

Affiliations

¹ School of Medicine, Technical University of Munich, Ismaninger Str. 22, Munich, 81675, Germany. johanna.eicher@tum.de.
² School of Medicine, Technical University of Munich, Ismaninger Str. 22, Munich, 81675, Germany.
³ Berlin Institute of Health (BIH), Anna-Louisa-Karsch-Straße 2, Berlin, 10178, Germany.
⁴ Charité - Universitätsmedizin Berlin, Charitéplatz 1, Berlin, 10117, Germany.

Abstract

Background: Modern data driven medical research promises to provide new insights into the development and course of disease and to enable novel methods of clinical decision support. To realize this, machine learning models can be trained to make predictions from clinical, paraclinical and biomolecular data. In this process, privacy protection and regulatory requirements need careful consideration, as the resulting models may leak sensitive personal information. To counter this threat, a wide range of methods for integrating machine learning with formal methods of privacy protection have been proposed. However, there is a significant lack of practical tools to create and evaluate such privacy-preserving models. In this software article, we report on our ongoing efforts to bridge this gap.

Results: We have extended the well-known ARX anonymization tool for biomedical data with machine learning techniques to support the creation of privacy-preserving prediction models. Our methods are particularly well suited for applications in biomedicine, as they preserve the truthfulness of data (e.g. no noise is added) and they are intuitive and relatively easy to explain to non-experts. Moreover, our implementation is highly versatile, as it supports binomial and multinomial target variables, different types of prediction models and a wide range of privacy protection techniques. All methods have been integrated into a sound framework that supports the creation, evaluation and refinement of models through intuitive graphical user interfaces. To demonstrate the broad applicability of our solution, we present three case studies in which we created and evaluated different types of privacy-preserving prediction models for breast cancer diagnosis, diagnosis of acute inflammation of the urinary system and prediction of the contraceptive method used by women. In this process, we also used a wide range of different privacy models (k-anonymity, differential privacy and a game-theoretic approach) as well as different data transformation techniques.

Conclusions: With the tool presented in this article, accurate prediction models can be created that preserve the privacy of individuals represented in the training set in a variety of threat scenarios. Our implementation is available as open source software.

Keywords: Biomedical data; Classification; Data anonymization; Machine learning; Prediction models; Privacy protection.

MeSH terms

Biomedical Research
Confidentiality*
Data Anonymization*
Decision Support Systems, Clinical*
Humans
Machine Learning
Models, Statistical*
ROC Curve
Reproducibility of Results
Software*