TripleBlind’s software-only solution unlocks the intellectual property value of health data without exposing PHI. We address HIPAA/HITECH and reduce the burdens of compliance. By keeping data private and in place while allowing only authorized operations on the data, healthcare providers can collaborate around sensitive information without compliance violations or costly fines.
Any health information that includes individual identifiers is considered PHI, including demographic information. Under HIPAA, the 18 identifiers of PHI are:
To date, HIPAA violations have cost organizations more than $135,328,482. What if you found a solution that could remove liabilities without restricting the utility of healthcare data?
Compliance to HIPAA and HITECH in healthcare can be complex. We’re built to accelerate responsible innovation in healthcare. How? We never actually share raw patient data. In fact, we never even see it.
The TripleBlind Solution Satisfies Technical Safeguard Requirements Under HIPAA/HITECH.
The Access Controls standard requires covered entities to: “Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights as specified in § 164.308(a)(4)[Information Access Management].”
Here’s how TripleBlind satisfies the four implementation specifications associated with the Access Controls standard.
How to demonstrate HIPAA and HITECH compliance.
Unique User Identification
“Assign a unique name and/or number for identifying and tracking user identity.”
The TripleBlind Solution
Unique user identification methods are useful when operating with anonymized datasets. However, TripleBlind one-way encrypts entire datasets for use, meaning no additional anonymization is needed. This approach achieves de-identification programmatically, not manually, and retains the utility of the data supporting relevant privacy requirements.
Emergency Access Procedure
“Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.”
The TripleBlind Solution
TripleBlind does not ever store or handle any raw information. If the results of a computation suggest an emergency situation, that information can be relayed back to the authorized parties so they can work to obtain and view the necessary protected health information, but TripleBlind itself will not expose PHI to any unauthorized parties.
Automatic Logoff
“Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.”
The TripleBlind Solution
TripleBlind provides robust digital rights management (DRM). Each data operation must be explicitly approved by the appropriate administrator. Once approved, the dataset is one-way encrypted for one-time use. Once the operation is complete and the result is returned to the appropriate party, the one-way encrypted data is rendered useless. Permissions can be set as broadly or specifically as needed, to govern both internal and external use of an organization’s information assets.
Encryption
“Implement a mechanism to encrypt and decrypt electronic protected health information.”
The TripleBlind Solution
TripleBlind’s technology permanently and irreversibly de-identifies data through a combination of one-way encryption and distributed computing, which allows the algorithm to generate the same outputs without requiring an Algorithm Provider to process or use any data within the scope of HIPAA’s definition of Protected Health Information (PHI).
The Audit Controls standard requires covered entities to: “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.”
Additionally, The Person or Entity Authentication standard requires covered entities to: “Implement procedures to verify that a person or entity seeking access to electronic protected health information is the one claimed.”
TripleBlind’s granular Digital Rights Management System offers the following:
HIPAA defines “Integrity” in the Security Rule as: “the property that data or information have not been altered or destroyed in an unauthorized manner.”
Under the Integrity standard, covered entities must: “Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.”
TripleBlind’s advanced one-way encryption model:
The Transmission Security Standard requires covered entities to: “Implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network.”
Since the TripleBlind Solution advanced one-way encryption model keeps data and algorithms private at every stage of a data project and never stores data itself, covered entities can collaborate with underutilized datasets and algorithms without fearing unauthorized access to electronic protected health information. When combined with our comprehensive Digital Rights Management (DRM) system, healthcare organizations can safely unlock sensitive data for faster and more accurate diagnostic and treatments in healthcare.
Interested in learning more about practical applications of the TripleBlind Solution in healthcare?
Check out the following use cases of our product:
TripleBlind’s innovations build on well understood principles of data protection. Our innovations radically improve the practical use of privacy preserving technologies, by adding true scalability and faster processing, with support for all data and algorithm types. We support all cloud platforms and unlock the intellectual property value of data, while preserving privacy and enforcing compliance with HIPAA and GDPR.