hxr 2016: free the data access & integration -jonathan hare, webshield
TRANSCRIPT
Privacy Networks and the Unified Trust Model frictionless patient-centric sharing, analysis and personalization
Jonathan Hare CEO, WebShield, Inc.
2 WebShield Inc.
with no consistent way to…• find and retrieve patient records• authenticate and authorize access by patient and their caregivers • trust policy enforcement and regulatory compliance by other organizations• share or analyze data without risking privacy, security or commercial rights
US Healthcare is*wildly* complex• 320 million people• 7.8 million clinicians & staff• inconsistent identifiers & schemas• highly privacy sensitive & regulated data• 1,000s of vendors, 10,000s of enterprises, 100,000s of IT systems• each patient has a unique, fragmented and changing network of data sources and caregivers
EnterpriseCentric
Computing
Patient-CenteredEvidence-Based
Healthcare
No amount of brute force can make
enterprise-centric computingsupport
patient-centric careon a national scale (let alone global)
4 WebShield Inc.
theunderlyingchallenge
“Little Data” Privacy (records of individuals)“Big Data” Privacy (population-scale analytics)Commercial Rights (unwilling to share)Semantic Interoperability (can’t link or understand)Regulatory Compliance (not allowed to share)
5 WebShield Inc.
“Classical” enterprise-centric techniques for data sharing and analytics are wildly inadequate
for patient-centered, evidence-based healthcare
HIPAA de-identificationdata use agreements federated analyticsCentralized
HubData
RecipientsData
Sources
aggregatedstatistics
Coordinating Center
bigger data siloes meets legal straightjacket
works with enterprise-centric IT
creates “network effects”
exacerbates cyber-security risks
compliance expensive, inflexible
one-size-fits-all, blocks 90% of uses
forces everyone to trust the hub
“data lobotomy” meets flawed privacy
analytic blind-fold meets operational straightjacket
no longitudinal records
severely compromises analytics
no user interaction (missing values)
no personalized decision support
simplifies data governance
reduces privacy risks
de-identified
original data
almost always easy to re-identify
can’t de-identify genomic data
severely compromises analytics
unambiguous HIPAA compliance
sounds good (to politicians)
no personalized decision support
analyze at distributed data sources, aggregate & interpret statistical results.
remove or obfuscate 18 types of personally identifying attributes.
HIPAA
G-L-BIRS 6103
EU Data Protection Directive
FISMA
contracts specify commercial terms, regulatory requirements, authorized uses & recipients
7 WebShield Inc.
The underlying problem with “classical” techniques is that there is an inherent conflict between privacy and sharing…
…or is there?
New Paradigm: “Quantum Privacy”
obfuscate data so that it is both - fully opaque (meaningless gibberish)
and - fully computable (no loss of information)
- at the same time…
simultaneously enforce policies of all stakeholdersat the finest possible level of granularity (‘quantum level’) before any meaningful data is revealed to anyone (including “insiders”)
9 WebShield Inc.
Enabling Quantum Privacy
Unified Trust ModelPrivacy Network
2952.3367731...
sJ92fKA24sL…
72679426.3166…
82Fa4JiqR3i…
93742157.4126…
We2B381H5…
PrivacyProxy
Node 1 Node 2 Node N
encrypt
tokenize
randomize
crypto-hash
Input Graph
148.53148.53
cleartext
Privacy Graph
apply policiesobfuscatePrivacy
Algorithm
management planecontrol plane
data plane
tokenizedrandomized
crypto-hashed
x45yv23
429jQk1Mz9…
93742157.4126…
We2B381H5…
{148.53} {dx72Fx92Ua…} {T62p2JsV9sI…}
429jQk1Mz9…T62p2JsV9sI…dx72Fx92Ua…
TrustAuthority
PrivacyNetwork
Privacy Algorithms
Graphs broken up into individual values, obfuscated by distributed “privacy pipes”, then re-assembled into a “privacy graph” made up of opaque tokens.
• privacy graphs are opaque and meaningless to any observer, yet fully computable. • algorithms and policies can be executed data without revealing anything to anyone.
• any data, algorithms, or policy definitions.
• provenance, schema & trust criteria
PrivacyProxy
Node 1 Node 2 Node N
encrypt
tokenize
randomize
crypto-hash
Input Graph
148.53148.53
cleartext
148.53
Privacy Graph
apply policiesobfuscate
enforcepolicies de-obfuscate
PrivacyAlgorithm
management planecontrol plane
data plane
tokenizedrandomized
crypto-hashed
x45yv23
429jQk1Mz9…
93742157.4126…
We2B381H5…
429jQk1Mz9…
{148.53} {dx72Fx92Ua…} {T62p2JsV9sI…}
429jQk1Mz9…T62p2JsV9sI…dx72Fx92Ua…
TrustAuthority
Privacy Algorithms
Privacy graph information can be resolved into clear text only after all of the trust criteria linked to all resources that contributed to creating it are enforced.
PrivacyNetwork
vastly better security and privacy (thousands to millions of times harder to breach)unlimited aggregation and analysis with no loss of accuracyprecision access control (single attribute, single recipient, specified purpose, 1-time)trust criteria inherited automatically by all aggregates and analytic outputsno need to agree on trust criteria
Privacy Network Advantage
13 WebShield Inc.
Trust Criteria
Identity & Security Assurance
Authorized Recipients & Purposes
IT Interoperability
Payment & Licensing Terms
Regulatory Compliance
Trust Validation Model
Rating & Reputation Metrics
Governance Processes
Trust Authorities
Audit & Certification Processes
Assessment Methodologies
Unified Trust Model
Trust Policy Model
Assessment & Validation
Legal Agreements
Computable Trust
Trust Requirements
Provenance
Trust Resource Model
Resource Description
allows diverse policies specified by different stakeholders (e.g. user, record subject, publisher, regulator, etc.) to be enforced by neutral trust authorities.
data metrics software
computing infrastructure
devices
physical assets
organizations
policiescontractsalgorithms
accounts
brands
relationships
people
14 WebShield Inc.
Applications of the Privacy Network
Nationwide Identity NetworkPatient-Centered Record/Attribute Discovery and Linking
HIPPA-Compliant Access Authorization and Sharing
Privacy Network
Buy Season Pass $19.99
Watch Ad-Free for $1.99
Watch Free with AdsWatch Free with Ads
Accept Privacy ProtectionShow Policies
The Privacy Network uses information about you to authorize access to content, protect you from identity theft, and to enforce privacy policies on the use of your information and files.
Cancel
explainFirst-time users must opt-in to privacy policies in order to access protected content (e.g. a football game).
Authorizes use of obfuscated data to:
• Authenticate user and verify attributes and relationships.
• Anonymously detect user devices. • Analyze activity to detect identity
theft & cyber-security fraud.• Locate and authorize access to user’s
records, accounts and digital media.• Enforce user-controlled security,
privacy and personalization policies.
• Identity theft protection with multi-factor authentication and identity proofing.
• User’s identity, personal data and activity hidden – no insider access by anyone.
• Personal information only revealed if authorized by user.
Privacy Network
Buy Season Pass $19.99
Watch Ad-Free for $1.99
Watch Free with AdsWatch Free with Ads
(1) first-time users enter any attribute (phone, email, etc.) that specifies their identity.
Commercial
Credit Bureaus
Phone RegistriesProfessional
Licensing
Marketing Profiles
DataAggregators
FraudAnalytics
Enterprise
HealthcareRecords
Security DirectoriesEmployer
HR
RetailerAffinity ProgramsSupply-
Chain
Insurance Databases
Banking Records`
CRM
ERP
Government
EducationRecords
Public Records DMV
RecordsState & Local
Records
IRSRecords
Social Security
Citizenship & Immigration
Healthcare
DataSources
(3) global virtual database of obfuscated data used to verifyuser’s identity, authorize accessand derive authentication options.
Accept Privacy ProtectionShow Policies Cancel
explain
Text my Cell Send me Email
your phone your email- or -
The Privacy Network does not recognize this device. To authorize access, please enter one of the following:
other optionsverify deviceverify device
(Y4t) rG2-Ua91xRs4Mw42dAkbaX3yPEq7Nm
(6) obfuscated log entries returned
(5) user authenticated, which in turn: • verifies identity, authorizes access • validates privacy protection opt-in• registers device to enable subsequent no-login access
no personal information revealed to anyone
y4s rG22fa9ixRs4Mw42dAkbaX3yPEq7Nm
phone
voice print
passwordAuthentication Services
device fingerprint
emailfingerprint
facialbiometric
(415) [email protected] 2335135
Trust Authorities
Y4t7rG25Ua91
(415) 265-3250
(2) attributes obfuscated and submitted to Trust Authorities.
(4) obfuscated authentication parameters passed to neutral authentication services.
• Global single-sign-on, anonymous identity proofing and attribute verification.
• Simple ‘no-click’ access, strong authentication without passwords.
• Anonymously matches users with their digital content, accounts and records.
• Eliminates identity theft and related cyber-security fraud.
Trusted Identity Network
Child
TeacherClinician
Colleague
FriendSpouse
any credential
or relationship
Privacy Network
anysocial media or
messaging clients any digital content
general health education banking children onlineMy Policies edit my polices Jonathan Hare cancel
people
devices
security
payments
advertising
messaging
privacy
general
Users and organizations can link policies directly to their content, and freely share it through standard messaging clients, social media apps and collaboration tools.
Content is encrypted end-to-end until recipient is authenticated and authorized, and not revealed to apps or websites used for sharing.
Enforces policies on verified identities and relationships of individual people, devices and services…
Harnessing HIPAA to enable (rather than block) access by patients and providers…
•Nationwide•High Assurance•On Demand•Vendor Neutral•Certified ComplianceRecords Discovery &
Access Authorization
Identity & HIPAATrust Authorities
Privacy Network
Informed Consent& Consumer Opt-In
• Enables nationwide patient record discovery and access. • Enforces HIPAA Patient Mandate
for patient requests, HIPAA Authorization for provider requests.
Payer
InfusionCenterOncology Medical
Home
Clinical Oncologist
Skilled NursingFacility
RadiationTreatment Center
HomeCaregiver
Primary Care Provider
Oncology Pathways Patient
EHR
provider portal
ClaimsRecords
EHRRecords
LabRecords
PharmacyRecords
GenomicDataPractice
Management
DeviceData
DemographicData
Pay-for-Value Metrics
Privacy Networkpopulation & practice metrics
personalized clinical decision supportpatient-centered coordination of care
records access & secure messaging
All-payer, all-patient, all-provider, all-purpose network
Providers
Data Sources
21 WebShield Inc.
Nationwide Secure Sharing, Compliance Verification and Attribute Discovery
Apps, Databases
Services Patient Data Identity &Compliance
DataProxy
DataProxy
Patient Records
Attributes
Metrics
Privacy Network
• Cloud-based verification of IT security and HIPAA compliance by neutral trust authorities. • Secure sharing with any organizations or individuals without requiring IT support. • Identity disambiguation across demographic identifiers, patient IDs, insurance IDs, etc. • Nationwide attribute discovery and patient-centered longitudinal record syndication.
Payers
Data SecurityEncryptionKey ManagementSecurity Directory
z
Data Sources
Nationwide Single-Sign-On User Authentication, Authorization & Compliance
Providers
Patient Data Identity &Compliance
DataProxy
DataProxy
UserProxy
IdentitySyndicate
TrustAuthorities
Privacy Network
• Links diverse single-sign-on and identity infrastructure into nationwide identity syndicate.• National scale attribute-based access control and dynamic user / attribute proofing. • Identity assurance and HIPAA compliance verified by neutral trust authorities.
Apps, DatabasesServices
Single Sign-OnOpenID Connect, OAuth2, SAML2, LDAP, etc.
Payers