Information on an individual’s health is among the most sensitive data handled by organizations, and arguably, information on an individual’s mental health is the most closely held of all. Modern Health, which offers a comprehensive mental health platform that employers provide as an employee benefit, understands this well. To leave no doubts about the diligence and compliance that Modern Health practices in reporting aggregated data to employers, the company turned to Privacy Analytics experts to validate and optimize how the privacy of its members is protected.
Balancing the need for engagement and outcomes feedback with the mandate to protect personal privacy of Modern Health members
Modern Health is a globally-inclusive platform designed to drive rapid access to care, high engagement, and clinically-effective outcomes across the full spectrum of well-being — from prevention to clinical recovery — helping employers foster better well-being for their employees and families. Modern Health offers its members across the globe access to a wide range of care options — including clinical therapy, certified coaching, group Circles, self-guided meditations, podcasts, programs, and courses. The platform is designed to support people across all aspects of mental health — emotional, professional, social, physical, and financial well-being. Modern Health guides each member to the right starting point in care based on their preferred areas of focus, clinical assessment results, and care type preference.
"Our work with Privacy Analytics continues to show Modern Health’s commitment to the privacy of our members. It also allows our customers the ability to reassure their employees that their personal information will be safeguarded when they use our platform."
Associate General Counsel, Privacy Officer and Head of Compliance at Modern Health
As a secondary service to employers offering Modern Health, the company reports high-level, aggregate usage data back to employers so that they can gauge program popularity and success, promote certain aspects of the platform through engagement campaigns, and validate their investment. These dashboards are typically only available to senior employees and human resources professionals administering Modern Health and leading workplace wellness initiatives.
As Modern Health’s reporting advanced with the addition of filtering capabilities, the company wanted fresh guidance from experts on what was required to comply with HIPAA, GDPR, and state privacy regulations. They also wanted to give employers and employees confidence in the company’s privacy practices. Rina Matsumoto, Modern Health’s Senior Product Manager for client experience, explained, “It was important to us to have a third party evaluate our reporting in terms of risk levels and how well we were following regulatory requirements. We needed prospects and customers – and their employees – to rest assured that we were taking all necessary precautions to protect the personally identifiable and health information of our members.”
Modern Health turned to Privacy Analytics, a global authority on data privacy that has enabled hundreds of organizations to safely release maximum value from protected data. Modern Health previously engaged Privacy Analytics before the initial launch of its engagement reporting and subsequently re-engaged the company for further support when it added new drill-down capabilities in its reporting that could require additional privacy measures.
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
The Privacy Analytics Solution
A statistical approach that balances privacy protection and practicality
To kick off the project, a Privacy Analytics data scientist and data privacy solutions business leader conducted a series of information-gathering sessions with Modern Health. They sought to understand how the data flowed through the company, what data elements were most useful to its clients in aggregate reports, and what reporting features it might offer in the future. Then, to assess the risk of exposing a person’s identity, they considered each anonymized metric that would be shared across a comprehensive set of dashboards.
In light of Modern Health’s new advanced and dynamic reporting, the Privacy Analytics team proposed that Modern Health adopt a statistical approach to managing and sharing the data, rather than the rules-based approach the company had used for its prior reporting. A rules-based approach applies a strict set of controls based on a predetermined checklist and is often used for the reporting of non-dynamic data. A statistical approach, on the other hand, is a more comprehensive and nuanced method that considers each data type for its own merit within context and is more aptly used for dynamic reporting. It considers how sensitive the information is, how multiple data elements interact, and who will receive it. The Privacy Analytics team judged that a statistical approach would ensure that privacy was protected while maintaining the utility of the dashboard.
Privacy Analytics delivered a set of recommendations to Modern Health, working collaboratively with the company’s product and analytics teams and its privacy counsel to determine how to implement them and ensure they were simple enough to be easily explained to a client. “I really appreciated that they didn’t give us a set of rules and say, ‘Good luck,’” continued Matsumoto. “Rather, they said, ‘Here’s what we recommend. Let’s talk about how we can make this practical for you and your clients.’” Consequently, Modern Health has been able to create and deliver meaningful dashboards to its employer customers that highlight the value their employees receive from the Modern Health platform.
Screenshot demo from a Modern Health dashboard for employers
Privacy Analytics produced a report describing Modern Health’s methodology for de-identifying and aggregating data in its dashboards. The report is, as Matsumoto said, “… more than just a stamp of approval. It goes into detail and is statistically defensible.”
A source of trust and a framework for innovation
To help employers help their employees be more proactive in caring for their mental health, Modern Health took a proactive and comparatively sophisticated approach to ensuring the privacy protections of its members, with the help of Privacy Analytics. “The only way to do this is to lean on experts in this area,” advised Matsumoto. The result is supporting Modern Health’s growth in significant ways.
First, the company can share Privacy Analytics’ report describing key privacy protections with clients and prospects to alleviate any concerns over data privacy. According to Kimyatta Holder, Modern Health’s Associate General Counsel, Privacy Officer and Head of Compliance, “Our work with Privacy Analytics continues to show Modern Health’s commitment to the privacy of our members. It also allows our customers the ability to reassure their employees that their personal information will be safeguarded when they use our platform. It has played a significant role in building trust with our clients and giving them confidence that Modern Health takes privacy seriously and that we implement industry best practices to ensure compliance with applicable privacy laws.”
Matsumoto added, “And because we have a framework in place that guides our decision-making, our product team can think more expansively and innovatively when planning product enhancements.” “We don’t have to worry about stepping into new territory with our reporting – we know what can and can’t be done safely.”