TripleBlind’s Solution Analyzed by Polsinelli PC

Organizations Can Collaborate and Commercialize the Estimated 93% of Data Currently Unavailable, While Avoiding Violations of GDPR, HIPAA and Other Regulatory Standards

KANSAS CITY, MO., August 26, 2021 TripleBlind’s privacy claims relating to its Enterprise Data Privacy as a Service technology, which unlocks new revenue opportunities while automatically enforcing all privacy regulations, have been analyzed by Polsinelli PC, which found that data de-identified using TripleBlind’s one-way encryption and distributed computing can reduce the legal risk for all parties involved in data exchange processes.

Data sharing via TripleBlind’s technology includes three roles: a data provider, an algorithm provider (data user) and TripleBlind. In the scenario below, Hospital B (the algorithm provider and data user) wants to know if it shares any patients with Hospital A. Hospital A agrees to share this information with Hospital B, and TripleBlind enables the hospitals to collaborate and provide better patient care while never decrypting data:

  • Hospital A (data provider) and Hospital B (data user) share their databases to TripleBlind software locally (behind their firewalls) and TripleBlind’s technology encrypts each of Hospital A’s and Hospital B’s data (still behind their respective firewalls).
  • Hospital B requests patient information to determine if it shares patients with Hospital A.
  • TripleBlind’s technology enables a comparison between Hospital A and Hospital B data without decrypting it, forwards patients in common (and no other information) to Hospital B.
  • TripleBlind’s technology prevents Hospital B from performing any other operation on the data forwarded to it.

 

“Gartner anticipates that by 2023, 65% of the world’s population will have their data protected under privacy regulations. As more governments introduce privacy laws, it’s imperative for organizations to understand and comply with these different regulations,” said Polsinelli attorney and shareholder, Elizabeth Harding. “We analyzed TripleBlind’s claims that its technology has privacy-enhancing features that enable compliance with data privacy laws including GDPR and HIPAA.” 

Polsinelli found that use of TripleBlind’s technology to permanently and irrevocably de-identify data:

  • Reduces exposure under GDPR by taking the data processed outside the definition of personal data; and
  • Reduces exposure under HIPAA by ensuring that data is processed in a de-identified fashion.

 

“TripleBlind’s breakthrough solution in cryptography and data privacy allows for safer and more compliant collaboration globally,” said Riddhiman Das, co-founder and CEO of TripleBlind. “We will see this become increasingly important as areas around the world continue to implement their own conflicting data privacy laws, similar to what we are seeing in the United States in states like California and Virginia.”

 

GDPR

GDPR defines personal data as “any information relating to an identified or identifiable natural person,” a broad definition that can lead to confusion and privacy risks. GDPR applies to the processing and sharing of personal data; it does not apply to anonymous data. TripleBlind allows entities to share anonymous, permanently and irrevocably, de-identified data while still achieving the same data-sharing needs, eliminating the risk of organizations violating GDPR.

In the report, Polsinelli walks through a use case where TripleBlind uses anonymized random pieces to allow an e-commerce website to detect fraud on its website using a cloud-based service provider. Traditionally, the e-commerce site would provide raw data directly to the service provider, and the provider would run its algorithm against the raw data, which includes personal data.  This would trigger various GDPR obligations, including the requirement for a lawful basis for processing and, to the extent the personal data in question was considered a ‘special category’ of personal data, an exception to the prohibition on processing such special category personal data. Instead, TripleBlind’s technology obtains the same outcome without the Vendor processing identifiable data.

As it relates to GDPR regulations, Polsinelli finds that data which is permanently and irrevocably anonymized using TripleBlind’s technology is exposed to minimized privacy risks from the perspective of each of the roles involved in a typical use case:

  • The data provider reduces its obligations under the GDPR by taking steps to minimize the sharing of personal data with third parties, including algorithm providers.
  • The algorithm provider can altogether avoid the GDPR by performing its functions through TripleBlind (it does not process personal data).
  • The GDPR does not apply to TripleBlind in its role as the technology vendor because TripleBlind does not process personal data.

 

HIPAA

In the United States, HIPAA regulates the use and disclosure of Protected Health Information (PHI). Through a combination of one-way cryptography and data splitting, TripleBlind mitigates user risk of violating HIPAA by allowing entities the ability to collaborate without using or disclosing PHI.

TripleBlind allows healthcare providers to achieve more ethical and equitable AI-based models and deliver “deep medicine” globally with simpler compliance with local and regional privacy standards. 

Expert Dr. Kalikinkar Mandal conducted a de-identification analysis of TripleBlind under the Expert Determination Method and concluded that the risk of the algorithm provider identifying an individual based on PHI is very low with respect to the data processed through TripleBlind’s technology.

As it relates to HIPAA regulations, Polsinelli finds that data which is permanently and irrevocably anonymized using TripleBlind’s technology is exposed to minimized privacy risks from the perspective of each of the roles involved in a typical use case:

  • Information from the data provider is immediately encrypted and split in a manner that results in no data elements which would be considered PHI being disclosed to the recipient.
  • The encrypted result does not enable the algorithm provider to reverse engineer the original data input, so the result data also does not contain any data elements which would be considered PHI.
  • TripleBlind never processes any PHI, whether encrypted or otherwise, meaning TripleBlind is not a business associate of either the data provider or the algorithm provider.

 

About TripleBlind

TripleBlind unlocks the estimated 105 petabytes of data stored by enterprises today that are inaccessible and not commercialized due to privacy concerns, operational complexity and regulations. The company’s patented breakthroughs in advanced mathematics enable organizations to secure larger and more diverse data sets for innovating enhanced algorithms for medical diagnoses and improved anti-fraud initiatives in financial services. It is the only technology that enables enterprises to rapidly commercialize data while maintaining compute performance; enabling analysis of all data types, such as PII, PHI, genomic data, images, and confidential financial records; and enforcing all international and regional data privacy standards, including HIPAA, GDPR, PDPR and CCPA.

TripleBlind is superior to existing solutions such as homomorphic encryption (slows compute performance), secure enclaves (siloes data), tokenization/masking/hashing and differential privacy (reduces accuracy), synthetic data (not real data), federated learning (limited use for algorithms), confidential computing (requires data centralization) and blockchain (not interoperable). Innovators including Accenture, the Mayo Clinic, and Snowflake trust TripleBlind to protect sensitive data. For an overview, a live demo or a one-hour hands-on workshop, contact@tripleblind.ai.

 

About Polsinelli

Polsinelli is an Am Law 100 firm with 900 attorneys in 21 offices nationwide. Recognized by legal research firm BTI Consulting as one of the top firms for excellent client service and client relationships, the firm’s attorneys provide value through practical legal counsel infused with business insight, and focus on health care, financial services, real estate, intellectual property, middle-market corporate, labor and employment and business litigation. Polsinelli PC, Polsinelli LLP in California.

Polsinelli is very proud of the results we obtain for our clients, but you should know that past results do not guarantee future results; that every case is different and must be judged on its own merits; and that the choice of a lawyer is an important decision and should not be based solely upon advertisements. Copyright © 2021 Polsinelli PC. Polsinelli LLP in California.

 

Contacts

Victoria Guimarin
UPRAISE Marketing + Public Relations for TripleBlind
tripleblind@upraisepr.com
415.397.7600

 

Liz Harding
Shareholder, Privacy and Data Security
Polsinelli
eharding@polsinelli.com
303.583.8228

 

How TripleBlind’s Data Privacy Solution Compares to Synthetic Data

Synthetic data is a form of collaboration in which businesses can share information with each other to analyze it without sharing real customer or patient information. An obvious downfall of collaborating by sharing synthetic data is that businesses are sharing generic data sets and not real data; however, synthetic data is acceptable when real data is unnecessary.

For example, synthetic data may be used by a credit card aggregator to determine macro trends from the data because not every bank collaborates with them and not every credit card provider will offer data. In those situations, synthetic data would be acceptable to glean industry macro-trends from the data.

However, if a company wanted to determine if a customer deserves a particular credit limit or understand how a small part of the population’s microtransactions yield a certain insight, they would need real data.

Another problem with sharing synthetic data is that outlying data is often omitted, making the data set inaccurate or can later be identified through spear-phishing or cross-correlation.

TripleBlind is far superior to sharing synthetic data because businesses can fully analyze real data in order to understand real trends. TripleBlind’s solution allows for data collaboration without jeopardizing privacy or compliance. Data shared through TripleBlind’s solution remains de-identified, private and can only be used for its intended purpose.

As shown in the above chart, collaboration via synthetic data has a negligible impact in most categories where accuracy and compliance are necessary. On the contrary, TripleBlind’s solution fulfills criteria across the board, making it a superior way to share data.

To learn more about how TripleBlind compares to other competitors and methods of data collaborations, follow us on LinkedIn and Twitter to be notified when we post the next installation in our Competitor Blog Series.

If you’d like to schedule a call or free demo to explore how TripleBlind can work for your business, please reach out to contact@tripleblind.ai.

 

Read other blogs in this series:

Business Agreements
Homomorphic Encryption
Blockchain
Tokenization, Masking and Hashing
Federated Learning
Differential Privacy

How TripleBlind’s Solution Can Make Data Sharing in Healthcare More Horizontal

TripleBlind recently hosted a virtual roundtable discussion featuring thought leaders from Mayo Clinic and Novartis to explore the current state of data sharing in healthcare. TripleBlind’s co-founder and CEO, Riddhiman Das, was joined by Mayo Clinic’s Dr. Paul Friedman and Dr. Suraj Kapa and Sukant Mittal from Novartis. 


Current issues surrounding data sharing in healthcare

While the expansion of electronic medical records and technological advancements have led to vast amounts of health data, this data is not broadly shared due to concerns about personal identifiable information (PII) and protected health information (PHI).

When this data is not readily available to share and use, healthcare professionals cannot access information which would create a more equitable pool of patient data and lead to advancements in diagnosis and treatments. Doctors need a way to both respect patient privacy, but gain access to more comprehensive health histories. 


How the issue is currently being addressed

While complying with data privacy regulations, healthcare organizations are still doing all they can to ensure data pools are unbiased. 

Mayo Clinic currently validates independent cross populations – different ethnicities, races, etc. – within its own data sets. This task becomes more difficult when talking about a global population and the regulations that differ between different countries. 

Training data is essential to Mayo as they capture data from the broadest possible population. Mayo’s neural networks can detect subtle, interrelated patterns that translate the hidden signals the human body gives off all the time, but will not function properly if untrained. Today, Mayo has roughly 30 hospitals from four continents providing data and they are continually expanding as permitted.


In a perfect world, data sharing would be more horizontal

While institutions like Mayo work to remain unbiased and ethical, there remains a void globally across the healthcare industry to ethically and compliantly crowdsource patient information.

During the webinar with TripleBlind, Dr. Suraj Kapa mentioned that ideally, in the future of digital health, institutions could move away from monopolies of data and sharing data would be more horizontal. Organizations would be able to access data that reflects the broader concept of the world’s population rather than segmented, narrow cohorts of patients.

Compliantly sharing crowdsourced healthcare information in real time would create limitless possibilities and accelerate discovery and understanding for healthcare providers.


How TripleBlind can help healthcare institutions achieve this desired outcome

When it comes to private healthcare data, TripleBlind aims to enable the liquidity of this data in order to enable and foster innovation in healthcare.

TripleBlind’s groundbreaking solution allows highly-regulated enterprises like healthcare institutions to gain and share de-identified data without ever decrypting it. When de-identified data is shared, there is no chance of compliance issues or of the data being re-identified. TripleBlind enables institutions to leverage third-party data or allow third parties to use their data while guaranteeing that the data is going to be used for the stated purpose.

With TripleBlind’s technology, organizations can cover global ground rather than operating against the specific, narrow regulations that vary worldwide.

 


To learn more about how TripleBlind’s technology can open the door to compliant data sharing for your organization, please reach out to contact@tripleblind.com for a free demo. To watch a video of the roundtable featuring TripleBlind, Mayo Clinic and Novartis, visit here

How TripleBlind’s Data Privacy Solution Compares to Homomorphic Encryption

Homomorphic encryption is a technique that allows for computations to be done on encrypted data without needing a secret decryption key, allowing only the owner or those with the secret key to see the results of the computations. There are multiple applications in which fully homomorphic encryption can be applied, from something as simple as keeping a person’s Internet search history private from third-party marketers to more complicated computations such as those done with healthcare data. Homomorphic encryption is considered one of the more well-rounded encryption solutions in the market and has been adopted by tech giants like IBM and Microsoft.

However, homomorphic encryption’s most significant barrier to widespread use is its significant computation overhead and latency. In fact, according to IBM’s homomorphic encryption trials, it requires more than 42-times compute power and 20-times memory compared to other types of encryptions. 

Homomorphic encryption’s speed is not the only place it falls short compared to TripleBlind’s data privacy technology. Below is a comparison chart of the two solutions:

  • TripleBlind
  • Fast
  • Universal, cloud based
  • Future proof
  • Blind inference supports all non-linear operations, including comparisons
  • Requires all parties online
  • All parties consent to each use
  • Mathematical digital rights management
  • Homomorphic Encryption
  • Slow
  • High CPU needs
  • May be cracked in the future
  • Only supports basic algebraic operations
  • Operates offline
  • Doesn’t require consent of all parties for other uses
  • No digital rights management

There are other areas in which homomorphic encryption doesn’t stack up compared to TripleBlind, including:

As you can see in the above charts, homomorphic encryption falls short in too many categories to provide an enterprise with a complete solution. Enterprises would likely need one or more other solutions to have all the criteria fulfilled. 

Unlocking private data sharing with TripleBlind’s solution allows businesses to collaborate more fully, compliantly and across broader horizons than homomorphic encryption. To learn more about how TripleBlind compares to other competitors and methods of data collaborations, follow us on LinkedIn and Twitter to be notified when we post the next installation in our Competitor Blog Series.

If you’d like to schedule a call or free demo to explore how TripleBlind can work for your business, please reach out to contact@tripleblind.ai.

How TripleBlind’s Data Privacy Solution Compares to Traditional Business Agreements

Business agreements are a method of collaboration in which businesses share data under a predetermined set of rules, limitations and perimeters established between the parties. 

In a business agreement, “Business 1” might give “Business 2” access to their bank statements to reference purchases made throughout August 2021. Business 2 is expected only to reference purchases made in August 2021 and not access any other transactions or purchases made at any other time. And while Business 2 may be contractually obligated to stay within the agreement’s limitations, the raw data may still be made available and can be misused.

This data-sharing method requires trust between all parties involved because there is no way to regulate how the complete set of data will be used or with whom it will be shared. The level of trust that business agreements require takes time and resources to build and maintain, which creates limitations surrounding who businesses can collaborate with.

TripleBlind’s solution is superior to business agreements because it operates at zero-trust, increasing collaboration possibilities and improving efficiency in data partnerships. TripleBlind ensures that sensitive data is used for its intended purpose and cannot be abused.

TripleBlind keeps data and algorithms private at every stage of a data project and never stores data itself. Blind de-identification protects assets from various forms of misuse, including: 

 

  1. Malicious attempts to gain access to data or algorithms
  2. Semi-honest* but curious parties viewing raw data
  3. Unauthorized uses of data resulting from raw data being left behind after a job is completed
  4. Violations of data privacy laws, including GDPR, HIPAA, and data residency, because the raw data is never moved from behind the firewall of the data owner.

 

Unlocking private data sharing with TripleBlind’s solution allows businesses to collaborate more fully, compliantly and across broader horizons than business agreements. To learn more about how TripleBlind compares to other competitors and methods of data collaborations, follow us on LinkedIn and Twitter to be notified when we post the next installation in our Competitor Blog Series.

If you’d like to schedule a call or free demo to explore how TripleBlind can work for your business, please reach out to contact@tripleblind.ai.

Read the other blogs in this series:
Homomorphic Encryption
Synthetic Data
Blockchain
Tokenization, Masking and Hashing
Federated Learning
Differential Privacy

HIMSS 2021, August 9-13, 2021, Sands Exposition Center, Las Vegas

TripleBlind exhibited at HIMSS 2021 and Co-founder and CEO Riddhiman Das participated in Lightning Session, speaking on “Unlocking Privacy Enforced Data Collaboration” on Wednesday, August 11. To view Das’s presentation, click here.

TripleBlind Versus Competing Solutions

One of the most frequent questions we hear is, “How is TripleBlind different from other solutions?” Our technology is too detailed to explain in a short answer, especially when other technologies in this space are being developed by big names like Microsoft and IBM. However, it’s too important to go unaddressed. Over the course of several blogs, we will be going into detail about these other technologies such as homomorphic encryption, federated learning, blockchain, differential privacy, synthetic data, tokenization, and the old-fashioned – business agreement. 

Current solutions use one or some of these approaches, but TripleBlind is superior. We know that key providers such as Enveil, Baffle, Duality Technologies, Google, IBM, Intel, Microsoft, PreVeil offer homomorphic encryption and encryption-in-use camp. Some of the providers that leverage differential privacy include Immuta, Microsoft and SAP.

Providers that use synthetic data are Mostly.AI, Statice, Syntho and Tonic. For tokenization, IBM dominates with its Guardium and Cloud Pak for security offerings, as well as Informatica with its Informatica Data Privacy Management, making for a much larger, established market. 

Our mission is to help enterprises unlock more than 90% of their data that goes unused due to data privacy and regulatory concerns. We change the game from “don’t be evil,” to “can’t be evil.” Arming enterprises with the ability to share and collaborate with that data creates opportunities that range from accelerating the creation and improving the accuracy of medical diagnoses to thwarting hackers and preventing the next big data breach. 

Today’s data privacy solutions are simply ineffective: business agreements hashed out by expensive lawyers take too long to negotiate and requires reliance on goodwill. Homomorphic encryption is slow, while secure enclaves are siloed. Tokenizing and masking a particular data element(s) reduces its accuracy. 

Differential privacy presents IP vulnerability, blockchain isn’t known to be future-proof, and federated learning has limited use for algorithms. Lastly, why use synthetic data when we could use real data for better results? 

TripleBlind enables enterprises to enforce compliance with any and all data privacy standards today – GDPR, HIPAA, PDPA and the myriad of state regulations popping up in the U.S. and data residency requirements in Asia. We also believe it will keep organizations in compliance with any future standards since its core architecture lets data providers share information with data users with data always remaining behind the provider’s firewall and all operations taking place behind the data user’s firewall.

We will dig deeper into the faults of these approaches and how they compare to TripleBlind. We’ll be sure to announce new blogs on our social media, so follow us on LinkedIn and Twitter. If you’re eager to learn more, schedule a call or demo for all the details at contact@tripleblind.ai.

Read the other blogs in this series:
Business Agreements
Homomorphic Encryption
Synthetic Data
Blockchain
Tokenization, Masking and Hashing
Federated Learning
Differential Privacy