How to Share Private Patient Information Securely and Quickly with OmniIndex
A Healthcare Case Study
The Current Problem
Several times in the past decade I have listened to healthcare professionals, both clinicians and IT suppliers, voice their frustrations at the inability to supply patient information to the practitioner who needs it in a timely and secure way. This can have huge ramifications not just for the medical care being provided due to delays and frustrations, but also on costs with it negatively impacting the efficiency of the workflow.
The VNA (vendor neutral archive) largely solved the common datastore problem and paved the way for large-scale adoption of cloud storage for picture archiving and communications systems. On the face of it, this should mean that one healthcare provider has a patient record set that can then be used by another. Indeed, with both Microsoft and Oracle I worked with consulting teams on exactly that ‘digital transformation’ with the goal of getting off legacy on-premise solutions with their closed database infrastructure and moving to cloud.
However, it is not that simple.
This is because healthcare datasets require the highest levels of security and privacy with all their PII and protected health information needing to remain encrypted or confidential throughout the process with that information only ever revealed to those who actually need to see it. For example the patient themselves, and their doctor.
In other words, this information is the antithesis of open, distributed data.
The OmniIndex Solution
My work with OmniIndex has brought to market a confidential data solution that uses patented Fully Homomorphic Encryption (FHE) and Web3 Blockchain technology to do the seemingly impossible: Encrypted and secure distributed data.
With OmniIndex, you can add a patient record VNA to your own blockchain storage for distribution to colleagues within and without your organization. This storage inoculates the data from ransomware attacks, and enables it to be distributed across your trusted network securely and privately.
Crucially, your healthcare group can configure which pieces of information are stored in open text, and which are encrypted. For example, while you might be able to abstract age groupings and treatments without breaking PII (personally identifiable information) regulations into open text to allow statistical and analytics research to be carried out, you may need to encrypt the MRI Scans and other medical results within the patient record as these contain identifiable information and regulated content.
What is unique to OmniIndex, is that you can then run all manner of analytics across a broad dataset of patients without ever breaking the encryption and exposing any vulnerable information.
This is possible because OmniIndex provides the only commercial solution enabling real-time search and analytics of fully encrypted data. This is uniquely possible due to our multi-patent protected homomorphic encryption.
With all this data now safely available to analyze and use without risk of exposure, the potential insights possible are only limited by your imagination – from scanner utilization all the way through to patient outcomes. Indeed, we are even currently working with a healthcare group to test the potential for predictive analytics from fully encrypted DICOM images. It is currently very early days with this project, however it shows the research potential made available by being able to work with this highly confidential information while keeping it encrypted.
What’s more, if you are the authorized specialist, you have full access to the entire patient record set. This means that the only problem left to solve is for the healthcare provider to manage authentication and authorization and not distribution of datasets.
Due to OmniIndex’s administrator and zero-trust controls, however, this is easily managed. For example, with the OmniIndex system, administrators and Super Users are in fact the least privileged users with them not able to see any of the confidential information they manage. Why? Because they don’t have to! It can remain homomorphically encrypted at all times without limiting the ability for the administrator to do their job.
Written by James Stanbridge, Head of Product and Customer Success at OmniIndex.
James is an accomplished and growth-focussed leader with extensive experience of guiding the development and execution of high-impact product initiatives. He has held a number of high-profile management positions including Vice President of Product Management & Infrastructure as a Service at Oracle, and General Manager at Microsoft. View his profile.