Post on 15-Aug-2020
1
How to Innovate with Big Data Analytics While Maintaining Security and Privacy
1
Rob McDonald
EVP Platform, Virtru
DISCLAIMER: The views, opinions and images expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
Session BG4 March 9, 2020
2
EVP Platform, Virtru
Meet Our Speaker
Rob McDonald
Conflict of Interest
Rob McDonald, EVP Platform
Has no real or apparent conflicts of interest to report.
3
Agenda
• Big Data Opportunities and Obstacles
• Inventory of Current Landscape
• Security and Privacy: An opportunity to differentiate
• A Real World Reference Framework
• Use-Cases Today
4
Learning Objectives
• Describe how the expanding capabilities of big data analytics derives business value, fosters
innovation and collaboration, and formulates new insights
• Detail how these big data analytics are susceptible to manipulation and require a secure
analytic sandbox to protect the data and the analytics from security and privacy incidents
• Apply a framework to two very different examples to demonstrate the broad application
across a range of use cases
5
6
The Opportunities: Big Data Analytics in Healthcare
Big data is projected to grow faster in healthcare than
other verticals, reaching $68B by 2024, with core impact
across management, research, care, and cost-savings.
7
The Obstacles: Big Data Analytics in Healthcare
How is the data protected?
How are the algorithms protected?
Privacy and compliance
The path to unlocking more value from and faster iterations over big data is encumbered by privacy, transparency and compliance hurdles
8
A New Framework – Maintaining security and privacy to innovate with big data analytics
Create
Share
Store
Analyze
ActMaintaining full control of data being shared for analysis will result in faster outcomes and larger data population
9
Big Data and Healthcare:
The Evolving Landscape
10
Healthcare: A Top 3 Industry in Big Data Usage
Source: ScienceSoft,IDC/Dell EMC
11
Common Healthcare Use Cases for Big Data Analytics
Personalized Medicine
Reducing Costs
Optimal Staffing
Diagnostics & Error
reduction
Clinical Research
Optimization
Analyzing risk factors to inform early intervention
12
Genetic research & cures
Research & Analysis
Example: Opioid usage Example: Lung cancer
Chatbots for clinical assessments
13
Real-time alerting wearables
Personalized Health
Example: Online diagnosis Example: Diabetes management
Staffing and resource allocation
14
Real-time Information & Data Exchanges
Streamlined Management and Business Processes
Example: Predicting admission rates
Example: EHR data sharing
15
Healthcare Innovations: Bringing it all together
Revolutionizing Asthma Care:Combination of electronic health
records, big data, predictive analytics, and machine learning ->
personalized asthma management, expedited care, and
targeted treatments
“The Doctor will See You Now: How Machine Learning and Artificial Intelligence Can Extend Our Understanding and Treatment of Asthma,”
Amanda I. Messinger, MD, Gang Luo, PhD, Robin R. Deterding, MD
16
Petabytes of data now flowing through devices, applications, and platforms with the potential to revolutionize healthcare……
But what about the security and privacy of the data?
17
Security and Privacy:
Issues with data and algorithmic integrity
18
Healthcare Consistently Ranks Among Top Industries
Breached
Healthcare Breaches:
The number of records compromised keeps rising
19Source: HIPAA Journal
20
Types of Data Exposed in Healthcare Breaches
● 71% - sensitive demographic information or sensitive financial information, which placed 159 million individuals at risk of identity theft or financial fraud
● 66% - sensitive demographic information such as Social Security numbers
● 65% - general medical or clinical information● 35% - service or financial information● 16% - medical or clinical information without exposing sensitive
demographic or financial information● 76% - sensitive service and financial information such as credit card
numbers, affecting 49 million individuals● 2% - sensitive health information, affecting 2.4 million individuals
Source: Annals of Internal Medicine
21
Unregulated Data Sharing
Data sharing between apps and other organizations, including acquisitions
Hospitals sharing patient data with Big Tech
Genetic testing organizations sharing data
At a minimum: Questionably ethical data sharing
22
With the steady stream of breaches and data sharing
scandals, more regulations are likely on the horizon
23
But wait, there’s more! Focusing on the Algorithms
Algorithmic bias & research design
Algorithmic Integrity & Control
24
Ensuring Algorithmic Integrity Across the Data Lifecycle
Susceptible to source and training
data manipulationDirect algorithm modification
Lack of control and transparency
results in lack of trust
25
Big Data Analytics, Security, and Privacy:
A Framework to Have it All
26
Functional Requirements
Data Sharing
Curation & Analysis
Secure Storage
Access Controls
Interoperability
Full Audit of Entire Lifecycle
A data-centric approach
27
A New Framework – Maintaining security and privacy
to innovate with big data analytics
TDF Container Security
and Analytic Enclave
Secure Analytics Collaboration Environment
● Multiple Data Owners
● Protect Before Sharing
● Encrypted and Revocable
● Policy Set on Usage Rights
● Always Zero Knowledge
● Analytics Have Strong Identity
● Analytic Identity must be authorized
● Policy Set on Usage Rights
● Attribute based access to derived
output
● Original data owners can still
revoke at anytime
Full Audit of Entire Lifecycle
Analytic
Identity
Co
nta
ine
r
Analytic
Identity
Con
tain
er
Create
Share
Store
Analyze
Act
28
Full Data Lifecycle Protection with the Trusted Data
Format
To learn more: https://github.com/virtru/tdf3-spec
Trusted Data Object
manifest.json
Encrypted Payload (streamable)
Encryption Information
Integrity Information
Wrapped Keys
Signed Policy
Method
Assertion (Payload Metadata)
29
Differentiated Privacy and Security Controls
Persistent Control
Give Data owners confidence in
governance of their data after sharing.
Enable trusted analytics against the data
while maintaining visibility
Audit
Provide granular audited of the use of
your data
Revoke
Modify access over time, including
revocation
Derived Output Control
Allow configurable Control based on data
use agreements
Secure Analytics Collaboration Environment
30
From Theory to Reality:
Use Cases
31
Components of a Trusted Analytic Pipeline
Inputs
Virtru protects the inputs bywrapping them in the TDF. Allowingfor zero-trust data lake developmentand strong end-to-end control.
Algorithms
Algorithms are strongly identifiedwith attributes ensuring data ownertrust and protecting algorithmowners from IP exposure.
Output Models
Outputs are treated with the samepolicy as the inputs, ensuring early-bound protection and appropriateaccess control for sensitive outputs.
Full Audit of Entire Lifecycle
Zero Trust From Start
32
Privacy Preserving Capacity Planning
Problems● Limited reporting resulting in
reduced capacity planning during disaster
● Lack of trust of how the data is used● No common standard that allows
control at all times
Solution● Preparation of data with TDF before
submission● Strong identity of capacity planning
analytic● Tamper protection enforcing
cleartext is never allowed outside of Virtru secure analytic container
● Full audit and control by all data owners
TDF Policy Includes and Enforces:Data Owner + Analytic Identity + Derived Output Recipients
Analytic Container
Any Storage
Allowing For:Platform Agnostic Full Audit + Revocability At Any Time
33
Genetic Research in a Multi-Party World
Problems● High-Value Algorithm IP not being
shared, accessed or disclosed● Lack of trust of how the data is used● Lack of zero trust model for valuable
and sensitive model output● No common standard that allows
control at all times
Solution● Preparation of data with TDF before
submission● Strong identity of capacity planning
analytic● Tamper protection enforcing
cleartext is never allowed outside of Virtru secure analytic container
● Full audit and control by all data owners
TDF Policy Includes and Enforces:Data Owner + Analytic Identity + Derived Output Recipients
Analytic Container
Any Storage
Allowing For:Platform Agnostic Full Audit + Revocability At Any Time
Accelerating the promiseD
ata
Pro
vid
er(
s)
Alg
orith
m
Ow
ner(
s)
34
Security & Privacy as Enablers for
Healthcare Innovation
35
Checklist for Secure Innovation with Big Data Analytics
Data Sharing
while maintaining control and visibility
Secure Storage
with data-centric protection
Interoperability
without the need to trust all parties involved
Curation & Analysis
with full auditability and IP protection
Access Controls
at the data-level!
36
● Big data analytics – innovation through both security and privacy
Privacy Security
Big Data Analytics
Questions?
Rob McDonald
rob.mcdonald@virtru.com
37
Rob McDonald
rob.mcdonald@virtru.com
Click here to rate this sessionOr
Type the below URL in your browserhttps://himss.pswebsurvey.com/SE.asp?SID=BG4