Participation in patient support forums may put rare disease patient data at risk of re-identification
Rare disease patients often struggle to find both medical advice and emotional support for their diagnosis. Consequently, many rare disease patient support forums have appeared on hospital webpages, social media sites, and on rare disease foundation sites. However, we argue that engagement in these groups may pose a healthcare data privacy threat to many participants, since it makes a series of patient indirect identifiers ‘readily available’ in combination with rare disease conditions. This information produces a risk of re-identification because it may allow a motivated attacker to use the unique combination of a patient’s identifiers and disease condition to re-identify them in anonymized data.
To assess this risk of re-identification, patient direct and indirect identifiers were mined from patient support forums for 80 patients across eight rare diseases. This data mining consisted of scanning patient testimonials, social media sites, and public records for the collection of identifiers linked to a rare disease patient. The number of people in the United States that may share each patient’s combination of marital status, 3-digit ZIP code, age, and sex, as well as their rare disease condition, was then estimated, as such information is commonly found in health records which have undergone de-identification by HIPAA’s ‘Safe Harbor.’ The study showed that by these estimations, nearly 75% of patients could be at high risk for re-identification in healthcare datasets in which they appear, due to their unique combination of identifiers. Read more >>
Source: Orphanet Journal of Rare Diseases: https://ojrd.biomedcentral.com/articles/10.1186/s13023-020-01497-3
Authors: James Gow, Colin Moffatt, & Jamie Blackport of Mirador Analytics
DeepIntent Adtech Solution First To Meld Differential Privacy & Machine Learning To Reach Specific Patients In A Privacy-Safe Way
Marketing technology company, DeepIntent, today announced general availability of Patient Modeled Audiences. The patent-pending, end-to-end advertising solution is HIPAA-certified and is the first to effectively combine differential privacy and machine learning to reach specific patient populations in a privacy-safe way. The solution delivers timely and relevant health and treatment information to patients, a capability that's been particularly important during COVID-19.
Patient Modeled Audience's data-driven approach significantly improves advertisers' ability to reach clinically-relevant audiences—in fact, an independent thirty-day test of twelve adtech solutions* found that DeepIntent's audience quality scores were 25% higher than others in the group.
To date, healthcare organizations have been limited in the ways they can reach patients with specific diagnoses, often having to choose either accuracy (using opted-in consent-based patient targeting) or scale (using highly inefficient third-party data segments). Patient Modeled Audiences is the first adtech solution to deliver both by anonymizing healthcare data and extracting only the information needed to segment and reach specific patient audiences with speed and precision.
"Our clients are seeing unprecedented campaign performance, indicating that the right patients are receiving the information they need to make more informed decisions about their health," said DeepIntent Co-Founder and CEO, Chris Paquette. "It also proves that with Patient Modeled Audiences, marketers no longer need to choose between accuracy and scale. By combining emerging privacy technologies with machine learning built specifically for healthcare, DeepIntent closed this divide while mathematically guaranteeing HIPAA compliance."
DeepIntent has partnered with privacy experts, Mirador Analytics, to ensure the data employed in Patient Modelled Audiences meets the most stringent privacy measures.
Read Press Release >>
Source: PR Newswire
Life science companies combine to form COVID-19 research database
A consortium of leading healthcare companies today announced the launch of the COVID-19 Research Database, a secure repository of HIPAA-compliant, de-identified and limited patient-level data sets made available to public health and policy researchers to extract insights to help combat the COVID-19 pandemic.
The database is a pro bono, cross-industry collaboration. Collaborators include Advarra, Aetion, AnalyticsIQ, Arcadia.io, Berkeley Research Group, BHE, Change Healthcare, Datavant, Elsevier, Glooko, Health Care Cost Institute, Healthjump, Helix, Medidata (a Dassault Systèmes company), Mirador Analytics, Munich Re Life US, Office Ally, OMNY, Parexel, Prognos Health, QIAGEN, SAS, Snowflake, Sumitomo Dainippon Pharma, Symphony Health, Veradigm, and Verana Health.
Researchers and policymakers seeking to better understand the COVID-19 pandemic have faced challenges because data relevant for this research are hard to access, fragmented and limited in their ability to answer critical research questions. The COVID-19 Research Database contains HIPAA-compliant, de-identified and limited, longitudinal, patient-level data sets from a consortium of institutions and organizations. It comprises a large, diverse repository of real-world data, including medical claims, pharmacy claims, electronic health records, and demographic data. In addition to the underlying data, the repository integrates privacy-preserving patient linking technology and statistical certification, connecting data sources in a HIPAA-compliant manner to provide a more complete view of the patient journey. Researchers can access the COVID-19 Research Database via an analytic platform, enabling them to conduct large-scale studies while protecting patient privacy.
Read Press Release >>
Source: PRNewswire / Fierce Biotech
Swoop Granted Patent for Privacy-by-Design Data Processing Techniques
Swoop, a Cambridge-based health technology company, today announced they have been granted a patent for their privacy-safe sensitive data processing techniques. The patent leaves the organization uniquely positioned to ingest, manipulate and analyze sensitive data, such as health data, in a way that ensures the protection of the privacy of individuals while also ensuring the accuracy of its AI models and the positive impact they have on patient outcomes and healthcare costs.
This patent, and the core concept of Privacy by Design that it embraces, is a recognition that historical perspectives on privacy can and should evolve to embed privacy foundationally into an organizations' architectural DNA in the rapidly evolving privacy environment of today.
"Though HIPAA has had an enduring institutional legacy as a privacy law, we are seeing that, in today's dynamic ecosystem, the regulatory environment is rapidly evolving. GDPR, CCPA, and self-regulatory bodies like the NAI, are all reconciling what consumer and patient privacy looks like in the digital world," says Swoop co-founder and CTO Simeon Simeonov. "Our invention embodies the concept of Privacy by Design. Not only do we embrace privacy as the default state, but our patent outlines a de facto privacy architecture that maintains strict compliance as these and other new privacy regulations and self-regulatory best practices develop."
The patent, titled "High-Accuracy Data Processing and Machine Learning Techniques for Sensitive Data," enables systematic compliance with the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act (CCPA), the Network Advertising Initiative's 2020 Code of Conduct, and the General Data Protection Regulation (GDPR).
"We specialize in protecting the privacy of individuals by performing disclosure risk assessments on our clients' healthcare datasets," says Jamie Blackport, CEO and Co-Founder of Mirador Analytics, which handles Swoop's HIPAA compliance. "While working with Swoop to ensure HIPAA compliance, their commitment to developing systems with privacy in mind was clear and we have been impressed with the paramount importance they have placed on patient privacy."
Read Press Release >>
Source: PR Newswire
The importance of data privacy, transparency, and outlining use case
In recent years, the increase in both the amount and accessibility of data has given us power that can be used for good. There’s an opportunity for increased innovation, more relevant products, and a more efficient world, among a whole host of other things.
But increased power can be exploited, data can be used to influence people’s decisions or used to influence levels of control over individuals, and that can be scary for some. It can cause frustration in others.
Highlighted by media outlets, we see cases of misuse and exploitation of data by organisations which can overshadow the good that others are working towards by taking advantage of our ever-increasing access to data.
So, what can we do to help highlight the good that can come from using data?
We can be transparent.
Transparency can mitigate against doubt, which mitigates against fear, which avoids anger and confusion. And if organisations are still seeing fear, confusion, or anger from those whose data they are using or holding, then they need to either provide more understanding, or if that’s not feasible, evaluate their processes and decide if they need to do things differently.
Sometimes following current rules and guidelines can fall short of the protection, transparency, and privacy people expect of their data.
Governments, regulatory bodies, and other groups implement standards for the protection of data, use of data, and transparency of any use. But as the pace of innovation and change continues to increase, it can leave their guidance falling behind, not keeping up with the latest technology and data uses.
Because of this, organisations at the forefront of their fields can often be left with rules and guidance that are not wholly appropriate, with some rules no longer seeming to apply directly to their processes.
So what should organisations be doing about it?
Organisations should be putting data privacy, protection, and appropriate use at the forefront of their values when handling individuals’ data. People within organisations should think about their data processes and consider if they’d feel comfortable with what they’re doing if it was their own personal data, but more than that they should make sure that others understand and are comfortable with what they are doing.
Where they can, organisations should follow existing guidelines, where existing guidelines don’t align, organisations should help in shaping suitable guidelines that focus on the protection of peoples data. They should work with regulatory bodies and data subjects to help them understand what they are doing and get them up to speed in a fast-paced space.
But I think most importantly where guidance isn’t in place, organisations need to be transparent both in the data they are handling and in how they plan to use it.
Having the attitude of transparency and making sure people are comfortable with what you are doing versus storming ahead in uncertainty helps to mitigate against misuse of data and what could be interpreted as exploitation of data by some.
With clearer use cases and data pathways we can help to protect individuals’ right to privacy while still having data that we can use to innovate and help people. With better privacy, protection, and transparency of data we build better relationships and more trust with individuals, the same individuals that we are using that data to support.
Author: Jamie Gray
New Hub for Mirador Analytics' Insight Articles
The Mirador Analytics team are working to produce articles giving overviews and insights on health data privacy, HIPAA compliance, and HIPAA Expert Determination. We hope that the articles will give top-level insight into some of the areas we work in with our clients, giving people a better understanding.
As we create more articles this page will be used as an "Insight Hub", to store previous articles and upload new ones. At first the articles will be give a topline view, but as we write more we'll look to delve deeper into subject/service areas while still trying to keep things easy to understand.
As we build our hub, knowledge areas will increase and articles may be amended if new information becomes available. We'd be happy to take suggestions on areas that our audience would like to know more on, and happy to talk more to potential clients about doing work in these areas. If you want to get in touch then use the contact form to reach us.
We hope you enjoy reading, please check for updates as we release more.