Data Use Policy
IPM.ai Privacy Protection
Protecting privacy is an ongoing challenge for many companies, the majority of which fail to truly safeguard data. While privacy should always be prioritized, it’s especially crucial when dealing with highly sensitive health information, as all legal and ethical concerns are magnified. To address this, IPM.ai has created a privacy-safe architecture that ensures patients are never compromised.
Health data compliance has traditionally been determined by an expert’s ability to re-identify an individual’s HIPAA-protected data from a small group. While this approach is widely considered best-in-class, it raises a number of potential issues, including:
-
How skilled was the expert and how much effort did they expend?
-
Was it equivalent to what a bad actor would apply?
-
Was the data set recertified when additional data (Depth) was added?
-
Was the data set recertified every time a new data element (Breath) was added?
Additionally, as the data set is enhanced, has sufficient care been taken to “fuzz” it where necessary to prevent re-identification? Given that recertification is time-consuming and expensive, how much new data triggers the need for it? This approach creates a long list of potential failure points. “Fuzzing” certain data, especially in cases like rare disease, is often necessary to prevent re-identification, yet data fuzzing weakens data modeling. Ultimately, the safety of the data depends on the expertise of the person attempting the re-identification – but as computing power increases and hacking techniques become more sophisticated, today’s privacy protections may not stand up to tomorrow’s privacy pirates.
IPM.ai solves this by preventing re-identification in all cases. Our system allows client data to be easily imported to improve modeling, without the need for re-certification or any risk of re-identification. To our knowledge, IPM.ai is the first company to not only HIPAA certify our data, but have a broader privacy-safe architecture in place. This enables an infinite amount of compliant analytics and model outputs, as all human and subjective elements are removed from the process.
IPM.ai (“we,” “us,” and “our”) incorporates privacy principles (including a privacy-by-design HIPAA-compliant methodology) into our proprietary and patented modeling and analytics platform (“Platform”). The Platform receives, processes, and creates data that is not Protected Health Information (PHI) or personally identifiable information (PII). We do not distribute or sell PHI or PII. The Platform receives and analyzes data that is neither PHI nor PII to gain insights into aggregated and pseudonymous populations, and we share those insights with our affiliates and customers to improve marketing and analytics effectiveness.
IPM.ai (“we,” “us,” and “our”) incorporates privacy principles (including a privacy-by-design HIPAA-compliant methodology) into our proprietary and patented modeling and analytics platform (“Platform”). The Platform receives, processes, and creates data that is not Protected Health Information (PHI) or personally identifiable information (PII). We do not distribute or sell PHI or PII. The Platform receives and analyzes data that is neither PHI nor PII to gain insights into aggregated and pseudonymous populations, and we share those insights with our affiliates and customers to improve marketing and analytics effectiveness.
What Data Do We Receive and Create?
The Platform processes health data that does not include PHI or PII. Additionally, with respect to the processing of health data, the reputable third parties with whom we work represent that the data the Platform receives does not contain PHI, including by providing independent attestations. In addition to health-related data, our Platform may utilize other data, including demographic and psychographic data. Data is processed using our Platform’s proprietary privacy-engineered artificial intelligence and machine learning technology. Our proprietary technology, systems and processes have been verified by an independent third party to assure HIPAA compliance and to validate that the data inputs and resulting derivatives do not include or consist of PHI.
How Do We Obtain Data?
We strive to work with vendors and partners who share our values. In particular, IPM.ai seeks data providers that are reputable in the industry, demonstrate compliance with privacy-friendly principles and applicable privacy law, including HIPAA, and honor consumer choices regarding marketing and advertising preferences. The Platform does not collect health information directly from patients.
How Do We Use and Disclose Data?
Our proprietary and patent-pending Platform uses privacy-engineered artificial intelligence and machine learning techniques to analyze data sets to derive insights about populations of aggregated, pseudonymous individuals. We may also use such data to improve the Platform and our products and services. We share the insights with our affiliates and customers in accordance with contractual and legal requirements so that they may inform marketing and analytics effectiveness. We may be required by applicable law to provide the data the Platform processes to legal authorities. IPM.ai values privacy so much that we built it into our system; we invite you to learn more by contacting us at privacy@ipm.ai.