The Problem

The need to protect sensitive data in healthcare from unauthorized access has never been greater. Sensitive data in healthcare can include patient data like protected health information (PHI), stored data such as medical and payment records, payer and provider employee data, and data related to wired and wireless IoT (Internet of Things) medical devices which are ubiquitous in healthcare environments. Healthcare privacy regulations like HIPAA (Health Insurance Portability and Accountability Act) are making the protection of electronic health records (EHR) mandatory. Current data management systems make the administration of access control very cumbersome and error-prone.

The PHEMI Solution

PHEMI helps data curators perform consistent data de-identification and measure the risk of re-identification. The system accelerates accessibility to data and innovation while complying with complex access control policies. It enables compliant data sharing inside and outside of the organization by implementing fined grained access controls and policy-based de-identification.

Healthcare Opportunities

  • Improve internal processes and develop new products
  • Providers: Cost reduction, precision medicine; researchers: translational research
  • Pharma: Find targeted candidates, design more successful clinical trials and improved post-market follow-up
  • Payers: Develop sustainable business models, expand into wellness management, develop API platforms
  • Patients: Support fitness and preventive self-care

De-Identification & Privacy Management Use Case

  • PHEMI comes with an extendable library of de-identification functions that are applied consistently at derive time
  • Derivation is the process of converting original data into an analytics-ready state.
  • Once set up the derivation process will apply de-identification to personal identifiers, dates, numbers, zip codes, etc
  • If dataset must be shared it can be processed to remove records that cannot be de-identified to meet risk threshold
  • All data is classified with organization’s data classification policy and an Attribute-Based Access Control mechanism (ABAC) ensures every user will see a version of data they have authorization for