Patent Issued for Methods and systems providing central management of distributed de-identification and tokenization software for sharing data (USPTO 11120144): Datavant Inc.

2021 SEP 30 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- Datavant Inc. (San Francisco, California, United States) has been issued patent number 11120144, according to news reporting originating out of Alexandria, Virginia, by NewsRx editors.

The patent’s inventors are Austin, Joseph (Sterling, MA, US), Bayless, Paul J. (Burke, VA, US), Kassam-Adams, Shahir (Lovingston, VA, US), LaBonte, Jason A. (Natick, MA, US).

This patent was filed on April 12, 2019 and was published online on September 14, 2021.

From the background information supplied by the inventors, news correspondents obtained the following quote: “Generally, regulations and laws protecting the privacy of personal data have created a plethora of strategies for protecting the identity of personal data. For example, it is a potential Health Insurance Portability and Accountability Act (HIPAA) violation to incorporate personal health information (PHI) elements into a healthcare data set. Accordingly, to be compliant with government regulations, all PHI data elements must be removed and/or de-identified before being incorporated into any healthcare data set. Typically, institutions, organizations, and businesses that create personal data have their own methods for complying with identity protection laws. These methods may include in-house developed proprietary methods, or one of many disparate off-the-shelf solutions. The conventional methods utilized for protecting personal data have been responsible for serious identity breaches resulting in the theft of customer and employee personal information. Conventional methods implement processes of de-identification by the use of hashing methods applied to strings of characters generated from private data elements in data records. These conventional processes are built using a single hashing seed or encryption key, which is shared across many disparate target sites. Such systems suffer the risk that the resulting generated values can be mapped back to the original source data. Once a breach has occurred, all the target data sites have exposed values which, in themselves, could become regulated data values. Conventional processes also create problems because once PHI data elements are removed from record, users have no way to understand which individuals in the data set match the de-identified individuals, and so conventional healthcare data systems are limited in their ability to identify the existence of duplicate records or duplicate individuals from individual de-identified records in healthcare data sets.

“Additionally, the personal data records stored by the various entities cannot be shared or aggregated for any meaningful or useful data analysis. Specifically, the personal data cannot be shared between entities where the identity any one particular individual is of no importance. A problem associated with protected personal data is easily recognizable in the industries related to healthcare where each provider or insurer typically employs their own proprietary methods for de-identifying personal data records, making it nearly impossible to do any meaningful aggregations of the data for important clinical research or cost analysis at higher regional, state, or national levels. This problem is compounded by the fact that there are many separate and distinct companies involved with the care of an individual patient, making it difficult to share and or tie the information together for a single patient once the stake holder has applied their own proprietary de-identification process to the patient’s personal data records. An additional problem is that conventional methods utilized for protecting personal data are ill-equipped to adopt changes in the manner in which person data must be protected, both due to changes in law, regulations or requirements for handling data, and due to changes in entities storing the records, resulting in data redundancies, and retrofitting that compromise efficiency, robustness and security of conventional systems.

“Previous solutions have involved a de-centralized key management service that provides a trusted secure site to manage key ownership and sharing between disparate entities. A decentralized process uses authorized encryption keys to standardize shareable tokens at partnering entity sites. Personal data records created and stored at de-centralized locations, at the entity site, use the encryption or site key information provided by the centralized key management architecture to enable secure sharing of their respective personal data records. The central key management architecture does not maintain de-centralized token data and only serves as a management hub for the distribution of encryption keys and standardization of tokens at an entity site level. Such solutions involve embedding the de-identifications rules, token creation algorithms, and other required elements within the software that is run locally on the data to be processed. Thus, changes to these elements require the reconfiguration and re-installation of the software and the maintenance of multiple copies of the software if the user wishes to maintain multiple configurations (i.e. one copy for each configuration).

“These and other shortcomings described herein existing in the conventional approaches to sharing personal, private, or otherwise protected data area a problem that would not exist but for the present need for and utilization of computer technology handling such data. With so many disparate forms of data and computer systems managing the data, the difficulties in handling such data in a way that provides desired access and utilization of the data without violating privacy guidelines or putting personal data records at risk have been caused by the implementation of the computer technology that prior to the present invention conventionally handled such data.”

Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “There is at least a need for a system that allows for a central user to add, modify, or delete new sites, users, and configurations for use by distributed de-identification and tokenization software installations, and to make those changes in real-time so that the distributed installations have them available without any change to the locally-installed software. There is a need for improvements for enabling data sets containing PHI, personally identifying information (PII), private, secret or confidential data within records of individuals to be accessible and useable without exposing protected PHI, PII, private or confidential information of the individual, while being able to aggregate data sets by matching de-identified data and preventing instances of repetition without resorting back to that protected information. The present invention is directed toward further solutions to address these needs, in addition to having other desirable characteristics.

“The system of the present invention includes two primary components: a central configuration platform (the Vault), and a software package that is installed locally (the Software). In certain implementations a private or secure storage (Secrets system) is also employed to store the data from the central configuration platform (the Vault).

“The central configuration platform (Vault) is a secure portal that is hosted online in a public or private cloud or network and that supports three types of activity: managing site and user permissions, managing the configurations of the local software, and auditing all activity across the central and distributed components. In implementations using the private or secure storage (Secrets System), the permissions, encryption keys, hash seed, and final configuration file created and managed by the central configuration platform (Vault) are stored in the Secrets System so that they are secured from Vault users. These elements are made available to the Software through a secure network call. The Software includes any number of locally-installed software packages for creating and manipulating de-identified and tokenized data sets. At run-time, the Software makes a secure network call to the Secrets System to validate permissions, and retrieve permitted elements required to run the Software (e.g. hash seed, encryption key, and or configuration file). The Software uses these retrieved elements to process the data locally, and discards these elements upon completion, thereby allowing the most current version of these elements to be used at each subsequent run. The Software also has the ability to make a network call to the Central configuration platform (Vault) to ask for permission to run if it has not already been granted, and to pass back a log file at the conclusion of a run for central auditing and monitoring purposes.

“The present invention is a stand-alone product, but it can be integrated with other data processing or monitoring systems (e.g. with data ETL processes, or with other auditing and monitoring tools, etc.).

“The present invention provides: 1) De-identification and tokenization software (the Software) that calls a central platform (the Vault, with or without the Secrets system) to retrieve the specific configuration elements needed to run; and 2) A central platform (the Vault) from which distributed installations can be managed, including setting permissions, de-identification rules, tokenization schemes, and file layouts.”

The claims supplied by the inventors are:

“1. A method for centrally managing one or more instances of encryption software deployed remotely, the method comprising: registering, at a central management platform comprising one or more computing devices with processors, memory and storage, one or more instances of software deployed on one or more client devices comprising processors, memory and client storage devices; assigning, at the central management platform, a unique encryption key and permissions to each of the one or more registered instances of software deployed on one or more client devices; identifying, at the central management platform, parameters and requirements for each of the one or more registered instances of software deployed on one or more client devices; generating, at the central management platform, a configuration file for each of the one or more registered instances of software deployed on one or more client devices; providing the unique encryption key and the configuration file to each of the one or more registered instances of software deployed on one or more client devices; and storing the unique encryption key, the permissions, and the configuration file for each of the one or more registered instances of software deployed on one or more client devices using a secure data storage module that provides an implementation of the storage isolated and secure from the centralized management platform, enabling client computing devices to communicate with the central management platform to obtain necessary data to encrypt data on the one or more client devices over one or more telecommunication networks to enable encrypting data records stored by each of the one or more client devices.

“2. The method of claim 1, wherein registering one or more instances of software comprises modifying parameters and requirements for the one or more instances of software deployed on one or more client devices.

“3. The method of claim 2, wherein the parameters and requirements comprise deployment sites, user permissions, de-identification rules, token creation rules, and field names and data layouts for associated with each of the registered instances of software.

“4. The method of claim 2, further comprising tracking, using a monitoring and audit portal, any changes made to the parameters and requirements.

“5. The method of claim 1, wherein the permissions for each of the registered instances of software or user thereof are based on a license file associated with each of the one or more registered instances of software deployed on one or more client devices or user thereof.

“6. The method of claim 1, wherein the generating of a configuration file is based on a data processing map that is generated based on de-identification rules, token creation rules, and field names and data layouts associated with each of the registered instances of software.

“7. The method of claim 6, wherein the unique encryption keys and the token creation rules are used by the central management platform to provide token management of the data records on each of the one or more client devices.

“8. The method of claim 6, wherein the central management platform comprises additional standardized rule sets and field names and data layouts beyond the de-identification rules, the token creation rules, and the input and output field names and data layouts, that are combined or segmented in multiple ways to creates lists of different granularity for one or more of a subset selected from the group consisting of users, sites, tenants and the one or more registered instances of software deployed on one or more client devices.

“9. The method of claim 1, wherein additional data, comprising non-configurable secret data comprising master hash seeds or salts, are also provided by the central management platform to be used in encrypting data records stored for each of the one or more client devices.

“10. A method of encrypting data using deployed software which is managed centrally, the method comprising: obtaining, at a client device comprising a processor, memory, and a storage device, and operating a deployed instance of centrally managed software, data to be encrypted; requesting, at the client device operating a deployed instance of centrally managed software, configuration data for centrally managed software from a central management platform comprising one or more computing devices with processors, memory, and storage; receiving, at the client device operating a deployed instance of centrally managed software, a unique encryption key and a configuration file for the deployed instance of the centrally managed software from a central management platform; performing, at the client device operating a deployed instance of centrally managed software, encryption on the obtained data based on the received unique encryption key and a configuration file for the deployed instance of the centrally managed software from a central management platform; and outputting, at the client device operating a deployed instance of centrally managed software, data encrypted by the deployed instance of the centrally managed software based on the received unique encryption key and a configuration file for the deployed instance of the centrally managed software from a central management platform.

“11. The method of claim 10, wherein receiving the unique encryption key and configuration file is conditioned upon successful verification of credentials using a permission check performed at the central management platform.

“12. The method of claim 11, wherein the permission check further comprises the central management platform checking a license file to determine if a user and site are allowed to perform requested processing, wherein if the license file is valid, the secure data storage module returns to the centrally managed software certain site-specific elements comprising the unique encryption key, the configuration file, and non-configurable secret data required to properly process data records or an input data file.

“13. The method of claim 12, wherein the centrally managed software uses the site-specific elements retrieved from the central management platform to process the data records or the input data file locally, and then discards the site-specific elements upon completion, thereby allowing a most current version of the site-specific elements to be used at each subsequent run.

“14. The method of claim 10, wherein storage of private data including the site-specific elements comprising the unique encryption key, the configuration file, and the non-configurable secret data comprising master hash seeds or salts, using the secure data storage module, prevents users of the central management platform from viewing or accessing the site-specific elements, thereby protecting overall security of the system, and wherein use of a storage device implemented in a secure data storage module, to also hold final elements, comprising a license file and configuration file, prevents users from modifying the license file and configuration file directly, only allows modification through auditable processes using the central management platform, wherein whenever the centrally managed software makes a network call requesting a permission check to run, the network call and the permission check are also recorded in an audit log.

“15. The method of claim 10, wherein whenever a user adds permissions or modifies any of the permissions, including by deleting permissions, on the central management platform, those permissions are passed to the secure data storage module and stored as a license file, and whenever a user adds a data processing map or modifies a data processing map, including by deleting a data processing map, using configuration processes, the system generates a configuration file that is transferred to and stored using the secure data storage module, where that configuration file is then made available for the centrally managed software to retrieve at run time, such that changes to the license file and changes to the configuration file are made in real-time so as to be available without any change to the locally-installed software.

“16. The method of claim 10, further comprising providing to the central management platform, a log for the encryption performed on the obtained data based on the received unique encryption key and a configuration file for the deployed instance of the centrally managed software from a central management platform.”

There are additional claims. Please visit full patent to read further.

For the URL and additional information on this patent, see: Austin, Joseph. Methods and systems providing central management of distributed de-identification and tokenization software for sharing data. U.S. Patent Number 11120144, filed April 12, 2019, and published online on September 14, 2021. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11120144.PN.&OS=PN/11120144RS=PN/11120144

(Our reports deliver fact-based news of research and discoveries from around the world.)