Futrix Health provides Privacy Drill Control that restricts users from navigating to, or near, the detail levels of data. Thresholds are created to prevent users from being able to deduce information that should only be available at the detail level. Futrix Health allows you to control the data access at a column and row detail level of granularity. You can have the control of making certain types of information available for specific individual users or groups.

Futrix Health felt it necessary to address the importance of security with multiple layers of access control at an organizational, group, and individual level. Some key features to understand about the Privacy Drill Control are:

• Column level security restricts access to certain types of information.
• Row level security will subset information to only allow specific values to be surfaced to the appropriate users.
• Privacy Drill Control prevents users from drilling into detail levels of data and from deducing sensitive information at a certain threshold level of drilling.
• Application Control allows the user experience to be tailored to their comfort and skill level for conducting web based analysis. For instance, some users prefer a more guided user session that is more simplified, while other users prefer a more robust power user experience for more advanced analysis.

Examples:

While drilling and filtering into a source of information, if there were just a few rows of a displayed table which had very little contributing source data, but every other row was above the privacy threshold, then users will still be given a report, but the data that fell below the threshold will be clustered and made anonymous before being provided to the user.

• Set drill levels based on user or user role to ensure HIPAA PHI -Small Cells of Data compliance by user and row.
• Create data governance based on the user’s permissions to view PHI.
• If a user is not permitted to view PHI, then the Futrix drill permissions would not allow that user to view a cell of information with less than a defined number of members in de-identified data, i.e., less than four members in a cell of data will be blocked for that user. A user who may have permission to view the total population of data may be restricted from seeing a segment of employees contained within the information.
• A business analyst may be permitted to view the details of their division, but may not view details from another division. Privacy Drill Control can set the business rules to not permit the business analyst from viewing
  restricted data.
• Privacy Drill Control can manage permissions of those users who can view Summary Health Information (SHI) and for those indicated as Group Health Plan Designees (GHP) who are permitted to view PHI information. Futrix view can govern data access based on the role of the user, thereby ensuring confidentiality and HIPPA PHI compliance of Minimum Necessary Rules.