It is critically important that individual privacy is fully respected. Health data is highly sensitive information, and information about an individual’s healthcare must be protected. To protect individuals and maintain access to information, IMS Health employs a wide variety of methods to manage privacy effectively.
Our privacy management activities include governance. IMS Health has established effective methods of governance to manage privacy for many years, for many data types, from a variety of sources, and under myriad privacy and data protection laws worldwide. We establish effective frameworks and models to promote good decision-making and accountability that are essential to ensuring effective privacy management.
Laws and expectations relating to privacy continue to evolve and our governance models are dynamic, adapting to changing needs. Further, we apply a layered approach to privacy management, so there is no single point of failure.
IMS Health employs many safeguards to avoid the risk of any improper disclosure or use of healthcare information that might compromise patient privacy, including:
- Technical safeguards—for example, technology and related policies and procedures for its use that protect health information and control access to it
- Administrative safeguards—for example, administrative actions and related policies and procedures to manage the selection, development, implementation and maintenance of measures to protect health information
- Physical safeguards—for example, physical measures and related policies and procedures to protect electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion
Rendering information de-identified or anonymous takes a variety of skills and expertise, including statistical and cryptographic sciences, legal, privacy, information security and compliance expertise, as well as data processing skills—along with an understanding of how healthcare systems work within a country and related data flows. At IMS Health, we employ these skills and expertise together with decades of experience to perform this task millions of times each day.
For our syndicated data offerings, we work closely with data suppliers around the world to ensure direct identifiers are removed by the supplier before data is delivered to IMS Health. In addition, we take further steps—both at the supplier site and within IMS Health—to modify and safeguard the data, so information will not be re-identified.
Among the many safeguards used by IMS Health to protect patient privacy, we frequently use encryption and other cryptographic techniques. Simply stated, these are consistent methods for disguising information to hide its substance. The use of a consistent methodology allows for the linking of information without knowing the identity of the individual. To avoid the risk of re-identification and to maintain process integrity, IMS Health frequently employs trusted third parties to:
- Develop computer programs reflecting encryption methods that meet IMS Health’s high standards
- Install these programs at data supplier sites
- Create and install encryption keys (when applicable)
Encryption and other cryptographic techniques are a recognized approach to the anonymization of highly sensitive information. By employing a robust approach, IMS Health avoids access to patient identifiers, promotes the protection of patient privacy and creates a resource that provides invaluable insights into outcomes, costs and opportunities to improve healthcare.