How to Safely Navigate Beyond Masking
Healthcare organizations realize the only way to stay ahead of the game is to leverage data for strategic insight. When you operate in the healthcare industry, you run into the challenge of unlocking PHI for secondary use. The insights you need to drive new innovations and improve patient outcomes are typically locked away because of the potential risks associated with their use.
Masking tools provide Safe Harbor compliance, but this comes at a steep cost. Data quality is rendered useless for analysis when masked to Safe Harbor compliance. Alternatively, if masking tools remove too little information or the wrong information, this leaves your organization open to fines for non-compliance or re-identification attacks. Attacks on healthcare data are becoming a real threat. With the explosion of personal data available, it is easier than ever to link datasets and re-identify individuals.
There’s a common misperception that using a brand name masking product means your data will always be compliant. When you need to share information for analytics purposes within your organization or with outside recipients, it is very tempting to leave in one or two identifiers or a little more date information to make the data useful. After all, what is the point of sharing data that carries no utility?
As soon as there are demands to share and use sensitive data for analytics purposes, people will try to preserve as much granularity in the data as possible. Herein lies the challenge – and why we need to look beyond masking techniques. Balancing privacy compliance with data utility is an emerging discipline that requires new ways of thinking. It’s a risk management problem.
Current masking tools often apply a one-size-fits-all approach which removes the utility of the data, notably, date information. By Safe Harbor standards, all date information except year must be removed. When tracking the progression of a disease or efficacy of treatments, the lack of granularity proves stifling.
Fortunately, it is possible to balance use with privacy and legal requirements. Risk analysis is key to finding this balance. Most masking tools do not provide a view into the risks that threaten patient privacy when using data for analytics. There are now automated tools which offer a risk-based approach to de-identification, providing visibility into the risks that are required to manage these challenges.
Interested in learning more about the differences in de-identification? Download a copy of Don’t Blur the Lines to get insight into how de-identification works. Moving beyond masking requires understanding about how these methods differ and what techniques they leverage.
You might also like:
Avoid the Blur of Data Masking
Don’t blur the lines between data masking and real de-identification; learn more in this Privacy Analytics white paper.
Does Data Masking Work?
Safe Harbor data masking looks like de-identification in disguise: don’t be fooled! We have often heard that data masking does…
How to Safely Navigate Beyond Masking
Healthcare organizations realize the only way to stay ahead of the game is to leverage data for strategic insight. When…
False Promise of Data Masking
Let me start with some good news. Increasingly, IT departments that are recognizing that they need to protect the privacy…
- One Year In: How the Opening of Health Canada’s Portal Affects YouMay 4, 2020
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Putting our passion into action against COVID-19April 15, 2020
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019