The multiple platforms and apps used in professional and personal lives present significant challenges for data management systems.
These numerous touchpoints can prove particularly problematic in healthcare, where building a unified data user profile can be essential in treating patients.
A patient may have provided consent for their personal data to be shared across several platforms, potentially creating several separate profiles. But if healthcare providers cannot match these profiles to determine the patient’s identity and link it to their medical records, it can delay treatments. Failure to match profiles may also breach privacy if data is shared without proving consent. This can also potentially cause operational issues for providers and undermine trust in the doctor-patient relationship, making patients hesitant to share data in future.
And with increasing volumes of data continuously being gathered, the picture is constantly changing.
“It’s always moving,” says Glenn Jackson, Cassie CEO. “There is a lot of data, tens of thousands or even millions of records moving all the time. And the problem for enterprise customers is they have to honour that consent all of the time. Otherwise, theoretically, they could be in breach of regulations.”
Furthermore, data regulations around the world add another burden of compliance and need careful management. Breaches of HIPAA in the US can result in fines of up to $50,000. While fines for breaches of Europe’s GDPR rules can run into millions of euros.
Grouping and matching for medical data
For healthcare professionals, the data situation is hardly simpler. Healthcare professionals may have different email addresses and phone numbers for each of the separate sites they work, which can fragment their data significantly. Using full names or initials from one practice to the next can also create a different data profile for that individual.
“Healthcare professionals, especially in the states, can be part of many different practices,” explains Craig Fairhurst, technical project manager for Cassie. “They’ll have their data segregated over the many healthcare providers, different hospitals, and doctors’ offices. Most of them won’t give personal email addresses, they’ll give the email address of the practice. So, the challenge is how you give that one source of truth across all the different records.”
Given that data for one individual may be stored in multiple different systems across various platforms and operating systems, matching data can be a considerable challenge. There may also be old profiles of data subjects from legacy systems.
One solution that increasing numbers of pharmaceutical companies, healthcare providers, and clinical research organisations are turning to is Cassie, which is a Consent Management Platform (CMP). Within Cassie, it is possible to create specific matching rules that operate across multiple systems.
“Matching is all about finding the right person to update. Grouping is creating a combined source of truth that unifies the different types of profiles a data subject can have,” adds Fairhurst. “Our matching rules and grouping rules are quite robust in making sure that we update the right record in our system.”
Matching and grouping happen within microseconds in Cassie, enabling the delivery of services at the necessary operating speeds within healthcare environments. Cassie effectively “joins the dots” in collected data to confirm the identity of individuals from numerous different platforms and build a single data profile. Crucially, the individual is always in control of what data they share and with who.
“Service operators can take data out of Cassie and match it with other systems from Reltio and Wise 360 and other businesses that are enrichment systems,” adds Jackson. “Then they pass that data back into Cassie and we build up the profile until we’ve got complete knowledge about who that person is from an identity perspective.
“Cassie receives information, and we take that and hold it against our database, then we use that when we’re matching.
“This is happening in an automated flow from end to end. We’re ensuring that some data change from one system is being matched into Cassie. We then pass that information out to all the other systems. And that’s happening almost in real-time, continuously.”
A customised solution to ensure data regulation compliance
With the rush to ensure GDPR compliance in 2018, Jackson says that many companies purchased off-the-shelf software to meet requirements. However, these companies are now finding this to be restrictive for data management.
In contrast, Cassie is a fully customisable platform built to meet the specific operational demands of an individual business or organisation, while also enabling compliance with all international or regional data protection regulations. And if there are further regulations for consent within a particular region or country, Cassie can create additional channels.
“We took the harder technical route because we had to build that flexibility. But we took the easier consultancy route because we say to clients: ‘tell us how to make it work and we can configure Cassie’,” adds Jackson. “That’s why we’re different.”
A prime example of Cassie’s capabilities is a project Fairhurst has been working on for an international pharmaceutical company. He says meeting the client’s stringent requirements has been possible thanks to Cassie’s flexibility and robust data management capabilities.
“This is one of the longest test phases I’ve ever had with customer products because they need to ensure that everything can be controlled. One of the biggest things is that they want to make sure the data is coming in exactly how they expect it. Because if it’s not, they need to fix it,” he says.
“They want to ensure that they truly hold people’s consent without risking making a mistake or not capturing properly. Because that can then become very painful and expensive in terms of regulations.”
Fairhurst says that the results so far are highly encouraging.
“The data model complies with all of the local laws. Because this company is so stringent and security conscious with how the data is, it’s already at a higher level than what any country ever requires,” adds Fairhurst. “The complexity of this project has been immense, but we have delivered 100% what the client needed for their business model, their customers and their stakeholders. They have a way of managing consent now which is fully compliant with all the legislations they operate under, customer-friendly and scalable. It’s a very satisfying feeling.”