SOLUTIONS
World-class healthcare organizations depend on TripleBlind to accelerate research and development, enable collaborative healthcare, and protect patient data. We believe the future of healthcare depends on fast secure access to diverse patient data.
Many see privacy as a frustrating speed bump on the road to data driven patient outcomes. Traditional approaches to achieve HIPAA compliance work, but they are error prone, time consuming, and require continual development. What if there was a product, validated by third-parties, that ensured HIPAA compliance and governance at the speed of installation.
Clinical Trial Patient Selection and Early Indication Reporting
Pharmaceutical companies save time and money when working with providers to analyze patient data for trial selection and terminate ineffective trials early with efficacy reporting during study progression.
Diagnostic Remote Delivery
Researchers and academic medical centers can deliver advanced diagnostic care globally without the need to transfer models ensuring quality care for more patients.
Hospital Payer Insights
Payers often need to combine Lab and Provider data to support analysis and reporting for care management programs, a process that can take months and cost millions of dollars. With TripleBlind Hospitals and Labs can more easily work with Payers.
Multi-Modal AI
Patients benefit from privacy laws that protect their data. Patients also benefit from a medical community that can make safe use of their data for analysis, model building, model validation, predictive medicine and more.
TripleBlind can be used on any data type, for any analytic operation ensuring less biased more accurate analysis and diagnostics.
WHAT IS PRIVACY ENHANCING TECHNOLOGY (PET)
For healthcare and life-sciences, emerging privacy-enhancing technologies (PETs) offer robust technical approaches for protecting patient data in-use. All approaches share one key objective: to enable the secure and compliant processing of data for artificial intelligence and other forms of data analytics, even where data may contain personal health information (PHI) or personally identifiable information (PII).
Oftentimes, this data is stored in silos across organizational and national boundaries, adding additional complexity to data pipelines and operations. PETs help eliminate these silos, enable data access, and streamline workflows. Below, you’ll find descriptions of a few of the most common PETs available.
The TripleBlind Difference
TripleBlind offers the most comprehensive privacy software that brings the benefits of various PETs into a suite of business-ready solutions. With TripleBlind’s software you can:
Differential Privacy
Differential Privacy was originally developed by cryptography experts and its vocabulary reflects that heritage. This approach attempts to shield the identity of any individual in a data set by describing only the attributes of groups and patterns in that data set. The mathematical techniques used intend to estimate the probability of privacy loss for an individual with respect to a given algorithm. A key step is to determine the amount of “noise” that must be artificially injected into the data set to effectively maintain a given level of privacy.
TripleBlind’s encrypted-in-use approach avoids the issues associated with removing and replacing data.
Federated Learning
Federated learning is a specific technique within the broad field of data science that aims to train neural networks on distributed and homogenous data sets. Originally developed by Google in 2016 to train on data stored on mobile phones, the term federated learning is used in multiple varied ways by different researchers today. This technique involves the exchange of whole neural networks between different data providers, which can allow for training on heterogeneous data sets. However, federated learning can be computationally intensive and potentially expose the neural network provider’s valuable IP.
TripleBlind has developed several important innovations in this field that improve scalability and practical use. Our technology completely maintains data fidelity resulting in better computational outcomes while complying with the world’s most stringent regulatory bodies and regulations.
Homomorphic Encryption
Homomorphic encryption is a specific class of encryption schemes that permits users to run certain operations on data while the data remains in its encrypted state. It is often considered an extension of public key cryptography, which was invented in the 1970’s. From there, it took more than three decades for the first usable forms of homomorphic encryption to be published. Homomorphic is a term from advanced algebra that speaks to the structure-preserving relationship between the plaintext and the encrypted data. Since the outputs of computation on encrypted data/ciphertext are identical to those of unencrypted data/plaintext, these functions may be thought of as homomorphisms.
While the benefits of homomorphic encryption are clear, the technology doesn’t offer the kind of usage auditability and governance tools required by many healthcare organizations and made easy-to-use by TripleBlind.
Secure Enclaves
A secure enclave (also known as Confidential Compute or Trusted Execution Environment) provides CPU hardware-level isolation and memory encryption on every server. Secure enclaves isolate application code and data from anyone without privileges and encrypts all data in memory. With additional software, secure enclaves enable the encryption of both storage and network data for simple full stack security. Secure enclaves work well for operations taking place on a single server, since data and algorithms must be stored in the same location. However, secure enclaves force data operations into a state of hardware dependence –– limiting distributed data operations across multiple organizations, servers, and country borders.
As a software-based solution, TripleBlind can address many of the limitations associated with secure enclaves. The primary benefit of TripleBlind over hardware solutions like secure enclaves is the data never moves. This speeds up global data collaborations where data residency laws are a consideration.
Synthetic Data
Synthetic data, in the most general sense, is any data set that has been generated using software rather than collected empirically. In the specific realm of privacy protection, software used to create synthetic data sets intends to model real data without disclosing records that can be tied back to specific individuals. Synthetic data grants a considerable depth of tools and techniques designed to give data users the inputs needed for data analytics, AI, and research. The pros and cons of synthetic data approaches versus private use of real data has been the subject of considerable research in recent years, highlighting a tension between the needs for data privacy and data accuracy.
While synthetic data can be a useful tool for training machine learning algorithms, TripleBlind’s techniques can allow for these systems to be trained on real, original data without fidelity or compliance concerns.
Tokenization, Masking, and Hashing
Tokenization replaces sensitive data – such as phone numbers, payment card numbers, or patient ID numbers – with non-sensitive substitutes, often without changes to the field type or length. This non-sensitive substitute is known as the “token”, which represents the record or individual when multiple parties process data. These tokens might be revealed in a data breach, but the sensitive data represented by the token is not. Tokenization requires a secure centralized system for the generation and management of the tokens and their relationship to the underlying data. Data masking and hashing are related techniques that alter the values of fields which contain data that is not an ID number but is still private, but not ID data numbers.
TripleBlind’s encrypted-in-use approach, built on practical breakthroughs in decades of trusted, verified research in cryptography and mathematics, avoids many of the issues associated with tokenization.
Data Clean Rooms
A data clean room is a neutral and secure environment that allows multiple companies, or divisions of a single company, to collaborate with data for joint analyses. Clean rooms often require pre-defined guidelines and restrictions to keep data usage aligned with privacy laws such as GDPR, CCPA, and HIPAA. In a data clean room, personally identifiable information (PII) or private health information (PHI) is anonymized, processed, and stored, allowing each partner to maintain control of their data. The primary benefit of a data clean room is that it allows partners to work with user-level data while preventing the data from being accessed outside of the clean room.
While clean rooms can be a useful tool for working with disparate data, they still require the clean room vendor to act as a trusted-third party, and because clean rooms are relatively new, there are currently no universal implementation standards. TripleBlind’s techniques allow for analysis and training of disparate datasets without the need to summarize, move, or store data with a trusted third-party –– reducing costs, optimizing processes, and delivering greater value from sensitive data.
MITRE Technical Evaluation
Recently MITRE released the results and conclusions from their detailed technical evaluation of several privacy preserving technologies applicable to healthcare analytics.
Omdia Independent Analyst Review
This independent analyst report was published in June 2022 by Rik Turner, a principal analyst in Omdia’s IT security and technology team.
Constellation Independent Analyst Review
This independent analyst report was published in June 2022 by Steve Wilson, a VP and Principal Analyst at Constellation Research, focusing on digital identity and privacy.
Interested in seeing how TripleBlind can accelerate research and improve healthcare outcomes? Book a demo with us today.