Client Context
Customer Shares Patient-Level Data with a Partner Company
As a distributor of a medical device produced by a partner company, this large company creates a report each time the device is used for a medical procedure. The report includes patient-level data that the company shares with its partner to be used for product improvements, R&D, and evidence (including metrics) of product differentiation.
Business Problem
Need to Balance Data Utility with Individual Identifiability
The company needs data that is of high-enough utility to be valuable to its partner, yet compliant with the regulatory requirements that the individuals represented by the data are not identifiable.
Solution
Privacy Analytics Performs an Evaluation of Identifiability
To measure the identifiability of the data, we statistically measured how distinguishable individuals represented in the data were in the population. We also considered contextual factors influencing the likelihood of re-identification, including the:
- Controls in place to ensure data recipients manage data access and use appropriately;
- Motives and capacity of data recipients to re-identify the data; and
- Contractual agreements in place between the company and its partner.
Based on the context and identifiability in the data itself, we developed a tailored anonymization strategy to maximize data utility in consultation with our customer.
Results
Rich Data, Compliant with GDPR and HIPAA Regulations
Privacy Analytics recommended a data anonymization (de-identification) strategy that maximized the value of the data based on how our customer’s partner intended to use it.
Following our recommendations, our customer can confidently share rich reports with its partner company for their product improvements, R&D, and competitive product differentiation. They can be fully confident that patient privacy is protected, with demonstrated compliance under the GDPR and HIPAA.
Learn more about Privacy Analytics’ anonymization services for DICOM.