We know how important your privacy is. Our Health Data Platform (HDP) is designed to store all your health data, test results, fitness data, and more in complete safety. It uses all this information to create health insights, to provide your health timeline, and to power new research. Here, we explain some of the ways in which we keep your information safe.
Personal vs health information
Health information in the US is protected under HIPAA (the Health Insurance Portability and Accountability Act). HIPAA divides health information into three types:
- Personal Identifying Information or PII is anything that can identify you as an individual. Any reputable company will try to protect this information.
- Protected Health Information or PHI is any health data that is able to be directly linked to you. This data receives special protections under HIPAA.
- De-identified health data is any health data that has had all the PII identifiers removed. This data can be freely shared for research purposes.
A simple example of PHI vs PII
Let’s look at an example to see how this works. John Smith has gone for a chest x-ray as part of his regular annual medical exam. The x-ray machine prints his name and date of birth at the bottom of the image along with a unique identifier. These fields would allow you to identify John, so they count as PII. Because they are part of the x-ray, the image itself counts as PHI. However, if those identifying details are removed, then this image counts as de-identified health data.
Securing your data
We take data security very seriously and have built our HDP according to best current practices. We use the following technologies to keep the data safe:
- Strong encryption. Our HDP applies state-of-the-art encryption at the database level. That means that each type of data in our platform is encrypted with a different key. Our cloud provider encrypts all discs at the hardware level, ensuring the data is safe if any disc was stolen.
- Pseudonymization. We store all PII and PHI in separate databases, and link it via a randomly assigned pseudonym. This makes it harder for a hacker to access the full data if they do manage to access the system.
- Access control. We enforce role-based and permissions-based access control. This ensures that only authorized members of staff have access to the PII or PHI. Of course, users have access to their own data, but they are unable to access anyone else’s data.
- Event logging. We store a log for every time something happens that affects the data or the list of authorized users. This allows us to track everything that happens within our system. If there was a future data breach, we could see exactly which data was put at risk.
Other ways we protect the data
As well as the controls above, we also have robust company policies that help to protect your information. These are strictly enforced by the management team. The key policies include:
- Compulsory training: Every employee and contractor is obliged to complete HIPAA security training each year.
- Securing workstations. All workstations (laptops, etc.) are secured and must be locked with a password if they are left unattended.
- No copying of data. We have strict rules about not copying PII or PHI within our system.
- No use of public WiFi. Employees with access to PHI or PII are not allowed to use any public WiFi hotspots.
In addition to all this, we constantly monitor our system for potential vulnerabilities. When we are informed of "zero-day” threats, we immediately patch our systems.
If you want to learn more about our HDP and how we help firefighters, you can download our PDFs. Or reach out to our sales team: info@DiagnoseEarly.com