Access to healthcare data is critical for clinical AI development, but availability is hampered by lengthy contracting and medical ethics reviews to ensure data security, typically through data anonymization tools. BeeKeeperAI uses Microsoft Azure confidential computing to create secure data enclaves built on Intel Software Guard Extensions. Within these, encrypted AI computes against an encrypted dataset in the data steward’s HIPAA-compliant cloud environment. BeeKeeperAI’s Zero Trust platform now dramatically accelerates the healthcare AI development process by enabling sightless computing on secure, quality healthcare data compared to traditional methods.
“Microsoft creates the perfect intersection of a cloud platform trusted by the healthcare sector that has demonstrated its focus on security by delivering the smallest attack surface solution with Intel SGX and Zero Trust infrastructure.”
Mary Beth Chalk, Cofounder and Chief Commercial Officer, BeeKeeperAI
AI can benefit a wide variety of professionals across the healthcare sector, including researchers hoping to accelerate the pace of their work and doctors working in the operating theater. While AI has the potential to improve outcomes by 30 to 40 percent and cut treatment costs by as much as 50 percent, creating generalizable AI solutions typically takes 9 to 18 months to complete contracting and costs anywhere from $750,000 to $2.5 million per model. And, unless the data is for use in a clinical trial, an AI developer will typically be granted access to data that has been anonymized (i.e., de-identified), which introduces variation into the data that the AI solution will likely not experience when deployed into the clinical setting. It is therefore unsurprising that only a few handfuls of AI solutions have been granted FDA approval.
While working at the Center for Digital Health Innovation at the University of California, San Francisco (UCSF), Mary Beth Chalk and Bob Rogers, PhD, had the opportunity to work on what became one of the first FDA-cleared AI solutions on a medical device. To ensure generalizability, the solution needed to be validated across multiple datasets, including variable patient demographics, clinical histories, and clinical workflows. This sort of patient data is both extremely sensitive and highly sought after by would-be bad actors. “Getting access to datasets from other medical centers was extraordinarily difficult,” recalls Rogers, who is now the Cofounder and Chief Scientist at BeeKeeperAI. “What Mary Beth and I realized was that we were not facing a data sharing problem, but a problem of making it possible to compute on data in a secure manner.”
BeeKeeperAI—devised by Chalk and Rogers and the other cofounders of BeeKeeperAI, Michael Blum, MD, and Rachael Callcut, MD—establishes a Zero Trust confidential computing platform in which data stewards and algorithm developers can more securely work with one another to accelerate AI development and deployment. Within the platform, algorithm developers encrypt their models and place them in a container. The algorithm container is sent via Microsoft Azure confidential computing to the data steward’s Azure environment that maintains compliance with the Health Insurance Portability and Accountability Act (HIPAA). The data steward curates a set of data matching the algorithm developer’s data specification, encrypts the data, and places it in a secure node in their Azure environment.
The keys for the container with the encrypted algorithm and the secure node with the encrypted data facilitate the movement into a secure enclave where the algorithm computes against the data. The platform helps keep both the data and the AI algorithm model secure, helping to prevent unauthorized access at any point in the process. Data stewards maintain control of sensitive patient data, and AI intellectual property is not exposed to data providers.
To create the platform, BeeKeeperAI required access to the latest data security technologies like Intel Software Guard Extensions (Intel SGX) and Azure confidential computing. Using Azure confidential computing, users can utilize datasets without exposing data to other contributing organizations. They can also access insights and upload encrypted data to a virtual machine, where AI algorithms can confidentially work on datasets from multiple sources. “I had already become quite excited about Intel SGX during my time as Chief Data Scientist at Intel,” says Rogers. “Azure confidential computing is ideal for our purposes as it already supports Intel SGX. And thanks to Microsoft leadership, we can trust that Microsoft will continue making big investments in confidential computing for us and for other customers.”
Security-centered design
In creating BeeKeeperAI, Chalk and Rogers did their homework and examined the benefits of multiple cloud providers. Azure won out for a number of reasons. “Microsoft creates the perfect intersection of a cloud platform trusted by the healthcare sector that has demonstrated its focus on security by delivering the smallest attack surface solution with Intel SGX and Zero Trust infrastructure,” says Chalk, Cofounder and Chief Commercial Officer of BeeKeeperAI. “We really felt like Azure was the only possible candidate for our initial go-to-market.”
After adopting Azure confidential computing, BeeKeeperAI began reaching out to potential customers. “We didn’t know what percentage of health systems were using Azure,” recalls Rogers. “Since Microsoft Azure is a requirement for our solution, we were pleasantly surprised to discover that nearly every organization we talked to already had a PHI-compliant Azure platform in place or had plans to implement one.” Rogers credits this discovery to Azure development teams and their focus on creating security tooling that inspires confidence in healthcare systems administrators. “Azure has a proven track record of security and understanding how the healthcare sector needs to handle its data,” he adds.
Clearing the way for innovators
With its innovative Zero Trust platform, healthcare workflows, and a secure cloud infrastructure in place, BeeKeeperAI can deliver services ushering in a new era in the development of medical AI. In the current system, simply getting the contractual approval to access data from a single health system can take anywhere from six to 18 months. Healthcare AI developers need to approach multiple health data stewards throughout the process of assuring their product has attained generalizability, further extending development time frames. Add to that an Institutional Review Board approval process and the total process of accessing a single dataset can easily exceed two years.
“BeeKeeperAI restricts moving the data and takes additional measures to prevent human visibility of that data, so when you take data privacy and data security out of the contract, the contracts shrink, timetables become truncated, and what was once a two-year process becomes a three- to four-month process,” says Chalk. Due to the highly secure Zero Trust platform that prevents exposure of personal health information (PHI) at any point, one of BeeKeeperAI’s initial data steward organizations has decided to waive its Institutional Review Board process for all projects conducted on the BeeKeeperAI platform, removing what was once a three- to nine-month process. “With BeeKeeperAI, healthcare AI developers can reduce their go-to-market times by at least a year, if not 18 months,” adds Chalk.
For healthcare research into exceedingly rare medical conditions, or those with patient data that cannot be de-identified, the benefits are even greater. “If there are only 200 patients in the world that have a rare and difficult-to-detect disease, AI can be an incredible aid in detection, diagnosis, personalized treatment, and disease prediction,” says Chalk. “Faster diagnoses, especially in cases like rare disease, could mean getting patients the right treatment at the right time to improve wellbeing and potentially save lives.”
Enabling collaboration
Data stewards also benefit. “It’s very difficult in this environment of cyberattacks on healthcare data to advance the mission of innovation through data sharing,” says Chalk. “The old paradigm of granting direct access to institutional data increases risk. What we’re doing with BeeKeeperAI fundamentally enables data stewards to return to their mission of advancing clinical and scientific innovation with the smallest attack surface available on the market.”
The question of proving data veracity can easily arise in a system where no human access to patient data can be granted. For this reason, BeeKeeperAI works with data stewards to create synthetic datasets. These datasets contain no actual patient data, but do provide average statistical distributions across multiple fields. If these fields match up with the expectations of healthcare AI developers, they can expect their AI to provide accurate results when presented with the real patient data while computing in the secure enclave.
The right technology at the right time
Chalk and Rogers both believe that BeeKeeperAI is not only a technology whose time has come, but one that could only have been developed recently. “The solution that BeeKeeperAI is offering would not be possible without Intel and Microsoft and the unique intersection of their technical capabilities,” says Chalk. “The longstanding collaboration between these two companies ensures that we can exist, grow, and move forward.”
Chalk also credits Microsoft with providing the technical support BeeKeeperAI has required to bring its products to market. “Microsoft supported BeeKeeperAI as a concept very early on and, thanks to our collaborative relationship, was instrumental in bringing us to market quicker than we could have on our own,” she notes. “I’m pleased to announce that BeeKeeperAI may now be accessed through Azure Marketplace.”
Chalk notes that there is a lot of growth potential on the table for BeeKeeperAI. “As BeeKeeperAI grows and extends our capabilities to the full life cycle of AI development and deployment, including post-market monitoring, we know that Microsoft and Intel technologies will continue to be very valuable to our operations,” she adds. These operations may eventually extend to sectors beyond healthcare too, as any industry where the sharing of sensitive data is regulated could benefit from advancements in innovation without the need to cede control of proprietary data.
Find out more about BeeKeeperAI on YouTube and LinkedIn.
“The solution that BeeKeeperAI is offering would not be possible without Intel and Microsoft and the unique intersection of their technical capabilities.”
Mary Beth Chalk, Cofounder and Chief Commercial Officer, BeeKeeperAI
Follow Microsoft