Privacy Networks and the Unified Trust Model frictionless patient-centric sharing, analysis and personalization

Jonathan Hare CEO, WebShield, Inc.

2 WebShield Inc.

with no consistent way to…• find and retrieve patient records• authenticate and authorize access by patient and their caregivers • trust policy enforcement and regulatory compliance by other organizations• share or analyze data without risking privacy, security or commercial rights

US Healthcare is*wildly* complex• 320 million people• 7.8 million clinicians & staff• inconsistent identifiers & schemas• highly privacy sensitive & regulated data• 1,000s of vendors, 10,000s of enterprises, 100,000s of IT systems• each patient has a unique, fragmented and changing network of data sources and caregivers

EnterpriseCentric

Computing

Patient-CenteredEvidence-Based

Healthcare

No amount of brute force can make

enterprise-centric computingsupport

patient-centric careon a national scale (let alone global)

4 WebShield Inc.

theunderlyingchallenge

“Little Data” Privacy (records of individuals)“Big Data” Privacy (population-scale analytics)Commercial Rights (unwilling to share)Semantic Interoperability (can’t link or understand)Regulatory Compliance (not allowed to share)

5 WebShield Inc.

“Classical” enterprise-centric techniques for data sharing and analytics are wildly inadequate

for patient-centered, evidence-based healthcare

HIPAA de-identificationdata use agreements federated analyticsCentralized

HubData

RecipientsData

Sources

aggregatedstatistics

Coordinating Center

bigger data siloes meets legal straightjacket

works with enterprise-centric IT

creates “network effects”

exacerbates cyber-security risks

compliance expensive, inflexible

one-size-fits-all, blocks 90% of uses

forces everyone to trust the hub

“data lobotomy” meets flawed privacy

analytic blind-fold meets operational straightjacket

no longitudinal records

severely compromises analytics

no user interaction (missing values)

no personalized decision support

simplifies data governance

reduces privacy risks

de-identified

original data

almost always easy to re-identify

can’t de-identify genomic data

severely compromises analytics

unambiguous HIPAA compliance

sounds good (to politicians)

no personalized decision support

analyze at distributed data sources, aggregate & interpret statistical results.

remove or obfuscate 18 types of personally identifying attributes.

HIPAA

G-L-BIRS 6103

EU Data Protection Directive

FISMA

contracts specify commercial terms, regulatory requirements, authorized uses & recipients

7 WebShield Inc.

The underlying problem with “classical” techniques is that there is an inherent conflict between privacy and sharing…

…or is there?

New Paradigm: “Quantum Privacy”

obfuscate data so that it is both - fully opaque (meaningless gibberish)

and - fully computable (no loss of information)

- at the same time…

simultaneously enforce policies of all stakeholdersat the finest possible level of granularity (‘quantum level’) before any meaningful data is revealed to anyone (including “insiders”)

9 WebShield Inc.

Enabling Quantum Privacy

Unified Trust ModelPrivacy Network

2952.3367731...

sJ92fKA24sL…

72679426.3166…

82Fa4JiqR3i…

93742157.4126…

We2B381H5…

PrivacyProxy

Node 1 Node 2 Node N

encrypt

tokenize

randomize

crypto-hash

Input Graph

148.53148.53

cleartext

Privacy Graph

apply policiesobfuscatePrivacy

Algorithm

management planecontrol plane

data plane

tokenizedrandomized

crypto-hashed

x45yv23

429jQk1Mz9…

93742157.4126…

We2B381H5…

{148.53} {dx72Fx92Ua…} {T62p2JsV9sI…}

429jQk1Mz9…T62p2JsV9sI…dx72Fx92Ua…

TrustAuthority

PrivacyNetwork

Privacy Algorithms

Graphs broken up into individual values, obfuscated by distributed “privacy pipes”, then re-assembled into a “privacy graph” made up of opaque tokens.

• privacy graphs are opaque and meaningless to any observer, yet fully computable. • algorithms and policies can be executed data without revealing anything to anyone.

• any data, algorithms, or policy definitions.

• provenance, schema & trust criteria

PrivacyProxy

Node 1 Node 2 Node N

encrypt

tokenize

randomize

crypto-hash

Input Graph

148.53148.53

cleartext

148.53

Privacy Graph

apply policiesobfuscate

enforcepolicies de-obfuscate

PrivacyAlgorithm

management planecontrol plane

data plane

tokenizedrandomized

crypto-hashed

x45yv23

429jQk1Mz9…

93742157.4126…

We2B381H5…

429jQk1Mz9…

{148.53} {dx72Fx92Ua…} {T62p2JsV9sI…}

429jQk1Mz9…T62p2JsV9sI…dx72Fx92Ua…

TrustAuthority

Privacy Algorithms

Privacy graph information can be resolved into clear text only after all of the trust criteria linked to all resources that contributed to creating it are enforced.

PrivacyNetwork

vastly better security and privacy (thousands to millions of times harder to breach)unlimited aggregation and analysis with no loss of accuracyprecision access control (single attribute, single recipient, specified purpose, 1-time)trust criteria inherited automatically by all aggregates and analytic outputsno need to agree on trust criteria

Privacy Network Advantage

13 WebShield Inc.

Trust Criteria

Identity & Security Assurance

Authorized Recipients & Purposes

IT Interoperability

Payment & Licensing Terms

Regulatory Compliance

Trust Validation Model

Rating & Reputation Metrics

Governance Processes

Trust Authorities

Audit & Certification Processes

Assessment Methodologies

Unified Trust Model

Trust Policy Model

Assessment & Validation

Legal Agreements

Computable Trust

Trust Requirements

Provenance

Trust Resource Model

Resource Description

allows diverse policies specified by different stakeholders (e.g. user, record subject, publisher, regulator, etc.) to be enforced by neutral trust authorities.

data metrics software

computing infrastructure

devices

physical assets

organizations

policiescontractsalgorithms

accounts

brands

relationships

people

14 WebShield Inc.

Applications of the Privacy Network

Nationwide Identity NetworkPatient-Centered Record/Attribute Discovery and Linking

HIPPA-Compliant Access Authorization and Sharing

Privacy Network

Buy Season Pass $19.99

Watch Ad-Free for $1.99

Watch Free with AdsWatch Free with Ads

Accept Privacy ProtectionShow Policies

The Privacy Network uses information about you to authorize access to content, protect you from identity theft, and to enforce privacy policies on the use of your information and files.

Cancel

explainFirst-time users must opt-in to privacy policies in order to access protected content (e.g. a football game).

Authorizes use of obfuscated data to:

• Authenticate user and verify attributes and relationships.

• Anonymously detect user devices. • Analyze activity to detect identity

theft & cyber-security fraud.• Locate and authorize access to user’s

records, accounts and digital media.• Enforce user-controlled security,

privacy and personalization policies.

• Identity theft protection with multi-factor authentication and identity proofing.

• User’s identity, personal data and activity hidden – no insider access by anyone.

• Personal information only revealed if authorized by user.

Privacy Network

Buy Season Pass $19.99

Watch Ad-Free for $1.99

Watch Free with AdsWatch Free with Ads

(1) first-time users enter any attribute (phone, email, etc.) that specifies their identity.

Commercial

Credit Bureaus

Phone RegistriesProfessional

Licensing

Marketing Profiles

DataAggregators

FraudAnalytics

Enterprise

HealthcareRecords

Security DirectoriesEmployer

HR

RetailerAffinity ProgramsSupply-

Chain

Insurance Databases

Banking Records`

CRM

ERP

Government

EducationRecords

Public Records DMV

RecordsState & Local

Records

IRSRecords

Social Security

Citizenship & Immigration

Healthcare

DataSources

(3) global virtual database of obfuscated data used to verifyuser’s identity, authorize accessand derive authentication options.

Accept Privacy ProtectionShow Policies Cancel

explain

Text my Cell Send me Email

your phone your email- or -

The Privacy Network does not recognize this device. To authorize access, please enter one of the following:

other optionsverify deviceverify device

(Y4t) rG2-Ua91xRs4Mw42dAkbaX3yPEq7Nm

(6) obfuscated log entries returned

(5) user authenticated, which in turn: • verifies identity, authorizes access • validates privacy protection opt-in• registers device to enable subsequent no-login access

no personal information revealed to anyone

y4s rG22fa9ixRs4Mw42dAkbaX3yPEq7Nm

phone

voice print

passwordAuthentication Services

device fingerprint

emailfingerprint

facialbiometric

(415) 265-3250jonathan.hare@me.comFaceBookID 2335135

Trust Authorities

Y4t7rG25Ua91

(415) 265-3250

(2) attributes obfuscated and submitted to Trust Authorities.

(4) obfuscated authentication parameters passed to neutral authentication services.

• Global single-sign-on, anonymous identity proofing and attribute verification.

• Simple ‘no-click’ access, strong authentication without passwords.

• Anonymously matches users with their digital content, accounts and records.

• Eliminates identity theft and related cyber-security fraud.

Trusted Identity Network

Child

TeacherClinician

Colleague

FriendSpouse

any credential

or relationship

Privacy Network

anysocial media or

messaging clients any digital content

general health education banking children onlineMy Policies edit my polices Jonathan Hare cancel

people

devices

security

payments

advertising

messaging

privacy

general

Users and organizations can link policies directly to their content, and freely share it through standard messaging clients, social media apps and collaboration tools.

Content is encrypted end-to-end until recipient is authenticated and authorized, and not revealed to apps or websites used for sharing.

Enforces policies on verified identities and relationships of individual people, devices and services…

Harnessing HIPAA to enable (rather than block) access by patients and providers…

•Nationwide•High Assurance•On Demand•Vendor Neutral•Certified ComplianceRecords Discovery &

Access Authorization

Identity & HIPAATrust Authorities

Privacy Network

Informed Consent& Consumer Opt-In

• Enables nationwide patient record discovery and access. • Enforces HIPAA Patient Mandate

for patient requests, HIPAA Authorization for provider requests.

Payer

InfusionCenterOncology Medical

Home

Clinical Oncologist

Skilled NursingFacility

RadiationTreatment Center

HomeCaregiver

Primary Care Provider

Oncology Pathways Patient

EHR

provider portal

ClaimsRecords

EHRRecords

LabRecords

PharmacyRecords

GenomicDataPractice

Management

DeviceData

DemographicData

Pay-for-Value Metrics

Privacy Networkpopulation & practice metrics

personalized clinical decision supportpatient-centered coordination of care

records access & secure messaging

All-payer, all-patient, all-provider, all-purpose network

Providers

Data Sources

21 WebShield Inc.

Nationwide Secure Sharing, Compliance Verification and Attribute Discovery

Apps, Databases

Services Patient Data Identity &Compliance

DataProxy

DataProxy

Patient Records

Attributes

Metrics

Privacy Network

• Cloud-based verification of IT security and HIPAA compliance by neutral trust authorities. • Secure sharing with any organizations or individuals without requiring IT support. • Identity disambiguation across demographic identifiers, patient IDs, insurance IDs, etc. • Nationwide attribute discovery and patient-centered longitudinal record syndication.

Payers

Data SecurityEncryptionKey ManagementSecurity Directory

z

Data Sources

Nationwide Single-Sign-On User Authentication, Authorization & Compliance

Providers

Patient Data Identity &Compliance

DataProxy

DataProxy

UserProxy

IdentitySyndicate

TrustAuthorities

Privacy Network

• Links diverse single-sign-on and identity infrastructure into nationwide identity syndicate.• National scale attribute-based access control and dynamic user / attribute proofing. • Identity assurance and HIPAA compliance verified by neutral trust authorities.

Apps, DatabasesServices

Single Sign-OnOpenID Connect, OAuth2, SAML2, LDAP, etc.

Payers