Large amounts of healthcare data is generated yet goes unused due to privacy concerns. To address this, data privacy firm TripleBlind has created Blind De-identification, a new approach that allows healthcare organisations to use patient data while eliminating the possibility of the user learning anything about the patient’s identity.
We asked Riddhiman Das, co-founder and CEO to tell us more about data de-identification.
Why is data de-identification important in healthcare?
Blind De-identification allows every attribute of any given dataset to be used, even at an individual level, while being compliant to privacy laws, rules, and regulations by default.
Governments around the world are adopting global data privacy and residency laws like GDPR, which prohibit citizens’ personally identifiable information data from leaving the borders of the country. While great for data protection, data residency laws result in global silos of inaccessible data. TripleBlind allows computations to be done on enterprise-wise global data, while enforcing data residency regulations.
In the US, HIPAA compliance has relied on what is called the Safe Harbor method, which requires removing 18 types of personal patient identifiers like names, email addresses, and medical record numbers. The Safe Harbor method can be too restrictive with the data or can leave too many indirect identifiers, which puts the patient data security at risk. Getting de-identification wrong could make an organisation liable for a costly mistake.
What does TripleBlind's solution do?
With TripleBlind, data is legally de-identified in real time with practically 0% probability of re-identification. Our solution allows analytics on data containing personally identifiable information and protected health information with zero possibility of re-identifying an individual from the dataset. This allows healthcare organisations to access more meaningful data, creating more accurate and less biased results.
For example, a healthcare drug researcher in a rural, predominantly white area, would only have patient data that would reflect their local population. With TripleBlind’s de-identification, they could more easily leverage third-party data from another healthcare facility in a more diverse region, creating a more complete data set that more accurately reflects the larger population. This has the possibility to create more accurate diagnoses and better drug results for more diverse populations.
How can healthcare organisations use this in practice?
TripleBlind is blind to all data and algorithms. That means we never take possession of customer data. We only route traffic between entities, enforce permissions, and provide audit trails. The enterprise’s data remains under their control. TripleBlind does not host, copy or control their data, algorithms or other information assets, ever.
We facilitate a connection to an encrypted version of their information assets. Our technology allows the algorithms and data to interact in an encrypted space that only exists for the duration of the operation. Organisations use their existing infrastructure, so it’s not hardware dependent.