Data Storage and Separation

To accommodate the diverse needs of our users and comply with privacy regulations, our platform employs a dual data storage approach. This approach ensures that both organizational data with PHI and anonymized data for public research are securely stored and managed separately.

Organizational Data Storage (with PHI)

1. When data is imported from your EHR system, our platform first saves a complete copy of the data, including all protected health information (PHI), in a dedicated storage environment specific to your organization.

2. This organizational data storage allows authorized users within your organization to access and utilize the data with PHI for internal purposes, such as clinical decision-making, quality improvement initiatives, and operational analytics.

3. Access to the organizational data storage is strictly limited to authorized users from your organization, and robust access controls and authentication mechanisms are in place to ensure data security and confidentiality.

4. The organizational data storage complies with HIPAA and other relevant privacy regulations, ensuring that PHI is protected and handled in accordance with legal requirements.

Public EHR for Research (Anonymized Data)

1. In parallel to saving data in the organizational storage, our platform creates a second copy of the imported data, which undergoes a comprehensive PHI stripping and anonymization process.

2. During this process, all personally identifiable information (PII) and protected health information (PHI) is removed from the data, as described in the previous section on PHI Handling.

3. Additionally, the address abstraction technique is applied to the data, replacing precise patient addresses with abstracted locations accurate within a 30-mile radius, as outlined in the "Address Abstraction" section.

4. The resulting anonymized and abstracted data is then saved in a separate, secure storage environment known as the "Public EHR for Research."

5. The Public EHR for Research enables authorized researchers, data scientists, and public health professionals to access and analyze the anonymized data for various research purposes, such as studying disease spread, identifying population health trends, and developing predictive models.

6. Access to the Public EHR for Research is granted based on strict access controls and data use agreements, ensuring that the anonymized data is used responsibly and ethically for the intended research purposes.

By implementing this dual data storage approach, our platform achieves the following:

• Organizational data with PHI is securely stored and accessible only to authorized users within your organization, facilitating internal data utilization and compliance with privacy regulations.

• Anonymized and abstracted data is made available in the Public EHR for Research, enabling valuable research and analysis by authorized individuals while protecting patient privacy.

This separation of data storage ensures that PHI remains secure within your organization's controlled environment, while the anonymized data can be leveraged for broader research initiatives that benefit public health and advance medical knowledge.