Five Essential Principles of Health Data Privacy and Security: Skyflow’s Privacy-Preserving Covid Solution

The first major pandemic of the digital age has driven healthcare researchers, policy makers, and practitioners to look to digital solutions to assist in disease prevention and treatment. Because these solutions often handle sensitive personal identity and protected health information, it is essential they properly ensure privacy, manage consent for data sharing, and protect against breaches and misuse.

This blog post outlines five essential principles of data privacy and security, using Skyflow’s Covid test results solution and recent incidents reported in the media to illustrate the key points. However, these principles are broadly applicable to any digital solution that handles healthcare or other sensitive data.

Overview

The ability to conduct rapid Covid-19 testing at home is critical to safely reopen the economy. Testing everyone often can help identify people with SARS-CoV-2, even if they are asymptomatic, and limit the spread of the infection. As more tests move from labs to the home, it's important for public health officials to maintain result visibility to better understand and respond to the spread of the pandemic.

Any at-home test reporting solution needs to put patient privacy front and center. Without strong privacy controls, customers might hesitate to use tests with reporting requirements. Gaining the trust of the consumer is critical for broad adopting of any reporting solution.

Companies like Apple and Google have adopted techniques to meet public health goals in a privacy-preserving manner, as demonstrated by their contact tracing solutions. A similar outcome can be achieved for at-home test reporting by implementing the following data governance principles.

Principle 1: Data should never be shared without user consent

Recent incident: In 2018, Memorial Sloan Kettering shared millions of patient tissue slide records with technology startup Paige. AI without obtaining the consent of the patients whose data was shared. In our current data sharing climate, a stronger armor that integrates governance with technology is needed to protect patient data.

Source: NYT Article: Sloan Kettering’s Cozy Startup Deal Ignites an Uproar

How to achieve this:

  • Provide users complete transparency into what data is being shared, with whom, and for what purpose
  • Only share data after obtaining explicit consent from users
  • Allow users to delete their data at any time

How Skyflow approaches this:

  • Skyflow only shares completely anonymized data with the federal government. Only a patient’s test result (negative or positive) and zip code will be shared.
  • If a state or county needs more specific data, such as a user’s name, Skyflow asks for that user’s explicit consent before sharing the additional data.
  • Skyflow allows users to completely erase all of their data at any time.

Principle 2: Data should never be shared with unauthorized parties

Recent incident: In 2015, the nation’s biggest insurer was targeted by hackers where more than 80 million patient records, which included PII, were stolen and accessed. Additionally, the lack of organizational controls and access has led to a growth in patient information being sold on the dark web and unintended secondary data use by third-party organizations.  

Source: NYT Article: Anthem Hacking Points to Vulnerabilities

How to achieve this:

  • Strictly adhere to data sharing policies outlined at the federal, state, and county levels
  • Ensure that government entities only receive the data fields that are essential for them to effectively fight the pandemic

How Skyflow accomplishes this:

  • All federal, state, and county level policies are codified and integrated into Skyflow’s data sharing workflow, guaranteeing that each government entity receives only the minimum data required for it to carry out its function. For example, Skyflow will share only anonymized test data with federal health officials. This means that the federal government will only have access to your test result and zip code.
  • For states and counties that need more specific information, Skyflow will share that data only if users explicitly consent to the data being shared.

Principle 3: Data should never be used beyond its stated purpose, even by authorized parties

Recent incident: In light of privacy concerns around Covid-19 contact tracing apps, the Singapore government originally claimed that only a limited team of professionals would have access to test data collected by these apps. However, the government recently went back on its word and gave law enforcement officials access to the data to use in criminal proceedings.

Source: ZDNet Article: Singapore police can access Covid-19 contact tracing data for criminal investigations

How to achieve this:

  • Use access control mechanisms to govern who can access which data
  • Routinely audit data usage to ensure its being used appropriately

How Skyflow accomplishes this:

  • Skyflow enforces granular, policy-based access controls allowing you to dictate who gets access to the data, from where, at what time, and for how long.
  • Skyflow provides a detailed audit log which records who accessed which data and for what purpose.

Principle 4: It should not be possible to trace data back to an individual

Recent incident: In 2019, a highly publicized case hearing between Google and University of Chicago highlighted a partnership that overlooked patient consent.  Both organizations agreed on a partnership in 2017 to improve predictive analysis in medicine but were sued by a patient of University of Chicago Medical Center on grounds that patient information collected and shared wasn’t de-identified (as it included location data) and patient consent was never obtained.

Source: NYT Article: Google and The University of Chicago are Sued over Data Sharing & NPJ Digital Medicine Journal: Scalable & Accurate Deep Learning with Electronic Health Records

How to prevent this:

  • Ensure all personally identifiable information is removed from testing data that is shared with the federal government.
  • Note, “personally identifiable information”  includes not just direct identifiers like your name, but also data that could be used in conjunction with other information to identify you, such as your date of birth.

How Skyflow accomplishes this:

  • Skyflow's privacy preserving technology anonymizes and de-identifies test data. For instance, details like your name and phone number are redacted. The only information shared with the federal government is your zip code and test results.

Principle 5: Standard security measures should be taken to protect against breaches

Recent incident: Most recently, Magellan Health suffered a data breach compromising information on over 300K patients. The data breach was carried out by hackers who used malware to obtain unauthorized access to a server containing sensitive data.

Source: HealthITSecurity Article: Magellan Health Data Breach

How to prevent this:

  • Keep test data encrypted (reference: benefits of strong encryption)
  • Ensure that you’re compliant with security standards like HIPAA and NIST
  • Deploy zero trust security infrastructure to protect against internal and external threat agents

How Skyflow accomplishes this:

  • Skyflow stores test data in an isolated, highly secure data privacy vault. This vault keeps data encrypted at rest, in-transit, and during processing. The consistent use of encryption keeps data secure even in the event of a hack or a data breach.
  • Skyflow is HIPAA compliant and follows NIST security standards.
  • Skyflow is designed around a zero trust framework. This means that Skyflow’s technology assumes that any actor, including the government, could be compromised, and thus protects against such scenarios.