ROI on De-identification
Many healthcare organizations are sharing protected health information, this is a fact. That number is intended to grow. This is not surprising; the volume of health data is growing exponentially. Putting the massive amounts of this data into silos is not the answer. The business of de-identifying this data and using it for secondary purposes is only in its infancy. For research, analytics, monetization and a host of commercial activities, de-identification opens possibilities and invites innovation. But, there is one area that often is ignored. De-identification with strong encryption is an robust pairing with strong encryption to safeguard privacy in the event of a data breach.
At the time this white paper was published, the cost of a data breach was estimated to range from $200 to $217 USD per affected individual. This figure includes investigation, direct notification costs, litigation, redress and compensation, penalties, loss of productivity to deal with the breach, and loss of business. (For a more current calculation, we recommend reading The Ponemon Institute/IBM partnered report, The Global Cost of Data Breach Study.)
However, if a breach occurs and the organization has been proactive in de-identifying its data, then the total cost to deal with the breach will be lower. The organization will still incur a cost of mobilizing an internal team, external counsel, and possible external security consultants to investigate the breach and to confirm that it is not a reportable breach.
We did the math. Make sure to download Calculating the ROI on the De-Identification of Health Data. In In this white paper, we present this case by performing a Return on Investment (ROI) analysis based on a series of typical scenarios. This analysis illustrates that when considering the savings from avoiding a data breach, even modest investments in de-identification produce significant ROI.
Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.
Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.
Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.
Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.
Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR.
Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.
This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.