What’s New: Leidos and Fortanix are using Intel® Software Guard Extension (Intel® SGX), a unique security technology of Intel® Xeon® processors, to help streamline and accelerate the clinical drug trial process. Leidos provides information technology services for a variety of industries, including life sciences. As clinical trials have become increasingly complex, building systems that can address privacy and security concerns are paramount for driving collaboration that can accelerate therapies to market.
“Collection and analysis of protected medical data is fraught with challenges, including the sensitivity of and distributed nature of the data across multiple healthcare entities and systems, which requires strong protections for patient privacy. Technology now gives us the tools to securely share private information between parties and create a collaborative, real-time clinical information system. By addressing security concerns at the hardware level, Intel SGX creates a trusted computing environment that helps ensure data integrity and privacy. This means information is shared and validated more quickly and securely — and needed therapies can more quickly be presented to those in need.”
–Chris Gough, general manager, Health and Life Sciences at Intel
How It Works: Intel SGX and the Fortanix Confidential Computing Manager provide the foundation for creating a distributed network of trusted computing environments. This enables Leidos to deliver services that facilitate the real-time sharing of critical data while meeting the stringent patient and industry compliance regulations.
Why It Matters: The ability to quickly and cost-effectively get new drugs to market and help ensure safety once there is one of healthcare’s greatest challenges. Real-world data (RWD) — including electronic health records — has the potential to increase the efficiency of the traditional drug development process and improve future clinical trial design. And increasing the body of knowledge around how to use RWD in clinical research can speed the adoption of these methods.
However, gathering RWD from hospitals, clinics and medical groups must be accomplished while preserving patient privacy and complying with HIPAA and other regulations. All queries, data, applications and results must be encrypted at rest, in motion and in use. This historically has been a huge technological challenge. However, Intel SGX enclaves, orchestrated using Fortanix Confidential Computing Manager, now enable Leidos to create a distributed trusted computing environment that meets all these requirements.
“Our team at Leidos understands the technological challenges associated with clinical information systems and the need to create trusted computing environments to securely share information,” said Erika Killian, FDA Portfolio director at Leidos. “Intel SGX gives us the hardware foundation needed to build an ecosystem of partners that can confidently share data privately and securely, while still meeting the stringent compliance regulations in the space. Given the size and scope of these sorts of trials, we’re also excited by the upcoming scalability and performance enhancements that will enable us to run larger amounts of data through SGX enclaves.”
How It’s Unique: At its core, Intel SGX is a set of instructions that increases the security of application code and data, giving them more protection from disclosure or modification. Developers can partition sensitive information into enclaves (or Trusted Execution Environments or TEEs), which are areas in memory on the processor that protect data while in use and only allow access by authorized code. The enclaves are isolated from the rest of the environment to ensure transmitted information is encrypted and can only be decoded once inside the enclave. Finally, applications running in these protected areas are verified and signed by data suppliers, which helps protect against malicious functions hidden in application code.
Leidos utilizes Intel SGX to create a centralized research portal where enclaves capture, encrypt and analyze data. Secure enclaves at RWD endpoints receive queries, verify policy approvals, gather data and return requests to the centralized portal. Using the Fortanix Self-Defending Key Management Service as a centralized key management system, with cryptographic keys also being protected within Intel SGX enclaves, requested clinical data is tokenized and remains encrypted at rest, in transit and in use.