1

How to Innovate with Big Data Analytics While Maintaining Security and Privacy

1

Rob McDonald

EVP Platform, Virtru

DISCLAIMER: The views, opinions and images expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.

Session BG4 March 9, 2020

2

EVP Platform, Virtru

Meet Our Speaker

Rob McDonald

Conflict of Interest

Rob McDonald, EVP Platform

Has no real or apparent conflicts of interest to report.

3

Agenda

• Big Data Opportunities and Obstacles

• Inventory of Current Landscape

• Security and Privacy: An opportunity to differentiate

• A Real World Reference Framework

• Use-Cases Today

4

Learning Objectives

• Describe how the expanding capabilities of big data analytics derives business value, fosters

innovation and collaboration, and formulates new insights

• Detail how these big data analytics are susceptible to manipulation and require a secure

analytic sandbox to protect the data and the analytics from security and privacy incidents

• Apply a framework to two very different examples to demonstrate the broad application

across a range of use cases

5

6

The Opportunities: Big Data Analytics in Healthcare

Big data is projected to grow faster in healthcare than

other verticals, reaching $68B by 2024, with core impact

across management, research, care, and cost-savings.

7

The Obstacles: Big Data Analytics in Healthcare

How is the data protected?

How are the algorithms protected?

Privacy and compliance

The path to unlocking more value from and faster iterations over big data is encumbered by privacy, transparency and compliance hurdles

8

A New Framework – Maintaining security and privacy to innovate with big data analytics

Create

Share

Store

Analyze

ActMaintaining full control of data being shared for analysis will result in faster outcomes and larger data population

9

Big Data and Healthcare:

The Evolving Landscape

10

Healthcare: A Top 3 Industry in Big Data Usage

Source: ScienceSoft,IDC/Dell EMC

11

Common Healthcare Use Cases for Big Data Analytics

Personalized Medicine

Reducing Costs

Optimal Staffing

Diagnostics & Error

reduction

Clinical Research

Optimization

Analyzing risk factors to inform early intervention

12

Genetic research & cures

Research & Analysis

Example: Opioid usage Example: Lung cancer

Chatbots for clinical assessments

13

Real-time alerting wearables

Personalized Health

Example: Online diagnosis Example: Diabetes management

Staffing and resource allocation

14

Real-time Information & Data Exchanges

Streamlined Management and Business Processes

Example: Predicting admission rates

Example: EHR data sharing

15

Healthcare Innovations: Bringing it all together

Revolutionizing Asthma Care:Combination of electronic health

records, big data, predictive analytics, and machine learning ->

personalized asthma management, expedited care, and

targeted treatments

“The Doctor will See You Now: How Machine Learning and Artificial Intelligence Can Extend Our Understanding and Treatment of Asthma,”

Amanda I. Messinger, MD, Gang Luo, PhD, Robin R. Deterding, MD

16

Petabytes of data now flowing through devices, applications, and platforms with the potential to revolutionize healthcare……

But what about the security and privacy of the data?

17

Security and Privacy:

Issues with data and algorithmic integrity

18

Healthcare Consistently Ranks Among Top Industries

Breached

Healthcare Breaches:

The number of records compromised keeps rising

19Source: HIPAA Journal

20

Types of Data Exposed in Healthcare Breaches

● 71% - sensitive demographic information or sensitive financial information, which placed 159 million individuals at risk of identity theft or financial fraud

● 66% - sensitive demographic information such as Social Security numbers

● 65% - general medical or clinical information● 35% - service or financial information● 16% - medical or clinical information without exposing sensitive

demographic or financial information● 76% - sensitive service and financial information such as credit card

numbers, affecting 49 million individuals● 2% - sensitive health information, affecting 2.4 million individuals

Source: Annals of Internal Medicine

21

Unregulated Data Sharing

Data sharing between apps and other organizations, including acquisitions

Hospitals sharing patient data with Big Tech

Genetic testing organizations sharing data

At a minimum: Questionably ethical data sharing

22

With the steady stream of breaches and data sharing

scandals, more regulations are likely on the horizon

23

But wait, there’s more! Focusing on the Algorithms

Algorithmic bias & research design

Algorithmic Integrity & Control

24

Ensuring Algorithmic Integrity Across the Data Lifecycle

Susceptible to source and training

data manipulationDirect algorithm modification

Lack of control and transparency

results in lack of trust

25

Big Data Analytics, Security, and Privacy:

A Framework to Have it All

26

Functional Requirements

Data Sharing

Curation & Analysis

Secure Storage

Access Controls

Interoperability

Full Audit of Entire Lifecycle

A data-centric approach

27

A New Framework – Maintaining security and privacy

to innovate with big data analytics

TDF Container Security

and Analytic Enclave

Secure Analytics Collaboration Environment

● Multiple Data Owners

● Protect Before Sharing

● Encrypted and Revocable

● Policy Set on Usage Rights

● Always Zero Knowledge

● Analytics Have Strong Identity

● Analytic Identity must be authorized

● Policy Set on Usage Rights

● Attribute based access to derived

output

● Original data owners can still

revoke at anytime

Full Audit of Entire Lifecycle

Analytic

Identity

Co

nta

ine

r

Analytic

Identity

Con

tain

er

Create

Share

Store

Analyze

Act

28

Full Data Lifecycle Protection with the Trusted Data

Format

To learn more: https://github.com/virtru/tdf3-spec

Trusted Data Object

manifest.json

Encrypted Payload (streamable)

Encryption Information

Integrity Information

Wrapped Keys

Signed Policy

Method

Assertion (Payload Metadata)

29

Differentiated Privacy and Security Controls

Persistent Control

Give Data owners confidence in

governance of their data after sharing.

Enable trusted analytics against the data

while maintaining visibility

Audit

Provide granular audited of the use of

your data

Revoke

Modify access over time, including

revocation

Derived Output Control

Allow configurable Control based on data

use agreements

Secure Analytics Collaboration Environment

30

From Theory to Reality:

Use Cases

31

Components of a Trusted Analytic Pipeline

Inputs

Virtru protects the inputs bywrapping them in the TDF. Allowingfor zero-trust data lake developmentand strong end-to-end control.

Algorithms

Algorithms are strongly identifiedwith attributes ensuring data ownertrust and protecting algorithmowners from IP exposure.

Output Models

Outputs are treated with the samepolicy as the inputs, ensuring early-bound protection and appropriateaccess control for sensitive outputs.

Full Audit of Entire Lifecycle

Zero Trust From Start

32

Privacy Preserving Capacity Planning

Problems● Limited reporting resulting in

reduced capacity planning during disaster

● Lack of trust of how the data is used● No common standard that allows

control at all times

Solution● Preparation of data with TDF before

submission● Strong identity of capacity planning

analytic● Tamper protection enforcing

cleartext is never allowed outside of Virtru secure analytic container

● Full audit and control by all data owners

TDF Policy Includes and Enforces:Data Owner + Analytic Identity + Derived Output Recipients

Analytic Container

Any Storage

Allowing For:Platform Agnostic Full Audit + Revocability At Any Time

33

Genetic Research in a Multi-Party World

Problems● High-Value Algorithm IP not being

shared, accessed or disclosed● Lack of trust of how the data is used● Lack of zero trust model for valuable

and sensitive model output● No common standard that allows

control at all times

Solution● Preparation of data with TDF before

submission● Strong identity of capacity planning

analytic● Tamper protection enforcing

cleartext is never allowed outside of Virtru secure analytic container

● Full audit and control by all data owners

TDF Policy Includes and Enforces:Data Owner + Analytic Identity + Derived Output Recipients

Analytic Container

Any Storage

Allowing For:Platform Agnostic Full Audit + Revocability At Any Time

Accelerating the promiseD

ata

Pro

vid

er(

s)

Alg

orith

m

Ow

ner(

s)

34

Security & Privacy as Enablers for

Healthcare Innovation

35

Checklist for Secure Innovation with Big Data Analytics

Data Sharing

while maintaining control and visibility

Secure Storage

with data-centric protection

Interoperability

without the need to trust all parties involved

Curation & Analysis

with full auditability and IP protection

Access Controls

at the data-level!

36

● Big data analytics – innovation through both security and privacy

Privacy Security

Big Data Analytics

Questions?

Rob McDonald

rob.mcdonald@virtru.com

37

Rob McDonald

rob.mcdonald@virtru.com

Click here to rate this sessionOr

Type the below URL in your browserhttps://himss.pswebsurvey.com/SE.asp?SID=BG4