Platform Thinking: Building for privacy and data security
Sahha CEO & Co-founder Doug MacDonald shares how Sahha approached building for privacy and security first when designing the Sahha API platform.
Sahha CEO & Co-founder Doug MacDonald shares how Sahha approached building for privacy and security first when designing the Sahha API platform.
Consumer acceptance of digital health services is on the rise. This is driven, in large part, by an understanding of the potential these services have to improve and even save lives. The key to sustaining high confidence and acceptance in digital health services comes down to the responsible management of providers with their user’s personal data.
As a co-founder of a startup that works in the behavioral analytics space, privacy comes up, a lot. And frankly, it should. Companies in the digital health space are asking a lot of users in the type of information that they are asking for and storing.
What’s exciting is that as an industry, we are just getting started. Digital health innovations using mobile phones, wearables, and extended reality, are revolutionizing assessment, treatment, and self-enabled care. But the true benefits of this innovation will be lost if user’s data is mismanaged, and that trust is broken.
I’m not talking about the bad actors that purposely share their users information for profit. I’m talking about new digital health apps and services that create a service or a product for the purpose of genuinely helping people and their duty of care with the data they collect.
We have a litmus test at Sahha, if the information you are collecting is more for the benefit of the company than the person you are serving, then that’s a clue as to your purpose.
As a startup, what is the best approach to building privacy and data security?
If you are a typical startup, your primary focus is on developing a service that has product market fit and providing value to your customer at a price they are willing to pay. But in a digital health startup, how you manage your customer’s data and privacy is as important as product market fit.
The challenge we had at Sahha was understanding our duty of care and regulatory responsibilities to guide how our engineers and developers build the product. We took guidance in the Privacy by Design principles, but found them too high level for practical applications.
Our method was to take the first key principle of Privacy by Design, take a proactive approach, and apply it to the product concept.
Our approach was to partner with privacy and data security experts and asked them to complete a privacy impact assessment (PIA) on our product and architectural concepts. By having the PIA performed on the product concept, we easily identified the data security and privacy pain points our customer’s would have and the regulatory hurdles we would need to account for. Instead of building a house and retrofitting it to code, we understood in advance what the regulations/concerns would be, and built to accommodate for them. Moreover, we asked our experts what are realistic advances in regulations that we can expect in the next couple of years so we can be proactive and future proof our solutions.
The digital health industry is and exciting area of innovation, it is incumbent on its innovators to be good stewards of user’s data and privacy in order to ensure its success.
How did your startup navigate through its initial data privacy journey?
Thanks for sharing. What are your thoughts on proving that there is privacy on products and services as it is claimed to be? Is there a way products can show demostratable privacy? One could be open source. How to prove the data shared with others are still private and not misused?