Trusted Third Parties and Honest Brokers Definitions and Benefits

The explosion of interest in AI technology in healthcare has been inescapable, bringing with it a skyrocketing appetite for health data from all sources. Data demands are increasing not only in volume, but in breadth, with modern technologies able to efficiently derive insights from multimodal and increasingly complex data.

This demand is fed by pulling data from a variety of sources, suppliers, and modalities, often with the goal of achieving patient-specific linkage of the full range of data to assemble as broad a picture of each patient as possible.

For healthcare data, the privacy considerations around both this data sharing and linking play a critical role in meeting the expectations of the HIPAA Privacy Rule and nurturing crucial patient trust. Increasingly, organizations are turning to Trusted Third Parties (TTPs) and/or Honest Brokers as part of their data ingestion pipelines. In this article, we’ll introduce these two closely related concepts, and discuss some of the benefits of a TTP or Honest Broker.

Definitions

In the healthcare data sharing space, the concepts of TTPs and Honest Brokers are closely interrelated. There isn’t clear consensus on definitions, with some using the terms interchangeably, and definitions can vary across different domains. We describe some key attributes that tend to be associated with each.

• An Honest Broker generally focuses on the brokering – taking action on behalf of another party. They may hold a broad database or group of databases, which may be in an identifiable form, and may share (or “broker”) data as requested and approved by some established process. They may also transform the data (e.g., de-identify or anonymize it) as part of the brokerage activity. It is unusual for an Honest Broker to have any role related to the use of the data, like performing analysis, research, model training, etc.
• A Trusted Third Party generally focuses on trust, with the emphasis on ensuring data security, privacy, or integrity, without exposing those data details to other parties involved. A TTP may gather or receive source, identifiable, or lightly-processed healthcare data and perform quality checks, tokenization, de-identification, and/or anonymization on the data before sharing it with other parties under established processes and approvals.

The concepts have strong overlap, with the main area of contrast being the emphasis on brokering vs on trust. Both Honest Brokers and TTPs often package and share data, and they often shield and transformed it to maintain trust. We’ll refer to both Honest Brokers and Trusted Third Parties collectively as “TTPs” and focus primarily on secondary use of healthcare data, which almost always demands that data be transformed to reduce identifiability, or managed to mitigate privacy threats. We’ll also refer to these transformations as “de-identification” in a general sense to be inclusive of data privacy concepts outside of HIPAA de-identification, including coding participant identities in a clinical trial, and pseudonymization or anonymization under the GDPR.

Illustration of a hypothetical TTP data flow. Identifiable data (solid lines, teal) from many data providers is sent to the TTP (shaded background). The data is tokenized and de-identified (broken lines, green), and can be linked (converging arrows) in different combinations before sharing with many recipients. Recipients never hold identifiable data.

While there aren’t clear requirements to use a TTP from a regulatory standpoint, TTPs are often referenced in technical standards and frameworks as a method for creating separation between source sensitive personal information and downstream uses of data, particularly to ensure data minimization and reduce the privacy exposure of the source data.

Benefits

There are a range of benefits to using a TTP:

• Organizational separation: A recipient organization may prefer to hold sensitive information exclusively, after de-identification has been applied. Moving the identifiable data ETL steps and de-identification to a TTP helps minimize privacy risk by enabling an organization to ensure they are exposed to de-identified data only. For cases in which tokenization engines or similar privacy preserving technologies are applied to support linkage, this organizational separation can play an important role in ensuring that the privacy of the engine (and thus, the patient data processed by the engine) is maintained.
• Cost and time efficiency: An external TTP is specialized in data ETL, de-identification, and process documentation. Specialists can provide cost and time efficiencies both with for small and intermittent workloads—as opposed to assigning a part-time responsibility within an organization—as well as in large scale operations, where even modest efficiency gains can yield ROI.
• Technical capabilities: An internal team may have limited technical capability to execute ETL requirements, which could potentially include data harmonization, data transformations, consolidating contrasting formats and modalities, and ontology mapping. External TTPs handle these types of functions routinely and may have the existing capabilities in-house. In particular, with the increased demand for tokenization and linkage, the use of a tokenization engine may be more complex for an internal team than a TTP.

Putting it together

TTPs can bring domain expertise, organizational separation, technical facility, and efficiency to the upstream ingestion, consolidation, harmonization, and de-identification processing of healthcare data. Through tools like tokenization, TTPs can also expand the value of ingested data by enabling linkage across diverse datasets that were not originally linked, while preserving patient privacy.

Contact Privacy Analytics if you’d like to learn more about TTPs.