Health Tech

While Helping Save Lives, the Digitization of Patient Records Poses Unprecedented Privacy Challenges

Health Tech

November 5, 2019

Nearly 32 million patient records were breached in the US during the first six months of 2019, more than double the number recorded during 2018, according to a new report by healthcare compliance analytics firm Protenus.

The growing rate of data breaches begs the question: is our most sensitive information protected?

The price is steep

Nowadays, patient information is stored digitally as Electronic Medical Records (EMR). This enables the use of Big Data analytics to significantly advance medical research, improve the quality of care, and save lives.

However, with the growing number of digital medical records around the globe, data privacy and data protection become major concerns, as sensitive data – including medical, personal and even billing information – can fall into the wrong hands. The price of a medical record on the darknet can reach hundreds or even thousands of dollars since it contains a host of valuable information, compared to just a Social Security number or ID number, which cost a few cents.

Medical records are primarily used to provide optimal healthcare services to individual patients. Protection of data for secondary use – for external clinical studies or public health programs – is the biggest concern. While the patient legally owns the data, it is stored as an EMR by the healthcare provider, who therefore has the responsibility to protect it. The risk is that security measures can be weaker at the secondary use level, as there is less control over the data from a healthcare provider, and with a lack of protection this data can be corrupted, changed or used improperly.

A testing ground for data privacy protection

Israeli healthcare providers started digitizing their patient records more than 25 years ago; today, 98% of the country’s medical records are digitally stored as EMRs and are available at different points of care. That is why Israel is an excellent testing ground for data privacy and protection technologies.

Today, Israel boasts a remarkable digitization rate compared to other countries, such as Germany, where medical record digitization will only become mandatory in 2021. Other countries suffer from decentralization of medical records: in the US, there are more than 1,000 different EMR systems, and despite a digitization rate of approximately 100%, interoperability is a huge challenge, sometimes even within one medical organization.

In addition, Israel is home to the second-largest Healthcare Maintenance Organization (HMO) in the world – Clalit, which serves nearly 4.5 million patients through a network of 14 hospitals, 39 imaging centers, 1,400 clinics, 400 pharmacies, 37 children’s health centers and 32 women’s health centers. There are also three other HMOs in Israel: Maccabi, with nearly 2.5 million members, along with Meuhedet and Leumit.

This gives researchers the potential to access large data sets that are held within one system. In addition, medical data is well integrated and interoperable – hospital doctors have access to patients’ EMRs, and EMRs can be transferred from one HMO to another in case a patient decides to switch HMOs. On top of that, since Israel has the longest experience in EMR and thanks to Israel’s strengths in security and especially cybersecurity, the country has also had the longest time to focus on how to secure those records.

Israeli data privacy and protection startups get investors’ attention

Currently, 37 startups in the fields of EMR and medical data protection operate in Israel, according to Start-Up Nation Central’s Finder database. These companies attracted $84 million in equity investments in the first nine months of 2019, more than quadrupling the

funds raised in 2018. Some of the recent financing rounds include startups MDClone, Duality Technologies and Lynx.MD.

Founded in 2016, MDClone has developed a data platform called Healthcare Data Sandbox, which allows third parties to access medical data without breaching patients’ privacy. The company works with several large healthcare organizations in the US and Israel. In August 2019, MDClone raised $26 million in a financing round led by aMoon, Israel’s largest healthcare-focused venture capital firm.

Also founded in 2016, Duality Technologies has developed an encrypted data collaboration platform called SecurePlus. The platform enables secure analysis of encrypted data; using artificial intelligence, the technology derives insights from sensitive data without exposing the data itself. Duality Technologies raised $4 million in late 2018, and another $16 million in a financing round led by Intel Capital in October 2019.

Lynx.MD, founded in 2017, has developed a Big Data collaboration platform that enables hospitals and doctors’ practices to securerly access any type of health data. Lynx.MD became the first portfolio company of Triventures Arc, an early-stage digital health VC founded by Triventures and Sheba Medical Center. It recently raised an undisclosed amount.