As I've written about many times, I'm passionate about protecting patient privacy.
The new Massachusetts Data Protection regulations require reporting of breaches and mandate compliance with several new security practices. Many hospitals outsource various aspects of their medical records workflow such as transcription, optical scanning, and data entry of scanned forms. When these services are purchased offshore, how can we reduce the risk that personally identified data will be compromised or identity stolen?
The folks at Tech Speed have a creative answer called Imagefracture.
They provide an editor to markup electronic images and identify fields containing sensitive data. Information that might be used in combination to compromise privacy can then be separated into separate scanned images.
Each of these images is sent to a different work team but enough metadata is retained centrally to reassemble the parts. Here's an example of how it works - suppose that form is comprised of name, address, social security number, medications, and problem lists. If the name is sent to one work group, the address to another, the social security number to another, and the medications/problems lists to another, no single work group has enough information to breech privacy or steal identity.
Thus, offshore data entry or business process outsourcing can continue without fear of data compromise. It has the added benefit that individual outsourced work groups do not need security policy audits for HIPAA, PCI, or SOX requirements.
There have been case reports of rogue employees at outsourcing operations threatening clients with data disclosures and blackmailing them to prevent these releases. Since some countries do not have strict privacy laws, there may not be criminal penalties for inappropriate data releases.
Breaking up work into non-identifiable pieces to protect privacy via a customized image editing and metadata management system. That's cool!