© 2002 ibm corporation extreme blue - start something big ibm confidential | summer 2003 technical...

36
© 2002 IBM Corporation Extreme Blue - Start Something BIG IBM Confidential | Summer 2003 Technical Interns: Business Intern: Mentors: Sponsored by: EBO: Hippocratic Databases Demonstration (Screenshots) Ameet Kini (UW-Madison, Ph’D ’05) Kristen LeFevre (UW-Madison, MS ’04) Diana Zhou (UW-Madison, MS ‘04) Amy Wang (UCLA Anderson, MBA ’04) Rakesh Agrawal, Phil Fritz, Calvin Powers, Yirong Xu Arvind Krishna, Alan Lee (Tivoli), Harriet Pearson (CPO) Business process integration, business transformation

Upload: nicolas-miggins

Post on 14-Dec-2015

218 views

Category:

Documents


1 download

TRANSCRIPT

© 2002 IBM Corporation

Extreme Blue - Start Something BIG

IBM Confidential | Summer 2003

Technical Interns:

Business Intern:

Mentors:

Sponsored by:

EBO:

Hippocratic Databases Demonstration (Screenshots)

Ameet Kini (UW-Madison, Ph’D ’05)Kristen LeFevre (UW-Madison, MS ’04)Diana Zhou (UW-Madison, MS ‘04)

Amy Wang (UCLA Anderson, MBA ’04)

Rakesh Agrawal, Phil Fritz, Calvin Powers, Yirong Xu

Arvind Krishna, Alan Lee (Tivoli), Harriet Pearson (CPO)

Business process integration, business transformation services, pervasive computing

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Hippocratic Databases

WHAT IS THE BUSINESS PROBLEM?Legal regulations requiring companies to protect personal identifiable informationLack of technology that enable efficient privacy enforcement and data handlingLoss in business revenue due to customer concerns about privacy

Dilution of brand imageAudit failuresCustomer lack of trust

WHAT IS THE PROPOSED SOLUTION?Database architecture supporting automatic enforcement of policiesPrivacy language that allows users to define preferences for data access and usageAdvanced querying capabilities that enforce corporate privacy policies and user preferences

Team: Ameet Kini (UW-Madison PhD ’05), Kristen LeFevre (UW-Madison MS ’04) Diana Zhou (UW-Madison MS ’04), Amy Wang (UCLA MBA ’04)Sponsors: Arvind Krishna & Alan Lee (Tivoli), Harriet Pearson (CPO)Mentors: Rakesh Agrawal & Yirong Xu (IBM Research), Phil Fritz & Calvin Powers (Tivoli), Harriet Pearson (CPO)

WHAT IS THE VALUE PROPOSITION?Increases performance and cost efficiency and minimize customization of applicationsIncreases trust and brand value by effectively managing consent informationEnhances business opportunities previously inhibited by privacy concernsKey market differentiator for IBM

DATABASE

Application DataRetrieval

PrivacyEnforcementJDBC Driver

User Data

User Preferences& Data Collection

NegotiationUser Preferences& Policy Matching

Installed Policy

Privacy Policy

Creation

InstallationEPAL Policy

Parser

Safeguarding Private Information -- Inevitable and Essential for all Corporations

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Hippocratic Databases NetCare Healthcare Business Scenario

•John Cane, Chief Privacy Officer, NetCare Healthcare•Jane Smith, New Patient, NetCare Healthcare•Dr. Young, Physician, NetCare Healthcare•Christine Jones, Lab Technician, NetCare Healthcare•Phil Crew, Drug Researcher, Innovative Drug Research

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Hippocratic Databases NetCare Healthcare Business Scenario

DATABASE

CorporatePolicy

Installation

John Cane, CPO installs corporate privacy policy

Jane’s Data(Personal/Medical

Records)

Jane, a new patient, defines her privacy preferences

Negotiation

Jane visits NetCare’s website to setup patient account

Jane submits her personal information

- Name, Address, SSN#, Email- Opt-in to sharing data for research- Opt-out of sharing full medicalrecords to lab technicians

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

HIPPOCRATIC DATABASESNetCare HealthcareDEMONSTRATION

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

This is the main page ofNetCare Healthcare’s website.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

John Cane, Chief Privacy Officer, NetCare Healthcare

John will install NetCare’s corporate privacy policy, which he wrote.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

John Cane, Chief Privacy Officer of NetCare, logs in to install privacy policy.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Let’s first view the text version of the NetCare’s privacy policy.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Now let’s view the XML format of the same privacy policy to be installed.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

NetCare’s privacy policy is savedinto the database to be used forsystematic privacy enforcement.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane Smith, New Prospective Patient, NetCare Healthcare

Jane will first define her own privacy preferences. Then she later creates a new patient account with NetCare Healthcare.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane specifies her own privacy preferences

Jane specifies her own privacy preferences for her sensitive information.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane selects her privacy preference by selecting the medium level of privacy protection.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane proceeds to create a new patient account.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

The matching process revealsthat one of Jane’s privacy preferences conflicts with NetCare’scorporate privacy policy.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane modifies her preferences

Jane decides to review her privacy preferences.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane now selects the setting for the low level of privacy, removing the preference that was previously in conflict.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane now creates her patient account and selects to share her medical information for research but not for lab work.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Jane’s patient account is created. Her personal information and privacy choices are saved to the database.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Christine Jones, Lab Technician

Three months later, Jane’s visits the doctor who prescribesa lab exam for Jane. When Jane goes to lab exam room,Christine, the lab technician, retrieves Jane’s patient information from the database.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Christine Jones, the lab technician logs in from the main website.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Let’s demonstrate Christine’s data retrieval for Jane’s record WITHOUT Hippocratic Database privacy enforcement.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

WITHOUT the Hippocratic Database privacy enforcement, Jane’s entire record appears. This does not respect her privacy choices.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Now let’s demonstrate Christine’s data retrieval for Jane’s record WITH Hippocratic Database privacy enforcement.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Now WITH the Hippocratic Database privacy enforcement, only the relevantdata for the lab technician and for the purpose of lab work appears.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Phil Crew, Drug Researcher, Innovative Drug Research

Phil will retrieve patient records from the database to find thosepeople who may benefit from the company’s drug research.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Phil Crew, the drug researcher, logs in to retrieve data from the database.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Let’s demonstrate Phil’s data retrieval for all patient records WITHOUT Hippocratic Database privacy enforcement.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

WITHOUT the Hippocratic Database privacy enforcement, full patient records for all patients appear withoutrespecting privacy preferences or the corporate privacy policy.

© 2002 IBM Corporation

Extreme Blue - Start Something BIG

IBM Confidential | Summer 2003

Technical Interns:

Business Intern:

Mentors:

Sponsored by:

EBO:

Let’s demonstrate Phil’s data retrieval for all patient records WITH Hippocratic Database privacy enforcement.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Now WITH the Hippocratic Database privacy enforcement, only the data of those who agreed to share information fordrug research purposes appears. Also, privacy enforcement is performed at a granular, cell level.

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

More efficient than competing privacy solutions.

Increase customer trustand business opportunities

Help mitigate legal risks

Minimal modification ofexisting applications

Value Proposition

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

e-businessapplication

“Data Subject”

SubmitsPersonal Info.

AccessesPersonal Info.

“Data User”

Privacy Manager®

Near Term Channel to MarketHippocratic Database and Tivoli Privacy Manager

Audit ManagementReport Generation

HippocraticDatabase

Privacy Enforcement

Policy Creator/Editor

IBM’s PrivacyManagement Solution

Extreme Blue: Start Something BIG

2003 Summer | w3.ibm.com/extremeblue © 2003 IBM Corporation

Safeguarding private information –inevitable and essential for all corporations