Meeting Global Data Protection Standards: A Chat with our Chief Technology Officer
06/01/2025Ivan Pereira, Chief Technology Officer at Promptly, is an accomplished technologist with a degree in Computer Science and a passion for driving innovation in healthcare technology. With extensive experience in designing, developing, and managing complex information systems, Ivan plays a pivotal role in shaping Promptly's vision and technological strategy.
At the helm of Promptly's engineering team, he leads efforts to build a federated data network in healthcare, enabling seamless and automated harmonization of clinical data. His expertise spans cloud computing, and open-source technologies, making him a vital force in developing scalable solutions that transform healthcare outcomes and analytics.
Could you elaborate on your experience and how it contributes to advancing healthcare technology?
As the Chief Technology Officer at Promptly Health, I am responsible for overseeing the technological strategy and implementation of our platforms. My role involves ensuring that our solutions not only meet the highest standards of performance and innovation but also prioritize data security, governance, and quality.
I lead a talented engineering team that has developed our federated data network— a system designed to securely connect healthcare data across organizations while preserving patient privacy.
Data Governance and Security
Connecting health data across millions of patients must be challenged. What specific measures does Promptly Health have in place to ensure the security and privacy of patient health data?
At Promptly Health, protecting patient data is our highest priority. We employ a multi-layered security framework built on privacy-by-design and secure-by-design principles to ensure that all sensitive information remains confidential and secure at all times. We also ensure compliance with international data protection standards, such as GDPR and HIPAA, while employing advanced patient tokenization and anonymization methodologies to protect patient identities.
These safeguards are intended to protect data privacy and integrity while retaining its analytical value for research and clinical studies.
Can you discuss any advancements or improvements made recently in Promptly Health's data protection infrastructure or policies?
Over the past year, we’ve made significant advancements in our security infrastructure:
ISO Certification: We achieved ISO 27001 certification, demonstrating our commitment to a systematic approach to managing sensitive information.
Cyber Essentials: We implemented Cyber Essentials standards to protect against common cyber threats.
Federated Data Security: We enhanced the security of our federated data network, ensuring that healthcare organizations collaborating through our platform can do so without compromising privacy.
Regular Security Audits: We’ve increased the frequency and depth of security audits to maintain resilience against emerging threats.
Ensuring Healthcare Data Quality
What models are used by Promptly to ensure the most accurate data quality?
We use the OMOP Common Data Model (CDM) to harmonize healthcare data across various sources. This model ensures consistency, interoperability, and a high standard of data quality, enabling robust analysis and comparison across datasets. Additionally, we apply automated data validation processes, anomaly detection algorithms, and regular quality assurance checks to maintain data accuracy and reliability.
How does Promptly Health comply with existing data protection regulations and standards, such as HIPAA, GDPR, or other relevant laws?
Promptly Health maintains compliance with global regulations through a combination of rigorous internal policies, external audits, and advanced technology. For GDPR, we implement strict data minimization, informed consent processes, and enforceable data rights. For HIPAA, we have secure handling of PHI, including encryption and role-based access. Our data governance frameworks ensure compliance with region-specific regulations, and we continuously update our protocols to reflect changes in the legal landscape.
How does Promptly Health ensure the security and privacy of healthcare data within the federated network while also enabling collaboration among various healthcare organizations?
Our federated model is designed to balance security with collaboration:
Data Remains Local: Data never leaves the organization’s control but is accessed securely using tokenization or secure APIs.
Federated Analytics: We enable analytics on distributed data using algorithms that protect patient privacy while allowing insights to be shared across institutions.
Zero-Trust Architecture: We implement zero-trust principles to secure interactions, ensuring no single entity has unrestricted access to sensitive data.
What are the key challenges Promptly Health faces in managing healthcare data securely and effectively?
The biggest challenges include:
Balancing Accessibility and Privacy: Enabling meaningful data sharing while adhering to strict privacy regulations.
Evolving Threat Landscape: Cyber threats are increasingly sophisticated, requiring constant vigilance and adaptability.
Standardization Across Borders: Managing diverse regulations across regions adds complexity to global operations.
Interoperability Issues: Harmonizing disparate healthcare systems and data formats remains a technical challenge.
Future Directions?
Our roadmap includes:
AI-Driven Security: Implementing machine learning to predict and mitigate security threats proactively.
Scalable Federated Networks: Expanding the reach of our federated data model to drive collaboration without compromising security.
By staying ahead of technological advancements and regulatory changes, Promptly Health aims to remain a leader in healthcare data protection and governance.
