On January 28, the annual Dutch Privacy Awards will be presented during the National Privacy Conference organized by ECP and Privacy First. These awards provide a platform for organizations that view privacy as an opportunity to distinguish themselves positively and that demonstrate how to do business and innovate in a privacy-friendly manner. Meet one of the nominees below: UMC Utrecht in collaboration with Roseman Labs and their NSK data workshop.
The NSK (National Child Abuse Reporting Tool) data workshop is a privacy-by-design data infrastructure that makes it possible to identify patterns of child abuse without sensitive patient data becoming visible or traceable. Hospitals can learn from their data collectively and thus improve their care processes, while all data is processed exclusively in encrypted form using advanced cryptographic techniques provided by Roseman Labs.
This solves a fundamental privacy problem: the tension between the need to improve care and make a social impact, and the obligation to fully protect the privacy of vulnerable children and families. The data workshop guarantees purpose limitation, consent, and full control for participating institutions, making privacy not an obstacle but a prerequisite for cooperation.
The reason for this was the urgent social need to recognize signs of child abuse earlier and more reliably. Although hospitals have valuable data at their disposal, sharing and jointly analyzing this data proved virtually impossible in practice due to the reluctance of centers to do so because of privacy legislation and ethical objections.
Child abuse is a major social problem: every year, 90,000–120,000 children are victims, with lifelong consequences and an estimated social cost of €25 billion per year.
At the same time, there was a growing awareness that existing solutions were either too risky from a privacy perspective or insufficiently scalable. This led to the development of the NSK data workshop: a solution that demonstrates that high-quality data analysis and maximum privacy protection can go hand in hand.
The NSK data workshop has demonstrated that data-driven healthcare improvement is possible without compromising privacy. Hospitals can now conduct joint analyses and develop insights that contribute to better detection and prevention of child abuse.
In addition, the project has increased confidence in secure data exchange within the healthcare sector. The successful connection to existing research environments shows that this approach is practical and reproducible. This makes the NSK data workshop a model project for other healthcare domains.
"A major challenge was developing a solution that not only works well technically, but is also legally sound and ethically responsible. This required close collaboration between different disciplines, such as healthcare professionals, lawyers, privacy experts, and technology partners. By working together from the outset, we were able to take everyone's perspective into account and develop a solution that fits in with everyday practice.
We have learned that privacy protection is most effective when it is an integral part of the design from the outset. Thanks to Roseman Labs' cryptographic technology, it has proven possible to perform valuable and in-depth analyses without ever revealing traceable personal data. Roseman Labs uses Multi-Party Computation (MPC) technology, which keeps sensitive patient data encrypted during processing. This gave us the confidence that data use and privacy protection do not have to be mutually exclusive, but can actually reinforce each other.
Just as important as the technology was the way we worked together. The data workshop was developed specifically from the workplace: by and for healthcare professionals who work with the NSK on a daily basis. Consistency and determination in that collaboration proved crucial to continuing to make progress. We met monthly for 30 minutes in fixed, multidisciplinary consultations, in which pediatricians and child abuse and domestic violence officers, together with data specialists from the participating centers and Roseman Labs, made agreements and tested choices in practice.
To make it feasible for all participating centers, we also developed a uniform plan that could be used by every hospital. This included a joint approach to governance and privacy, including a sample DPIA. This allowed centers to move through their internal procedures more quickly and consistently, without having to reinvent the wheel each time. This combination of practical involvement, clear frameworks, and sustained collaboration has ensured that the solution is not only secure and innovative, but also truly feasible in healthcare practice.
The ambition is to further scale up the NSK data workshop and make the approach widely applicable. First of all, we want to get more hospitals to join the NSK data workshop, thereby creating national insight. We can learn a lot from the differences and similarities we see between hospitals. But it is also important to know what happens to the concerns of medical professionals when, for example, a report is made to Veilig Thuis (Safe Home). Was there indeed child abuse, and were the signs interpreted correctly in the hospital? And how was safety restored within the family? Because the solution is modular and scalable, other healthcare institutions can set up similar data workshops within a few months, and we hope to connect them to the NSK data workshop in the near future so that the care and support surrounding suspected child abuse becomes clear and we know where we can further improve the process.
In addition, the approach fits seamlessly with the vision of Health Data Space Utrecht (HDSU), as a regional hub within Health-RI, and the European Health Data Space (EHDS).
In the future, the NSK data workshop can contribute to secure, cross-border collaboration and thus further increase its social impact. The project demonstrates that privacy protection is not only necessary, but can actually accelerate innovation and trust.
