Re-use of patients’ health records can provide tremendous benefits for clinical research. One of the first essential steps for many research studies, such as clinical trials or population health studies, is to effectively identify, from electronic health record systems, groups of well-characterized patients who meet specific inclusion and exclusion criteria. This procedure is called cohort exploration. Yet, when researchers need to compile specific cohorts of patients, privacy issues represent one of the major obstacles to accessing the data, especially when sensitive/identifying data, such as genomic data, are involved. Because of this, cohort exploration canbeextremelydifficultandtime-consuming.InthisjointpaperbetweentheE ́colePolytechniqueFe ́de ́raledeLausanne(EPFL)and the Lausanne University Hospital (CHUV), we address the challenge of designing and deploying in a real operational setting an efficient privacy-preserving explorer for genetic cohorts. Our solution is built on top of i2b2 (Informatics for Integrating Biology and the Bedside), the state-of-the-art open-source framework for clinical cohorts exploration, and leverages cutting-edge privacy-enhancing technologies (PETs) such as homomorphic encryption and differential privacy. Solutions involving homomorphic encryption are often believed to be costly and still immature for use in operational environments. Here, we show that, contrary to these assumptions, this kind of PETs can be very efficient enablers, at least for specific use cases. Indeed, the proposed solution outperforms the state-of-the-art by enabling a researcher to securely explore 3,000 genetic variants over a cohort of 5,000 individuals in less than 5 seconds with commodity hardware. To the best of our knowledge, this is the first privacy-preserving solution to be successfully deployed and tested in a real operational environment within a hospital, more specifically, as one of the services of the clinical research data-warehouse of CHUV.
