Bionymity’s solution combines real-time, anonymous analytics with an intuitive search interface and study participant selection platform. By presenting completely de-identified data, we can allow our clients to search through unprecedented amounts of data while satisfying the strictest mandated privacy guidelines.
Protecting Patient Privacy is Paramount
Bionymity uses two different kinds of encryption, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) and Advanced Encryption Standard (AES). We also use a hashing algorithm called SHA.
RSA is a form of public key encryption that allows you to give out your public key and let anyone encrypt data for you, but only your private key (one you keep secret) can decrypt that data. Even though we encrypt and decrypt on the same device, RSA benefits us by allowing us to piggy back on the RSA based certificate trust hierarchy (like SSL certificates), and it allows us to digitally sign each message to verify its source (we can use it as an authentication mechanism). We use 2048 bit keys for our RSA encryption, which the US Government thinks will be secure until about 2030, and included it in FIPS 140-2 standards.
AES is a very secure but much simpler (and faster) type of encryption that doesn’t have the key sharing features. AES also has some benefits that are important to us, like smaller block sizes (32 bytes vs. RSA’s 256 bytes) and much higher performance. We want the features of both AES and RSA without the performance drawbacks of RSA, so we encrypt the changes and most of the data using AES, then we use RSA to encrypt the AES key we just used. That way we only have to do RSA once per message, and can use the faster AES thereafter. We use 256 bit keys for our AES encryption. It is thought that breaking this level of encryption would require more energy than is currently available to anyone on the planet. The US Government thinks it will be secure until about 2030, and included it in FIPS 140-2 standards.
Secure Socket Layer (SSL) encryption on websites uses the same sort of scheme to protect your transmissions. Each side sends the other the public part of their RSA keys, then uses the other side’s key to encrypt an AES key that is used to encrypt the rest of the communications. Since only the matching private key can decrypt data that is encrypted with a public key, nobody can see the AES keys being exchanged and thus you’re secure from surveillance.
For parts of our solution, we employ the SHA hashing algorithm (SHA-256). This hashing algorithm allows us to uniquely identify a block of data but doesn’t give us any information about that data. The SHA-256 algorithm is recommended by the US Government for hashing applications. It has no known collision issues, and exceeds US Government FIPS 140-2 standards.
Not Just Another Database of De-Identified Clinical Data
Bionymity isn’t your run-of-the-mill repository of de-identified patient records and clinical data. Our solution is unlike any other solution out there for the following reasons:
- Despite the fact that all data is de-identified, Bionymity’s technology allows us to correlate data for the same patient from disparate sources.
- Bionymity’s database is updated in real time. This is a must for biosurveillance purposes.
- Bionymity offers the ability to “track” (or “tag”) anonymous patients so researchers can be updated when new data arrives on that patient.
- To help with recruiting for clinical trials, Bionymity’s solution can send a message back to the original primary care physician to allow for re-identification for inclusion in clinical trials. Only the patient’s physician can re-identify the patient and there is a “Chinese Firewall” between the researcher and the physician.
The Bionymity Box
An integral part of the Bionymity solution is the Bionymity Box. The Bionymity Box handles the de-identification, pseudonymization and re-identification using patent-pending technology and processes. A Box is placed at each provider’s site and will re-identify only patients that originate from that provider.