Assessing needs, setting maturity goals, designing business architecture, and choosing suitable technology sets the stage for rolling out new de-identification services smoothly. This is not a one-time event, but rather a process of gradually increasing capacity and complexity.
As you begin to roll out new de-identification services, your work planning implementation will start to pay off in the form of greater efficiency, minimized privacy risk, and better client service. You have begun moving towards your maturity goals. As the maturity of your de-identification services increases, you will be able to increase the volume, speed, and complexity of data sharing.
To launch de-identification services successfully, we recommend implementing new de-identification practices first in a relatively simple context before moving on to more complex data environments. A gradual service rollout helps to ensure that you have time to master one set of risk management and client service challenges before confronting new ones. The following phases help to guide an optimal service rollout:
|Wave 1||Wave 2||Wave 3||Wave 4|
|One database for one client||Multiple databases for the same client||Multiple databases for several clients or for a complex client (e.g., a data repository accessible to several organizations)||Online implementation|
Beginning by implementing new de-identification processes within a single database for a single client will allow your staff to become familiar with new processes without the added complexity of interdependencies between databases. Until risk measurement is in place, it is difficult to manage the privacy risks created by clients potentially linking data from different databases, and providing a client with access to multiple databases is not recommended.
Once an organization has developed the capability to measure data risk, providing multiple databases to a single client offers an opportunity to learn how to manage data interdependencies within the context of an established contract or agreement.
Once your organization is proficient in evaluating data risk and handling interdependencies, the next step is to develop the capacity to measure client risk. This makes it possible to create versatile de-identification templates to be applied to data: that is, the data risk levels of different databases can be mapped to client risk classifications to determine the specific de-identification techniques that will be applied to data prior to release. At this level, clients’ patterns of data requests are monitored for performance measurement and risk management purposes.
This final wave moves beyond applying templates to calculating risk automatically, allowing for data to be released instantaneously. Clients are granted different levels of data access based on a priori assessments of client risk. When a client requests a dataset, data risk is calculated automatically and mapped to the client’s access level to determine which de-identification techniques will be applied. De-identification techniques are then automatically applied and the data is released instantaneously. At this stage, strong risk management, performance management and governance practices are required to ensure compliance with privacy laws and regulations.