Here are some questions that we get all the time:
Q: What is it exactly that your solution offers?
A: Healthcare providers have data flowing around their network. These providers allow Bionymity to capture this data in real time, de-identify and pseudonymize this data and send it to our cloud-based database. Then, we make this data available to researchers, public health stakeholders and other interested parties.
Q: What do you mean de-identify the data?
A: Before healthcare data can be used for research purposes, anything that can identify the patient needs to be removed or altered. Specifically, there are some markers that need to be removed or altered for the data to not be subject to the HIPAA Privacy Rule. Here is what we remove or alter:
Q: What does it mean to pseudonymize the data?
A: Each provider has their own Bionymity Provider Appliance (BPA) onsite de-identifying data and sending it to Bionymity's database. Despite the fact that these appliances don't talk to each, either directly or though Bionymity's network, they will each create the same "fake name" when the same individual (e.g. John Doe) visits that healthcare provider. This feature of the Bionymity Provider Appliance allows us to correlate data for the same patient from multiple healthcare providers.
Q: What good is the data if you take out all those items?
A: All of the clinical data is still there; medicines (prescribed or given), lab results, procedures, chief complaints, diagnoses, allergies, and much, much more.
Q: Well, what good is finding patients who meet the eligibility requirements for clinical trials if we don't know who they are?
A: Though you don't know who they are (nor do we), we embed a "re-identifier" that only the original healthcare provider can use to re-identify the patient. So, you find the eligible patients and tag them, then our system sends the re-identifier back to the provider so they know who they are.
Q: Is your system secure?
A: Absolutely. Though data is passing through the Bionymity Provider Appliance at each provider's site, no data is stored on the appliance. They are just used to de-identify and pseudonymize the data before the data is sent to us. Before the data leaves the healthcare provider, all of the personal information has been removed. Even though there is no personal data in our database, we protect our data from unauthorized access using the best methods available just like any other company.