Privacy Analytics Launches Tool to Help Identify and Manage Data Privacy Risks

Share Article

Risk Monitor software provides risk assessment and threat modeling capabilities to improve data governance and ensure privacy compliance as demand for ‘Big Data’ sharing increases

"Organizations in healthcare, insurance, financial services and other industries are seeking to maximize the usefulness and value of their data assets for analysis to derive new insights, discover new opportunities and improve the bottom line."

Privacy Analytics Inc. announced today the release of Risk Monitor, a privacy risk assessment tool that gives organizations the ability to identify, measure and manage the level of risk exposure associated with their data sharing practices.

Built by experts in the field of privacy risk, Risk Monitor identifies potential gaps in existing data masking and de-identification practices. Risk Monitor helps organizations balance privacy compliance with the increasing demand to share high quality data, both internally and externally, for secondary purposes such as research, analytics, quality and safety measurement, monetization, marketing and other commercial uses.

Risk Monitor uses peer-reviewed algorithms and methodologies to assess the current level of risk for exposing protected health information (PHI) or personally identifiable information (PII) to potential re-identification based on the context and intended use of each shared data set. It provides important feedback on current de-identification and masking strategies, benchmarks risk for specific datasets and helps improve privacy governance.

“Organizations in healthcare, insurance, financial services and other industries are seeking to maximize the usefulness and value of their data assets for analysis to derive new insights, discover new opportunities and improve the bottom line,” said Pamela Neely Buffone, Vice President of Product Management, Privacy Analytics. “When that data contains information that could be used to identify an individual, it is imperative that responsible privacy measures are in place to ensure the highest level of compliance and the lowest possible levels of legal, financial and reputational risk to the organization.”

Privacy Analytics is the first and only provider of risk-based de-identification software that safeguards and enables the use of patient and consumer data for secondary purposes. Risk Monitor provides three important functions designed to help organizations minimize the inherent risks associated with sharing data for secondary purposes:

  •     Reporting

Visibility for executive management and privacy officers into risk exposure and the cost of a potential data breach

  •     Risk Contribution Analysis

Companies can continually monitor and measure privacy risk by identifying data items that drive that risk. By receiving assurance that risk is being managed – even as the data sharing environment and context changes – appropriate actions can be taken to safeguard data to avoid disclosing information that could be re-identified.

  •     Threat Scenario Modeling

Organizations can understand how different risk variables and threat scenarios impact the probability of re-identification if there is a data breach.

Risk Monitor gives organizations the ability and confidence to effectively integrate and share sensitive data by assuring compliance with privacy regulations such as HIPAA and the EU Data Protection Directive 95/46/EC and adherence to globally accepted data sharing standards and guidelines, including those from the Institute of Medicine (IOM), Health Information Trust Alliance (HITRUST), PhUSE, and the Council of Canadian Academies.

“Having access to a proven, evidence-based method for assessing privacy risk allows us to work objectively and transparently with researchers to meet required privacy thresholds while still providing useful data,” said Dr. Ann Sprague, Scientific Manager, with the Better Outcomes Registry Network (BORN). “It’s insurance that we are not going to inadvertently disclose information that we shouldn’t.”

BORN, one of Canada’s largest registries integrating information on pregnancy, births, newborn care and screenings, considers the risk-based assessment approach an essential first step to sharing their highly sensitive data with researchers seeking to improve health care for mothers, newborns and children.

Risk Monitor, architected on Apache Spark, is database agnostic, highly scalable and able to handle the next-generation of Big Data analytic demands. Its web application is designed to run on in-house servers and features a browser-based user interface. Risk Monitor includes a de-identification component but also works as a compliment to the many data masking techniques currently used by organizations that take a do-it-yourself approach.

“The reality is that responsibly sharing data for secondary use is inherently a risk management exercise that every organization should be undertaking. But many are not,” said Neely Buffone. “We’ve taken years of research and know-how from operating in the most restrictive data compliance environments and created an easy to use tool that identifies the privacy risks organizations need to be aware of so they can start to effectively manage those risks. It is the only product of its kind on the market.”

About Privacy Analytics

Privacy Analytics (http://www.privacy-analytics.com) allows healthcare organizations to quickly and easily apply a risk-based responsible de-identification methodology that ensures individual privacy and legal compliance. Privacy Analytics is the only company to offer expert training, software, peer-reviewed methodology and valued-added services that protect the privacy of individuals while allowing organizations to share data for secondary purposes. Privacy Analytics customers represent half of Fortune 50 healthcare companies. Privacy Analytics’ software is compliant with regulations and globally accepted standards and guidelines, including those from the Institute of Medicine (IOM), Health Information Trust Alliance (HITRUST), PhUSE, the Council of Canadian Academies, as well as HIPAA and the EU Data Protection Directive 95/46/EC.
###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Paula Kibbe
Conover + Gould Strategic Communications
+1 (508) 930-5434
Email >
Visit website