Towards Compliant Data Management Systems for Healthcare ML

The increasing popularity of machine learning approaches and the rising awareness of data protection and data privacy presents an opportunity to build truly secure and trustworthy healthcare systems. Regulations such as GDPR and HIPAA present broad guidelines and frameworks, but the implementation can present technical challenges. Compliant data management systems require enforcement of a number of technical and administrative safeguards. While policies can be set for both safeguards there is limited availability to understand compliance in real time. Increasingly, machine learning practitioners are becoming aware of the importance of keeping track of sensitive data. With sensitivity over personally identifiable, health or commercially sensitive information there would be value in understanding assessment of the flow of data in a more dynamic fashion. We review how data flows within machine learning projects in healthcare from source to storage to use in training algorithms and beyond. Based on this, we design engineering specifications and solutions for versioning of data. Our objective is to design tools to detect and track sensitive data across machines and users across the life cycle of a project, prioritizing efficiency, consistency and ease of use. We build a prototype of the solution that demonstrates the difficulties in this domain. Together, these represent first efforts towards building a compliant data management system for healthcare machine learning projects.