Fear and loathing data monetization final

www.privacyanalytics.ca | [email protected]

251 Laurier Avenue, Suite 200Ottawa, Ontario, Canada K1P 5J6

WEBINAR: Fear and Loathing of Data Monetization

Considerations for Building a Business Case for

Data Monetization

© 2014 Privacy Analytics, Inc.

Presenters

Chris Wright, Vice President, Marketing and

Today’s Moderator, Privacy Analytics, Inc.

Dr. Khaled El Emam, CEO and founder of

Privacy Analytics, Inc.

Ann Waldo, Wittie, Letsche & Waldo, LLP, and

the Washington Health Strategies Group


Presenter

Chris Wright, Vice President, Marketing and

Today’s Moderator, Privacy Analytics, Inc.


1. Please be sure to mute your phones

2. We’ll have a Q&A after the webinar. Please craft your questions in the dialogue box you see to your right

3. And we’re giving away copies of our Risky Business Sharing Health Data While Protecting Privacy to the first 30 people that complete our survey:

Some Housecleaning

http://reportal.euro.confirmit.com/reportal/login.asp

x?PortalId=34258


1. The Conditions for Monetization

2. Opportunities vs. Risk

3. What are the Legal Implications

4. Risk Assessment for Monetization

5. Its Application to a Case Study

6. Summary - Key Takeaways

7. Question and Answer

Agenda


About Privacy Analytics

For organizations that want to safeguard and enable their data for

secondary use …

• Software that automates the de-identification

and masking of data using a risk-based

approach to anonymize personal information

• Integrated capabilities to anonymize

structured and unstructured data from

multiple sources

• Peer-reviewed methodologies and value-

added services that certify data as de-

identified using the expert statistical method

under HIPAA


Webinar Part 1: A Quick Re-cap

• Demonstrating that through anonymization techniques a customer could maintain the essential analytic utility of the original data

• Using a risk-based approach to determine the optimal level of anonymization to safeguard personal information

• Allowing this customer to fully leverage their data for secondary purposes – all within a reasonable range of optimal utility and value

Setting the conditions for organizations to explore the different

business and ethical dimensions of data monetization by:


Is Data Monetization Like a Bad Comb Over?

Do we discuss it openly, yet responsibly with our friend below? Or do

we ignore it and hope it goes away – in the case below, literally?


Data Monetization: It’s Already Occurring

By 2016, 30% of businesses will have begun directly or indirectly

monetizing their information assets via bartering or selling them

outright, according to Gartner Research Inc.


Healthcare Data Ecosystem

Source: Park Associates

We are witnessing an explosion of digital health applications and

software that combined with transactional systems creates a rich

repository of insight into individuals, their behavior and health


Richer, More Intrusive Data Capture

Source: Proteus interface for an edible mobile device that tracks a patient’s level of activity and rest

The “Internet of Things” is becoming a reality in healthcare, as

organizations move beyond simply Fitbit fitness tracking to more

robust diagnostics associated with patient well being and care


Data Monetization


Real Brand and Reputation Considerations

Protecting consumer and patient data is a sacred trust. And even in

the context of a criminal act, a breach of this trust can cause significant

harm to an organization’s reputation and business overall.

Target Profit Falls

46% On Credit

Card Breach

Source: YouGov BrandIndex’s Buzz Post Breach

Social Sentiment Analysis of Target Compared to

Other Retailers Post Breach

Now Imagine if This Were a Deliberate Effort to Monetize Data!


Section Takeaways

� Just because there ’s more data

doesn’t mean there’s a revenue

stream ...

� What’s the relationship between

my corporate values and my

desire to monetize data ...

� If there is a relationship, what are

the dimensions of the data I want

to share and with whom ...

� As I build a business case, what is

the context for data’s sale and

how will it be used ...

� And what’s the role of internal

and external stakeholders in the

decision to monetize data ...

� Better call a lawyer ...

The Business of Data

14







6. Summary - Key Take Aways


Agenda


Today’s Presenter

Ann Waldo, Wittie, Letsche & Waldo, LLP, and

the Washington Health Strategies Group


HIPAA/HITECH Compliance: How to Protect PHI

Need multi-layered, strategic approach to protect PHI

(Protected Health Information):

• Policies and Procedures (PnP)

• Thorough implementation of PnP and safeguards

• Documentation

• Risk Analysis of likely threats to data

• Risk Assessment of compliance program

• Vendor (Business Associate) contracting and management

• Robust use of three “magic bullets”

17


1) Destruction per HHS guidance

2) Encryption per HHS guidance

3) De-Identification per HIPAA standard

HIPAA/HITECH Breach Reporting

18

Three “Magic Bullets”:


How to De-Identify: Two Methods Under HIPAA

19

See HHS Guidance Regarding Methods for De-identification of Protected Health Information in

Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule


• Once PHI is de-identified, it is no longer PHI and escapes

HIPAA

• HHS has no jurisdiction

• No breach issues

De-Identification Implications

20

Legal and Reputational Risk Management


Supposed ease of re-identification:

� Increasingly believed by the media, advocates, and the public

� “There’s no such thing as de-identified data”

Re-identification risks are greatly exaggerated:

� Of the known “successful” re-identification attacks, most

were not on healthcare data at all (e.g. movie ratings, internet

searches)

� Most done by researchers

� Of the health care ones, most were not HIPAA de-identified

» A recent hospital discharge set attack did not involve HIPAA de-

identified data

» The only confirmed HIPAA de-identified data attack (ONC study) still

had a re-identification rate that was very small (2/15,000)

De-Identification Controversies

21


New Challenge to Data Fluidity

• A HIPAA Covered Entity or Business Associate must now get

an authorization from each individual in a data set for any

sale of PHI

• Even if the disclosure is otherwise permitted by law

• The authorization must state that the disclosure will result in

remuneration to the Covered Entity

• Ban on sale applies even to Limited Data Sets (partially masked PHI

that retains zip codes and dates)

22

HITECH Ban on the Sale of PHI


Ban on the Sale of PHI

Exceptions• Research– BUT exception is narrow.

• Research remuneration is limited to the direct and indirect costs

of preparing and transmitting the PHI (cannot include profit)

• For public health

• For treatment or payment

• Other exceptions - sale of a Covered Entity, patient access, as required

by law

Consequences of Ban on Sale of PHI

• Many predict unintended harmful consequences to research and

analytics – unrealistic to expect big data transfers without dollars

changing hands

• Will it drive need for de-identified data?


Section Takeaways


doesn’t mean there should be a

revenue stream ...








the context for data’s sale and will

it be used ...






24

Preparing for the Best

vs. the Worst

� Higher public sensitivity around

data sharing and lower trust in

data custodians requires a

proactive and transparent

approach to data stewardship …

� Researchers, industry and public

health professionals are making

stronger demands to access

linked data and de-identified

data, requiring more investments

to facilitate secondary uses and

disclosures ...







6. Summary - Key Take Aways


Agenda


Today’s Presenter

Dr. Khaled El Emam, CEO and founder of

Privacy Analytics, Inc.


Quick Review: Identifiability Spectrum

Range of Operational Precedents

Re-identification risk thresholds are established precedents used by leading

research organizations depending on how they assess the risk of disclosure. As

such, they use a wide variety of operational precedents to trigger the application of

anonymization techniques. What we’ve done is captured and automated them.

Little De-identification Significant De-identification

5

20

3

2

10

811

16


Measuring Re-identification Risk

28


Post-marketing and Public Health Surveillance

Challenges:

• Significant size and complex data set. Held

more than five years of clinical, prescription,

laboratory, scheduling and billing data of

patients

• Data from 2,664 clinics and 5,850 physicians

• Data complexity: 820 columns/73 tables

Case Study: EMR Software Vendor

Analytic Outcomes:

De-identified data to analyze:

• Post-marketing surveillance of adverse events

• Public health surveillance

• Prescription pattern analysis

• Health services analysis

� Wanted to anonymize

data on 535,595

patients from general

practices

� Longitudinal data

needed to be used for

on-going and on-

demand analytics

29


Assessing Mitigating Controls

Applying industry best practices to secondary

use and anonymization

Establishing standard industry wide practices

for data sharing internally and externally

Automating the evaluation of complex rules

and regulations for data sharing

• Recognized industry best practices

and conventions for access controls,

data protection and accountability

from organizations that include:• ISO

• U.S. and Canadian government / privacy commissioner data protection guidelines

• American Institute of Certified Public Accountants, Inc., and Canadian Institute of Chartered Accountants


Assessing Motives and Capacity

Auditability of underlying data sharing practices

Transparent and defined approaches for sharing

data for secondary use

Skills audit of potential data sharing partners to

assess expertise

• Evaluates the intent and use of the

requested data based on historical

use and partnership with the data

custodian

• Determines the relative skills of the

data requester, their basic database

and statistical expertise to re-

identify data


Simulating Invasion of Privacy

� Gauge potential for harm for sharing

sensitivity data for secondary use

� Incorporate Privacy by Design best practices

around consent and data sharing

• Considers the sensitivity of the data

and the potential for harm to the

data subjects

• Assesses the potential number of

patients within a data set that would

be harmed in the event of breach

• Consider the authority, consent and

notice mechanisms that were in

place when the data was collected or

since then


Applying Statistical De-identification

� Speed time to IRB or ethics board approvals

with detailed and auditable approach to data

sharing

� Automate the application of best practices to

anonymization and gain insight faster

• Ranks the level of mitigating controls that protect personal data

• Scores the data requesters motives and intentions for the data’s use

• Measures probability of re-identification

• Indicates the likelihood that the data set could be breached

• Provides a risk threshold that determines the level of anonymization to be applied


Section Takeaways


doesn’t mean there should be a

revenue stream ...








the context for data’s sale and

how will it be used ...






34

Preparing for the Best

vs. the Worst

� Higher public sensitivity around

data sharing and lower trust in

data custodians requires a

proactive and transparent

approach to data stewardship …

� Researchers, industry and public

health professionals are making

stronger demands to access

linked data and de-identified

data, requiring more investments

to facilitate secondary uses and

disclosures ...

� Establishing an enterprise-wide

standard enables an auditable

approach, incorporating data

governance principles and best

practices ...

� Anonymization is a contextual

conversation. It requires

modulating the degree of

anonymization based on each

situation ...

� Responsible data sharing needs

hinge on standard practices,

transparent approaches to the

assessment and mitigation of risk

and use of anonymization

practices

� In short, monetization, but

monetization conducted in a

responsible manner

Transparency Works


Summary: Balancing Privacy with Data Utility

Data Quality1 Analytic Granularity2 Depth of Insight3

Ensuring de-identified

data has analytic

usefulness by minimizing

the amount of distortion

but still ensure that re-

identification risk is very

small

Allowing users to

configure the extent of

de-identification to match

the characteristics of the

analysis that is

anticipated

Enabling analysis of the

total patient health

experience, to compile a

complete picture of this

experience from multiple

data sources and types

The Analytic Benefits of a Risk Assessment Method


Also, contact me to learn more at [email protected].

We can set up a personalized demo or have a discussion on your

current anonymization needs. Just drop me a line.

We’re giving away copies of our Risky Business Sharing Health Data While Protecting Privacy to the first 30 people that complete our survey:

Anonymization Survey:

• http://surveys.ronin.com/wix/p1834

200753.aspx?src=1

May 21-22, e-Health Initiative, Washington, D.C.

Final Thoughts