The healthcare industry still has a long way to go as far as patient privacy is concerned. The Federal Trade Commission’s (FTC) has recently warned that health tech companies are not actually de-identifying patient data as they should be or as they claim they are. The commission plans to up its game, increasing scrutiny of data transactions that violate consumer consent and handing out hefty fines to organizations that fail to meet patient privacy standards.
In this blog, we dive into the big question – how can medical data be shared to benefit patients and improve care without compromising patient privacy? How can health stakeholders do their job, without walking on eggshells and constantly worrying about being fined or sued? To answer this question, we take a look at the crucial component that’s missing from most privacy protection strategies today.
Why Anonymization isn’t Enough
As things currently stand, privacy protection in healthcare is focused on minimizing the risk of data exposure. To that end, medical records are de-identified and only then shared across stakeholders. However, little to no effort is put into ensuring that de-identified data remains protected after it is shared.
This is essential because even when companies have the best intentions at heart and data is anonymized properly, medical records can often still be re-identified. It is possible to reverse engineer a person’s identity from anonymized datasets. This is not only maddeningly frustrating, but deeply troubling and calls for immediate action.
Sharing Medical Data is a Scary Business
The bottom line is that health tech companies are treading on dangerous ground. With every data transaction, monetary and reputational damage may be waiting just around the corner.
So how can companies protect patient data and do their job at the same time? How can our digital health developers make a positive impact in the world without constantly worrying about data privacy every step of the way? The answer lies in taking a proactive approach.
Taking a Proactive Approach
Having excellent de-identification mechanisms in place is no doubt a crucial component in privacy protection, but it is far from enough. The truth is that preventing patient identity from being exposed requires being proactive.
Backed by deep expertise in managing identity and securing information, Briya helps health and health tech organizations be confident that they are not only caring for patients’ health, but actively caring for their privacy as well. As opposed to other solutions, we don’t release massive datasets into the world, leaving them vulnerable to de-identification. Our decentralized architecture retrieves the minimal number of records needed in real time, transferring them safely and directly to the recipient’s research environment. In addition, we use three layers of de-identification, coupled with smart contracts that automatically enforce regulations, patient consent, and contractual agreements.
Introducing Briya’s Three Layers of De-identification
Briya goes one step further to ensure top notch privacy and security. Our three layers of de-identification are designed to fully protect patient identity. Let’s take a closer look at each of the layers.
The first layer, classic de-identification. removes all patient health identifiers from the data. On top of this, the second layer removes all other patient identifiers using smart context-aware algorithms. This includes cross-field analysis that checks whether different bits of information can be pieced together to reveal patient identity. This layer also scans free-text fields (such as doctor notes) to remove any other identifiers that may have fallen below the radar.
But the most exciting and unique functionality lies in the third layer – our proprietary active re-identification prevention feature. The algorithm, borrowed from the fraud detection industry, prevents any intentional or unintentional attempts to uncover patient identity. It detects suspicious patterns of queries (attempting to retrieve medical data) and block any data transaction that could potentially expose a patient’s identity.
Briya is the only solution that tackles the problem of data re-identification head on, so its partners can share data without worry and sleep easy at night.
Did I agree to that? Ensuring Patient Consent
The FTC didn’t just shine a light on the industry’s insufficient anonymization techniques. It also alerted to the fact that medical data is often used and sold against patients’ consent. This is why Briya also developed an elegant and automatic mechanism that ensures the data exchanged is completely in line with the patient’s wishes.
In addition to anonymization, our platform ensures that each data transaction is 100% compliant. Our blockchain-powered platform is equipped with built-in smart contracts that auto-enforce patient consent, as well as regulations (such as HIPAA and GDPR) and DUA contracts.
A Final Note About Us
At the heart of it, Briya was created so that companies in the healthcare industry can focus on their core value proposition and continue to provide great and secure services to their patients. We lay down the pipeline that allows organizations to share data ten times faster than before. But beyond speed and efficiency, we also grant our customers peace of mind. Our proactive approach to de-identification and our smart contracts ensure that patient privacy is fully protected, regulations are upheld and organizations like the FTC will have no choice but to fine someone else.