Challenge
- Genomic data is inherently sensitive. The company's research, which aimed at exploring genetic markers for specific diseases and tailoring drug regimens, leveraged large volumes of such data.
- With the increasing HIPAA and GDPR regulatory scrutiny, ensuring the privacy of this data became paramount. Traditional data protection techniques, both cumbersome and not fully compliant with legal requirements, posed limitations in achieving research objectives without compromising patient privacy.
Solution: Variant Twins Facilitate Minimum Necessary Data
The life sciences company tested Anonos Data Embassy solution, to create a holistic approach to PHI, genomic data privacy and adhere to data minimization requirements.
- Under U.S. HIPAA, data minimization is known as the Minimum Necessary Data Rule: Limiting the use or disclosure of, and requests for, protected health information to the minimum necessary to accomplish the intended purpose.
- Under the GDPR, data minimization is a foundational principle, emphasizing that organizations should only collect, process, and store personal data that is adequate, relevant, and strictly necessary for their specific purpose.
Using Data Embassy, the company employed statutory pseudonymization, a GDPR-approved methodology where selected fields within the data records are replaced with artificial identifiers, ensuring the records were less identifiable yet remained suitable for genomic data analysis and processing.
Through Data Embassy, the raw genomic data underwent a transformation into Variant Twins, protected transformations of original data. These statutorily pseudonymized replicas maintained the analytical value of the original data while bolstering medical data privacy.
Implementation
Variant Twins enabled the sharing of information pertaining to successive degrees of precision related to identifying the relationship between a subject’s phenotype (e.g., disease state) and genotype (their DNA) by revealing just the level of identifying information necessary at each level for authorized use.
Variant Twin (VT) 1
Pathways bearing mutations and subjects in binary cohort groups
Variant Twin (VT) 2
VT1 + Genes bearing mutations and detailed disease classification
Variant Twin (VT) 3
VT2 + Specific gene variants and disease class scores
Variant Twin (VT) 4
VT3 + Hapmap haplotype results and full disease history
Variant Twin (VT) 5
VT 4 + Full SNP data and full patient record
Results
Enhanced Data Security
With the advanced data privacy techniques in place, the risk of potential data breaches was reduced by an estimated 80%, saving the company potential losses and penalties that could run into millions.
Operational Efficiency
GDPR pseudonymization streamlined the data processing workflow, leading to a 60% reduction in time spent on data preparation and compliance checks, accelerating the research and saving man-hours.
Preserved Data Utility
The company could utilize over 95% of its data for genomic data analysis without compromising on individual privacy, compared to the previous 60% with conventional methods.