© 2002 IBM Corporation
Extreme Blue - Start Something BIG
IBM Confidential | Summer 2003
Technical Interns:
Business Intern:
Mentors:
Sponsored by:
EBO:
Hippocratic Databases Demonstration (Screenshots)
Ameet Kini (UW-Madison, Ph’D ’05)Kristen LeFevre (UW-Madison, MS ’04)Diana Zhou (UW-Madison, MS ‘04)
Amy Wang (UCLA Anderson, MBA ’04)
Rakesh Agrawal, Phil Fritz, Calvin Powers, Yirong Xu
Arvind Krishna, Alan Lee (Tivoli), Harriet Pearson (CPO)
Business process integration, business transformation services, pervasive computing
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Hippocratic Databases
WHAT IS THE BUSINESS PROBLEM?Legal regulations requiring companies to protect personal identifiable informationLack of technology that enable efficient privacy enforcement and data handlingLoss in business revenue due to customer concerns about privacy
Dilution of brand imageAudit failuresCustomer lack of trust
WHAT IS THE PROPOSED SOLUTION?Database architecture supporting automatic enforcement of policiesPrivacy language that allows users to define preferences for data access and usageAdvanced querying capabilities that enforce corporate privacy policies and user preferences
Team: Ameet Kini (UW-Madison PhD ’05), Kristen LeFevre (UW-Madison MS ’04) Diana Zhou (UW-Madison MS ’04), Amy Wang (UCLA MBA ’04)Sponsors: Arvind Krishna & Alan Lee (Tivoli), Harriet Pearson (CPO)Mentors: Rakesh Agrawal & Yirong Xu (IBM Research), Phil Fritz & Calvin Powers (Tivoli), Harriet Pearson (CPO)
WHAT IS THE VALUE PROPOSITION?Increases performance and cost efficiency and minimize customization of applicationsIncreases trust and brand value by effectively managing consent informationEnhances business opportunities previously inhibited by privacy concernsKey market differentiator for IBM
DATABASE
Application DataRetrieval
PrivacyEnforcementJDBC Driver
User Data
User Preferences& Data Collection
NegotiationUser Preferences& Policy Matching
Installed Policy
Privacy Policy
Creation
InstallationEPAL Policy
Parser
Safeguarding Private Information -- Inevitable and Essential for all Corporations
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Hippocratic Databases NetCare Healthcare Business Scenario
•John Cane, Chief Privacy Officer, NetCare Healthcare•Jane Smith, New Patient, NetCare Healthcare•Dr. Young, Physician, NetCare Healthcare•Christine Jones, Lab Technician, NetCare Healthcare•Phil Crew, Drug Researcher, Innovative Drug Research
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Hippocratic Databases NetCare Healthcare Business Scenario
DATABASE
CorporatePolicy
Installation
John Cane, CPO installs corporate privacy policy
Jane’s Data(Personal/Medical
Records)
Jane, a new patient, defines her privacy preferences
Negotiation
Jane visits NetCare’s website to setup patient account
Jane submits her personal information
- Name, Address, SSN#, Email- Opt-in to sharing data for research- Opt-out of sharing full medicalrecords to lab technicians
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
HIPPOCRATIC DATABASESNetCare HealthcareDEMONSTRATION
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
This is the main page ofNetCare Healthcare’s website.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
John Cane, Chief Privacy Officer, NetCare Healthcare
John will install NetCare’s corporate privacy policy, which he wrote.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
John Cane, Chief Privacy Officer of NetCare, logs in to install privacy policy.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Let’s first view the text version of the NetCare’s privacy policy.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Now let’s view the XML format of the same privacy policy to be installed.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
NetCare’s privacy policy is savedinto the database to be used forsystematic privacy enforcement.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane Smith, New Prospective Patient, NetCare Healthcare
Jane will first define her own privacy preferences. Then she later creates a new patient account with NetCare Healthcare.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane specifies her own privacy preferences
Jane specifies her own privacy preferences for her sensitive information.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane selects her privacy preference by selecting the medium level of privacy protection.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane proceeds to create a new patient account.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
The matching process revealsthat one of Jane’s privacy preferences conflicts with NetCare’scorporate privacy policy.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane modifies her preferences
Jane decides to review her privacy preferences.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane now selects the setting for the low level of privacy, removing the preference that was previously in conflict.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane now creates her patient account and selects to share her medical information for research but not for lab work.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Jane’s patient account is created. Her personal information and privacy choices are saved to the database.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Christine Jones, Lab Technician
Three months later, Jane’s visits the doctor who prescribesa lab exam for Jane. When Jane goes to lab exam room,Christine, the lab technician, retrieves Jane’s patient information from the database.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Christine Jones, the lab technician logs in from the main website.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Let’s demonstrate Christine’s data retrieval for Jane’s record WITHOUT Hippocratic Database privacy enforcement.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
WITHOUT the Hippocratic Database privacy enforcement, Jane’s entire record appears. This does not respect her privacy choices.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Now let’s demonstrate Christine’s data retrieval for Jane’s record WITH Hippocratic Database privacy enforcement.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Now WITH the Hippocratic Database privacy enforcement, only the relevantdata for the lab technician and for the purpose of lab work appears.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Phil Crew, Drug Researcher, Innovative Drug Research
Phil will retrieve patient records from the database to find thosepeople who may benefit from the company’s drug research.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Phil Crew, the drug researcher, logs in to retrieve data from the database.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Let’s demonstrate Phil’s data retrieval for all patient records WITHOUT Hippocratic Database privacy enforcement.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
WITHOUT the Hippocratic Database privacy enforcement, full patient records for all patients appear withoutrespecting privacy preferences or the corporate privacy policy.
© 2002 IBM Corporation
Extreme Blue - Start Something BIG
IBM Confidential | Summer 2003
Technical Interns:
Business Intern:
Mentors:
Sponsored by:
EBO:
Let’s demonstrate Phil’s data retrieval for all patient records WITH Hippocratic Database privacy enforcement.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
Now WITH the Hippocratic Database privacy enforcement, only the data of those who agreed to share information fordrug research purposes appears. Also, privacy enforcement is performed at a granular, cell level.
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
More efficient than competing privacy solutions.
Increase customer trustand business opportunities
Help mitigate legal risks
Minimal modification ofexisting applications
Value Proposition
Extreme Blue: Start Something BIG
2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation
e-businessapplication
“Data Subject”
SubmitsPersonal Info.
AccessesPersonal Info.
“Data User”
Privacy Manager®
Near Term Channel to MarketHippocratic Database and Tivoli Privacy Manager
Audit ManagementReport Generation
HippocraticDatabase
Privacy Enforcement
Policy Creator/Editor
IBM’s PrivacyManagement Solution