Modern Health proactively assesses privacy protections for member data

Modern Health proactively assesses privacy protections for member data

Privacy Analytics provides framework that supports business growth

Information on an individual’s health is among the most sensitive data handled by organizations, and arguably, information on an individual’s mental health is the most closely held of all. Modern Health, which offers a comprehensive mental health platform that employers provide as an employee benefit, understands this well. To leave no doubts about the diligence and compliance that Modern Health practices in reporting aggregated data to employers, the company turned to Privacy Analytics experts to validate and optimize how the privacy of its members is protected.

The Challenge

Balancing the need for engagement and outcomes feedback with the mandate to protect personal privacy of Modern Health members

Modern Health is a globally-inclusive platform designed to drive rapid access to care, high engagement, and clinically-effective outcomes across the full spectrum of well-being — from prevention to clinical recovery — helping employers foster better well-being for their employees and families. Modern Health offers its members across the globe access to a wide range of care options — including clinical therapy, certified coaching, group Circles, self-guided meditations, podcasts, programs, and courses. The platform is designed to support people across all aspects of mental health — emotional, professional, social, physical, and financial well-being. Modern Health guides each member to the right starting point in care based on their preferred areas of focus, clinical assessment results, and care type preference.

"Our work with Privacy Analytics continues to show Modern Health’s commitment to the privacy of our members. It also allows our customers the ability to reassure their employees that their personal information will be safeguarded when they use our platform."

Kimyatta Holder,

Associate General Counsel, Privacy Officer and Head of Compliance at Modern Health

As a secondary service to employers offering Modern Health, the company reports high-level, aggregate usage data back to employers so that they can gauge program popularity and success, promote certain aspects of the platform through engagement campaigns, and validate their investment. These dashboards are typically only available to senior employees and human resources professionals administering Modern Health and leading workplace wellness initiatives.

As Modern Health’s reporting advanced with the addition of filtering capabilities, the company wanted fresh guidance from experts on what was required to comply with HIPAA, GDPR, and state privacy regulations. They also wanted to give employers and employees confidence in the company’s privacy practices. Rina Matsumoto, Modern Health’s Senior Product Manager for client experience, explained, “It was important to us to have a third party evaluate our reporting in terms of risk levels and how well we were following regulatory requirements. We needed prospects and customers – and their employees – to rest assured that we were taking all necessary precautions to protect the personally identifiable and health information of our members.”

Modern Health turned to Privacy Analytics, a global authority on data privacy that has enabled hundreds of organizations to safely release maximum value from protected data. Modern Health previously engaged Privacy Analytics before the initial launch of its engagement reporting and subsequently re-engaged the company for further support when it added new drill-down capabilities in its reporting that could require additional privacy measures.

Gain confidence to use and share sensitive data

Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.

The Privacy Analytics Solution

A statistical approach that balances privacy protection and practicality

To kick off the project, a Privacy Analytics data scientist and data privacy solutions business leader conducted a series of information-gathering sessions with Modern Health. They sought to understand how the data flowed through the company, what data elements were most useful to its clients in aggregate reports, and what reporting features it might offer in the future. Then, to assess the risk of exposing a person’s identity, they considered each anonymized metric that would be shared across a comprehensive set of dashboards.

In light of Modern Health’s new advanced and dynamic reporting, the Privacy Analytics team proposed that Modern Health adopt a statistical approach to managing and sharing the data, rather than the rules-based approach the company had used for its prior reporting. A rules-based approach applies a strict set of controls based on a predetermined checklist and is often used for the reporting of non-dynamic data. A statistical approach, on the other hand, is a more comprehensive and nuanced method that considers each data type for its own merit within context and is more aptly used for dynamic reporting. It considers how sensitive the information is, how multiple data elements interact, and who will receive it. The Privacy Analytics team judged that a statistical approach would ensure that privacy was protected while maintaining the utility of the dashboard.

Privacy Analytics delivered a set of recommendations to Modern Health, working collaboratively with the company’s product and analytics teams and its privacy counsel to determine how to implement them and ensure they were simple enough to be easily explained to a client. “I really appreciated that they didn’t give us a set of rules and say, ‘Good luck,’” continued Matsumoto. “Rather, they said, ‘Here’s what we recommend. Let’s talk about how we can make this practical for you and your clients.’” Consequently, Modern Health has been able to create and deliver meaningful dashboards to its employer customers that highlight the value their employees receive from the Modern Health platform.

Screenshot demo from a Modern Health dashboard for employers

Privacy Analytics produced a report describing Modern Health’s methodology for de-identifying and aggregating data in its dashboards. The report is, as Matsumoto said, “… more than just a stamp of approval. It goes into detail and is statistically defensible.”

Client Results

A source of trust and a framework for innovation

To help employers help their employees be more proactive in caring for their mental health, Modern Health took a proactive and comparatively sophisticated approach to ensuring the privacy protections of its members, with the help of Privacy Analytics. “The only way to do this is to lean on experts in this area,” advised Matsumoto. The result is supporting Modern Health’s growth in significant ways.

First, the company can share Privacy Analytics’ report describing key privacy protections with clients and prospects to alleviate any concerns over data privacy. According to Kimyatta Holder, Modern Health’s Associate General Counsel, Privacy Officer and Head of Compliance, “Our work with Privacy Analytics continues to show Modern Health’s commitment to the privacy of our members. It also allows our customers the ability to reassure their employees that their personal information will be safeguarded when they use our platform. It has played a significant role in building trust with our clients and giving them confidence that Modern Health takes privacy seriously and that we implement industry best practices to ensure compliance with applicable privacy laws.”

Matsumoto added, “And because we have a framework in place that guides our decision-making, our product team can think more expansively and innovatively when planning product enhancements.” “We don’t have to worry about stepping into new territory with our reporting – we know what can and can’t be done safely.”

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success


Situation:’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.