At IPM.ai we believe that the new and powerful tools of Artificial Intelligence and Big Data have opened up exciting new opportunities in the field of health care. The ability to speed decision-making and assist in areas such as diagnosing rare diseases, pinpointing patient journey progression and identifying patients at high risk of non-adherence can have a profound effect on both the quality of life of patients and improvements in the effectiveness of healthcare delivery.
However protecting privacy in the online world has always been a challenge, and a challenge that online companies have all too often failed to take with the appropriate level of seriousness. When it comes to your health data, the legal and ethical concerns are immensely magnified, and the level of commitment must be absolute and ineradicable.
This is just the commitment we made when we founded IPM.ai. Not just to meet the letter of the law, but to go well beyond and create a systemic approach to privacy where the very architecture of the solution ensures that health information can never be associated with identified individuals, i.e., that there is no Protected Health Information (PHI) in the system, ever.
Traditional methods for de-identifying health data are based on fuzzing (removing and/or redacting) source data. The traditional approach to determine whether de-identified health data is HIPAA compliant relies on an expert determination of the possibility of re-identifying individuals in the fuzzed data. While, until now, this approach has been considered best in class, it raises a number of privacy, compliance and business issues:
- Was the data set recertified when additional data records (depth) was added?
- Was the data set recertified every time a new data table or column (breadth) was added?
- Has the fuzzing removed or redacted so much information that the quality of decisions based on the data set is compromised?
- If the data set is used for more than one use case, how can a one-size-fits-all fuzzing strategy be equally effective for all use cases?
This classical approach creates a long list of potential pitfalls, chief among which is the tension between more privacy (more data fuzzing) and high-quality decision making (less data fuzzing). This unfortunate tension is inevitable with one-size-fits-all data fuzzing. In addition, recertification is time consuming, expensive, and, in theory, should be fairly constant for those continuing to integrate more and more data at the patient level.
The fundamental question becomes: how much “new” data triggers the need for recertification? And, of course, the ultimate safety of the data depends on the expertise of the person attempting the re-identification. Unfortunately, as techniques, technological advancements, and rewards increase over time, today’s privacy protections may not stand up to tomorrow’s privacy pirates.
We founded IPM.ai on the belief that innovation can address all these concerns. We chose a contrarian view that more privacy can lead to better business decisions. We imagined a solution that protected patients by preventing re-identification in all cases, systematically and by default, while avoiding the pitfalls of one-size-fits-all data fuzzing. We sought to create a system where 1st and 3rd party client data could easily be imported to improve modeling, without the need of ongoing recertification, and without adding any risk of potential re-identification – a system that would withstand the test of time and improvements in computing and AI technology.
We are proud to say that all of these goals have been achieved with our patent pending prAIvacy architecture. To our knowledge, IPM.ai is the first company whose HIPAA certification is based not on a specific data set but, rather, a fundamental architecture that automatically ensures HIPAA compliance regardless of the breadth & depth of data being processed. The IPM.ai prAIvacy architecture enables the generation of an infinite set of analytics and model outputs, without introducing re-identification and/or HIPAA compliance risks and without compromising decision making by one-size-fits-all data fuzzing.
Fundamentally, this positions IPM.ai and our clients at the forefront of patient privacy as we ensure HIPAA compliance without the risks associated with not seeking recertification every time data changes. prAIvacy provides not only the ultimate in AI modeling flexibility, and the greatest possible freedom to ingest client/custom data, but, most importantly, the ultimate safeguards for security and privacy.
At IPM.ai we take privacy so seriously we designed it into the very core of our system. We invite you to learn more by contacting us at [email protected].