As the amount of health data in the world increases, so do the privacy needs that must be addressed in order to generate insights from it. However, rapidly evolving rules complicate the compliance process, making world-class privacy expertise essential to maximizing data utility.
Privacy Hub by Datavant has the largest team of data scientists and statisticians in the HIPAA Expert Determination industry. We performed more than one thousand HIPAA Expert Determinations combined.
In this series of interviews, our industry-leading Privacy Experts expound on what their experience with HIPAA Expert Determination has taught them about compliance and the future of health data privacy as a whole.
Patrick Baier, HIPAA Privacy Expert at Privacy Hub, marks the second interview of the series.
An Expert’s Path to Privacy
What is your health data privacy background, and what attracted you to the field?
Introduction to HIPAA Expert Determination Through Leading Expert Fritz Scheuren
By education, I’m a pure mathematician. I studied differential and algebraic geometry, graduating from Oxford with a Ph.D. in Mathematics. I got into privacy through a mentor and colleague, Dr. Fritz Scheuren, a leading statistician who did some of the very early HIPAA Expert Determinations. In 2002, he brought me on board to work with him on statistical disclosure risk analyses, and I gradually acquired much of the HIPAA Expert Determination business. Over time, Fritz turned to other areas of work, and I eventually ended up founding my own company and completing Expert Determinations under it until 2022, when I joined Privacy Hub by Datavant.
But I’ve always had a huge interest in privacy. What fascinated me personally was that I could look at the topic from two very different but nevertheless connected points of view—namely, the statistical disclosure limitation for HIPAA de-identification requirements but also the cryptographic aspect of encryption, secure linkage, and data security. HIPAA was a rare area where those two subjects I already found interesting actually came together.
Learnings From Two Decades Working on HIPAA Expert Determinations
In my twenty years of HIPAA work, I’ve come to realize that privacy is much more multifaceted than one might initially appreciate. There’s no one-size-fits-all approach. You really need to work on each project from many, many different angles: the technological side of encryption, the statistical side of running the analyses, the policy side of training team members and establishing best practices, the legal side of having the right data use agreements, etc. Especially now that data is so often linked and shared and exchanged, it may be very difficult and complex to actually fully understand all the possible attack vectors that could threaten patient privacy. One needs to have experience in order to manage the challenges of performing a HIPAA Expert Determination. But, in order to properly minimize risk, one also needs to educate the users of the data.
Privacy Hub’s Value
How do you see Privacy Hub by Datavant’s offerings being unique from the rest of the market?
Three HIPAA Expert Determination Approaches Come Together
Privacy Hub by Datavant has a great technical setup, and I’d say we’re unique in that we brought three companies together. Given that Privacy Hub is the result of the acquisition of three established Expert Determination providers, we have a very broad range of experience in our team. There’s great value in having three organizations that have worked independently for a long time finally come together and bring their respective experiences to one another. We all came in with different methods of running the tests, and it turns out that those approaches were not contradictory. Our particular processes were—to a reasonable extent—overlapping, but they were not identical, so we could complement each other. By coming together, we could take the best insights from each company and share them with one another, optimizing the overall HIPAA Expert Determination methodology for Privacy Hub. It is an example of the whole being greater than the sum of its constituent parts.
Applying Technology to the HIPAA Expert Determination Process
It’s also important to note that our team invests continuously in designing ways of accelerating our processes while maximizing quality. One of our main interests is in applying technology to the HIPAA Expert Determination process.
Technology helps expedite the mechanical tasks of the Expert Determination, allowing the expert to concentrate on the elements that require human insight and a full understanding of the nature of the project. Technical tasks—such as running certain tests, analyzing layouts, doing frequency distributions, calculating statistics, cleaning up data, and creating tables—can be greatly accelerated by technology; meanwhile, the experts’ time can be spent on determining what is the right test run in the first place, what are the right contractual controls, what is the appropriate review period, etc. In addition, there can be more focus on development and refinement of methods rather than solely on the application of them, enabling faster improvement and innovation.
A Look Ahead
Which areas of health data privacy do you foresee expanding or evolving?
I predict that there will be several changes and developments in the health data privacy sphere in the future. One interesting area is the emerging market for synthetic data, which could be very successful for a limited number of applications. To give an example, synthetic data is a great way to derive insights about sensitive data when the real data isn’t available or easy to access. It can also be a useful way to facilitate feasibility assessments for projects prior to investing efforts or resources in attempting to obtain the real data.
Additionally, my sense is that there will be an increasing drive to connect traditional claims and EHR hospital data to both health data and non-health data, such as social determinants of health, consumer data, financial data, and lifestyle data. This, of course, would come with significant privacy challenges, because it’s particularly difficult to connect health data to external sources in a privacy-preserving manner.
Overall, any upcoming complication in the health data privacy world would only underscore the value of a team of Privacy Experts that’s consistently investing in research and refinement of their HIPAA Expert Determination and overall privacy-preserving methodologies.
Privacy Hub by Datavant
Privacy Hub by Datavant is the leader in privacy preservation of health data, offering independent HIPAA de-identification analyses and Expert Determinations as well as advanced technologies and solutions to improve the quality, speed, and verifiability of the compliance process.
Learn about how Privacy Hub can address all your evolving privacy needs.
Senior Data Scientist, Anca Ionescu, discusses how Datavant employs tailored privacy techniques for various data types and use cases.
Senior Data Scientist, Fran Lane, discusses how Privacy Hub continuously moves toward a holistic solution to preserve health data privacy.
.svg)
