Data Identification & Clustering
Quality & Integrity
Data Privacy & Security
Simulation & Automation
Retention & Retirement
Governance & Support
Jun 30, 2021
The training and further education of employees in healthcare plays an essential role. Doctors and staff should be trained based on current cases and comprehensible patient data. However, patient data is highly sensitive, personal data and is particularly protected by the GDPR.
The answer: with a system copy and the corresponding data alienation. Natuvion was able to successfully implement precisely this project in collaboration with a large hospital in southern Germany. Natuvion's solution for test data anonymization (TDA) in SAP and non-SAP systems was used in combination with Empirius' solution for system copy (BlueCopy).
With the help of Empirius BlueCopy, a system copy of the hospital's productive system is automatically created every week. In this copy, the relevant data is then alienated by Natuvion TDA. In this way, the SAP IS-H/i.s.h.med training system will provide logical, consistent, but depersonalized data in the future. In addition, the time frame of the alienated data enables a look back and a look forward of the last four weeks and the next four weeks, respectively. As a result, this concept allows for the use of highly up-to-date cases in the training of physicians and staff.
In total, about 70,000 patient, 80,000 physician, and 1 million medical treatment records are alienated each week as part of this project. The data signifies that the patient and case numbers have been changed in all tables. Furthermore, no person can be identified by name, date of birth, address, next of kin, payer, primary care physician, insurance number, or patient or case number anymore. In addition, approximately 4,000 fields and 400 tables in the training system itself will be anonymized. Using ILM blocking, an additional 1.7 million patients are also blocked, as well as payers, debtors, and suppliers. The non-training-relevant data is thus hidden from the system.
When it comes to data protection and GDPR compliance, it is not uncommon for companies to focus on productive systems. However, if the productive systems are used as the basis for setting up and optimizing secondary systems - such as a training system - there is a problem: the misuse of the data. This is because legal permission to use data usually exists only for the productive system. Copying to and using in a non-productive system, on the other hand, constitutes a GDPR violation.
How to fix this problem? With Test Data Anonymization (TDA)! What exactly TDA involves, how it can be implemented, and on what systems – whether SAP or non-SAP – we will discuss in our whitepaper.