Abstract: A method and apparatus for identifying personally identifiable information (PII) and protected health information (PHI) within unstructured data, removing the PII and PHI from the unstructured data, and replacing the removed information with case-type tags that allows the user to understand what information was removed and to tune the level of information removal in future data sets.

Abstract: A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

Abstract: A method and apparatus to provide: 1) De-identification and tokenization software (the Software) that calls a central management platform (the Vault) to retrieve the specific configuration elements needed to run; and 2) A central management platform (the Vault) from which distributed installations can be managed, including setting permissions, de-identification rules, tokenization schemes, and file layouts. Because the local Software contains no inherent configuration, it is universal and can be installed quickly at any site. Any new or modified configuration made centrally through the Vault can be immediately accessed by the Software without any change required at the local installation. Even when Software is installed locally across a distributed network of sites, a central authority using the Vault can control the configurations (de-identification rules, token creation schemes, etc.) used by those sites and audit all activities across the distributed network.

Abstract: A method and apparatus for the creation of simulated records from a small sample data set with configurable levels of variability, the creation of simulated data from an encrypted token that uniquely identifies an individual, and the creation of simulated values using as the basis retained data (birth years, 3-digit zip areas, gender, etc.) from the de-identification process.

Abstract: A method and apparatus for certifying the de-identification actions necessary to take on a data set to make it compliant with privacy and security regulations is streamlined and automated using the invention. Preparing the data for certification is greatly simplified and accelerated by the system, as is interaction with the certifier in the approval process. After certification, the invention allows for the continuous automatic monitoring of the data set to ensure that its profile does not shift over time such that the certified de-identification actions are no longer sufficient to ensure regulatory compliance, and can signal the user and/or certifier that a new certification process must be repeated. Alternatively, if no shift is detected, a user and/or certifier can agree that no new certification is needed.

Abstract: A method and system for identifying individuals in a healthcare dataset who are likely deceased without exposing protected health information to users. The present invention assembles mortality data from different sources, de-identifies this data by removing or modifying all elements regarded as protected health information, and adds a unique encrypted person token to each record. The tokenized mortality data is merged with other healthcare data sets that have likewise been de-identified and tokenized by matching the unique person tokens in data sets against each other. The resulting merged data sets include an indicator of mortality, a uniqueness score giving the likelihood that the person token is unique, and a death validity score giving a measure of confidence that the person is actually deceased.

Abstract: A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

Abstract: A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

Abstract: A method and apparatus for identifying personally identifiable information (PII) and protected health information (PHI) within unstructured data, removing the PII and PHI from the unstructured data, and replacing the removed information with case-type tags that allows the user to understand what information was removed and to tune the level of information removal in future data sets.

Abstract: A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.