Player is loading...
Management of health data in an industrial company
V. Srikanth Nallanthighal
Thursday, Sept. 5, 2019 · 1:57 p.m. · 20m 33s
Embed
Transcriptions
Note: this content has been automatically generated.
00:00:00
objection uh so again i'm sick and i'm looking at the same district philips research and
00:00:06
also i don't know i'm at the age of the student in the fat plastic with so
00:00:12
and it's always hard after the lunch break i hope you guys would survive this huge presentation so
00:00:18
so the the product title the presentation is management of
00:00:20
hell data industrial company which in my case is philips research
00:00:27
so this topic is pretty fascinating for me because
00:00:32
of i had to go to the entire procedure for doing my one experiments backing
00:00:36
philip so i'm pretty much fish with the entire procedure and it's also interesting how
00:00:42
i mean how because the laws are and how careful the companies like philips hiding
00:00:48
acting at this one issue and then implemented in the right way it's supposed to be
00:00:52
so with that introduction i just want to share the gender that the call would be off
00:00:57
so the interaction would be on the g. d. p. at we've been hearing about you to be of a lot of times a couple of days
00:01:04
so i wouldn't really go deep into it but then that would try to briefly explain about it and then they that we're going to the
00:01:11
phillips and then an committee which is what the finnish ethical committee it is quite high phoebe
00:01:18
i never expanded role in explaining how good organisation as it is and then i would get into data
00:01:24
privacy confidante how phillips these to the data privacy and then wondered if defined right within disk in terms
00:01:31
of privacy and then rose above the principles unlawful acts of accessing the data and finding that would also
00:01:38
explain the lights off data subjects and the last topic would be on information security in this that like
00:01:46
because into information security is really important to you have all the laws being properly
00:01:51
taking care of if there's a beating the data finally that would be a huge penalty for
00:01:55
the company so i would also have some stress on this information security so what is the tibia
00:02:03
as you all know by now g. p. s. stands for general data protection regulation so it's a
00:02:09
glistened in the european union that is intended to
00:02:11
strengthen i'm for the holidays data protection laws across you
00:02:17
oh well at the same time they're also trying to address new
00:02:20
technological developments be really careful about how they'd once been should be i'm
00:02:25
it has been in effect since may twenty fifth two thousand eighteen i'm
00:02:29
also it's like a significant step of the privacy rules of eternity how
00:02:34
almost like a fragmented framework propagate privacy loss and then a few information
00:02:38
security loss so it's it's almost like a single frame of all activities
00:02:45
of
00:02:47
but what are the goals of the t. v. on the primary goal type protection control so the production is basically
00:02:52
production oppose the data and just into the private privately right and the control is to give the users control what data
00:03:01
and who is a good idea it's not just the you can't is but also any candy out
00:03:06
id which is also accessing the e. u. citizens data should also be in compliance with the deep yet
00:03:13
so that's one interesting thing i'm what i may be doing when they're talking about with
00:03:19
the data it's not that the name it this email id and i'll just uh but
00:03:22
the other part is also the by unmitigated it didn't it didn't the data they held
00:03:26
data and also really just to use same sexual orientation all this comes under personal data
00:03:33
and what rights not companies enable subjects under the g. d. p. of this was more expensive explained yesterday by
00:03:40
i think i'm i would have that that so it's like the activated a question like the ratio like to instructional
00:03:46
processing portability and then like the object subjects at a low pass object they use of data at any point of time
00:03:56
and how much can companies be fine for noncompliance this is an interesting question because usually
00:04:01
the fight if the data beach and if a company has to
00:04:05
deal with it it has been found that product is incentive to us
00:04:09
in case they fail to do so they'll have to face the final twenty million euros
00:04:14
or sometimes four percent of the global turner well we just like by company like philips which has
00:04:19
about twenty billion off below four percent would be almost close to one billion which is huge men
00:04:26
i mean what does this deeply i mean the phillips need just to say in g. d. p. r. have
00:04:31
an impact on phillips i'm that mad it's it has a huge impact on high tech industries on the whole
00:04:38
but yeah i thought an operational processes that have to be adopted in compliance with g. d. p. i. so
00:04:44
this might include a separate ways of dealing id services separately or
00:04:49
dealing information security having our own privacy related loss and then also
00:04:56
we have our internal audit switch always ensure the data and the process i don't in favour of the d. p. uh i'm
00:05:03
we also have a special strategy for having contracts with our vendors and customers so
00:05:08
every activity that villages in wording is always being watched by a separate body which would take care that
00:05:14
it so actually falling all the g. d. p. abuse and beef body if r. e. i. c. d. so
00:05:24
i. c. b. stands for internal committee or biomedical experiments it is as
00:05:28
i mentioned it to him to analytical committee so that the school is
00:05:32
it i think they actually reviews the biomedical experiments with human tiny but related material
00:05:36
or data that's what any data that's pertaining to humans is taken care by t. v.
00:05:42
and did you it's not just on the data in euro four euro bassett
00:05:47
what been anyplace outside europe a philips station and it's dealing with european union
00:05:53
didn't data it has to be in compliance with g. d. b. uh which implies that it has to be under the i. c. b. seven
00:06:02
so what is the role in scope of a c. v.
00:06:05
so that primary relative to enable defective dependent state even if if it because human in
00:06:11
efficient manner while remaining in compliance with applicable regulations and standards worldwide including had invited yet
00:06:19
up because that so this is like a huge statement but it almost goes up although
00:06:24
well all the principles of g. d. p. r. two and the primary pollution is i think is not
00:06:30
just a legal entity assets it also has scientific uh a senior scientists in well so there's always a
00:06:37
apart with a day off seeing how valuable the thirties and
00:06:42
uh how much how how advancing inhaled get is actually importing
00:06:45
foe ahead get take companies and also the humanity of this thing
00:06:50
i'm the continuity of i. c. d. i think is just ones
00:06:54
will fade any kind of medical problems it it does anything pointing out
00:06:58
beyond phillips it's always going to be targeted on our uh internal committee so
00:07:05
but i think they really take care off first the scientific ready to because even the
00:07:10
same senior scientist and all scientifically set aside inward in this committee and then it fees
00:07:15
that all the g. d. p. r. rules and everything is in compliance with the projects and then
00:07:20
about it because i'll always tries to match up with the phillips reputation and
00:07:24
them because uh as you all know in europe phillips had is on the petition
00:07:30
so the organisation of i. c. b. b. the human body so i would just explain the different lattice of i.
00:07:37
c. b. s. it sort of what the most that is the fact that some project leaders we usually come up with
00:07:41
this it's related topics and then we saw the first discuss with the department coaches
00:07:46
we have a few senior scientist toppings percent is to know what the procedure should be
00:07:51
so they that's cafe what kind of thirty days and then we do that quite documentation
00:07:56
and we have some i. c. b. c. could trees who also be with a frame but for the entire submission of the project
00:08:02
and then yeah like in in contact with though operations support so these are the people who were
00:08:07
very friday expired risk management part privacy part and then we were all we would submit entire documentation to
00:08:14
uh i. c. b. board decisively boards are typically the local bodies and then be be there like the meetings per week and then
00:08:21
discuss and see that entire framework is done properly but the final
00:08:26
decision is usually taken but they should be core team which is
00:08:30
in amsterdam so they have a a group of people i think the
00:08:35
state and legal counsel privacy officers risk management offices and everyone has their one
00:08:41
its expertise in getting better product should be taken up or not or whether the data should be analysed on or
00:08:47
i'm the musical but mainly target on it takes quality
00:08:52
regulate you play with the legal risk and safety analysis and all that kind
00:08:56
of stuff and finally also on the image of what phillips is known for
00:09:01
so it's a good it's got the same i. c. b. is mostly the soul body that's
00:09:07
taking care of for this and then just families this in three words
00:09:12
i should be if that's possible for the protection fits visitation
00:09:15
and excellence when it comes to research and it data related research
00:09:21
so now uh i would also want to going to play
00:09:26
with it on planes uh off human studies in human studies
00:09:30
uh because usually the data that phillips deals with is a human health data
00:09:35
and then they should be really strong privacy issues and then it's almost
00:09:38
all this one pretty often have to take care of the uh privacy issues
00:09:44
so how should this be taken care so we have it is based
00:09:47
approach the thing is we have a privacy officer who deals with every project
00:09:51
so i see next week i'm we can't expect every researcher to know all the privacy issues
00:09:56
so project uh everybody does associated with the right this is support person and he's
00:10:01
you from the very beginning starts providing all the information related to
00:10:06
privacy problems that might get is with the project or with the data that recognising but
00:10:12
but also we in order to know what privacy is we need to understand
00:10:15
what was the data privacy as cities of it's it's not usually thing depending uh
00:10:22
the attributes like name email id or something like that but if a person is identifiable from
00:10:28
a whole set of information then it's still a problem with the privacy so
00:10:34
and the major privacy issues would not be with the data data but then if it's something
00:10:39
related to sensitive data like a person facial lot technicalities which she doesn't want to inform or
00:10:44
if it in something related to genetic correlations that would be a serious concern in terms of privacy
00:10:52
so for this as we discussed yesterday but hanky like you pointed out that
00:10:57
a nomination is one way of dealing with it sort of like processing posted it trying to a reversible of a word
00:11:04
actually help us to prevent identification but still if if you still have
00:11:09
a copy of the original data even after doing then on imitation it's
00:11:12
still a beach for the privacy that's a huge n. mistake that most
00:11:16
of the people do so they like storing that wasn't it at an event
00:11:20
we're still be considered as personal data even after an organisation
00:11:25
but what typically goes on even after you anonymous data like uh uh it's really had a
00:11:30
good example from hank waiting he just he explained that when you have two databases that thing
00:11:35
uh not amazed information on unity corps but then if you have a access for both the database you could actually match
00:11:42
a percent of both and it is so there's a classic example for this very um net flicks
00:11:49
uh as as you all know it has abated flat database uh
00:11:53
in order to improve its movie taking kind of a steady i'm
00:11:58
usually when it published it as a last database it anonymous all the information of the us
00:12:04
what did the big and if they could be deflected for but that is one
00:12:07
of the database which is a public good that is that's i. m. t. v. so
00:12:12
this could be an an example right in if an anonymous person he is what's the particular movies and
00:12:18
then he inflated those movies but then you also has a he or she has on both an interest
00:12:24
and when biff data would be mass with i. m. t. v. probably data and even if only a few movies match with
00:12:31
the exact date and exaggerating because usually people are happy with
00:12:35
the movie they usually try to related every public domain so even
00:12:41
but but when they they don't places like net flicks they know it's
00:12:44
confidential to the one so they don't really expected to be public but then
00:12:48
by having a competition that i am baby database an anonymous database from net flicks you could likely
00:12:54
identify the person a and you can come to the conclusion that you've actually interested in
00:12:59
some kind of movies so this could be this could already be a privacy issue for it fake
00:13:06
so the foundation is people realise data i mean
00:13:10
people realise data sometimes feeling i'm not imagining the
00:13:13
consequences and then they could be annoying this of retrieving what the person is or what his intentions thought
00:13:20
uh so anonymous it also then on isn't is nobody so use and so usually we
00:13:24
have to go to the contract i can send a contract way of dealing and then
00:13:28
even if these kind of things i pointed out we try to rectify that
00:13:32
transcend that they have and if if like a huge thing for medical data to
00:13:36
because medical data usually has a lot of it to butte and then there's
00:13:39
always a way of matching to one on one of the other kind of activity
00:13:44
so even if like if there is within this body and it just
00:13:47
finalising the writing was speech high style of writing you can actually identify people
00:13:55
but i mean how to be lawfully make use of data even if
00:13:58
it's anonymous that one but i mean even if it's anonymous transported out
00:14:02
so that a different ways of doing it lawfully which was all again explain by think yesterday
00:14:07
so i wouldn't really go into the details of it but usually it's taking a consent from the subject about having a contract with
00:14:14
uh organisation like the the philip's life thing is it's basically a contract with all the subscribers and then
00:14:19
you don't really need to take the consent of individual person if it but if if it's usually a contract with the business then it usually comes
00:14:27
and it and then the legal obligations could be one way of accessing the
00:14:31
data in order to protect whitening just in case of emergencies for some patients
00:14:36
public interest and then even legitimate business interest would also be ovate to process the of data
00:14:44
but my concentration would be more than the legitimate interest like the big business
00:14:48
usually the way the goal is like baking pan thing dollar contract from the people
00:14:53
but still yeah like certain restrictions on how who legitimate interest could be
00:14:58
i mean not i mean the tomatoes were not available thing to ever the company to actually access the data
00:15:05
especially this happens and they had a date had been elected data so the
00:15:09
hill data cannot be processed for legitimate interest which involves a lot of business but
00:15:15
the only exception if if it's pertaining the research scientific research then usually that a lot too
00:15:21
uh access the data so this is how philips or any other healthcare related industries
00:15:28
kind of kind of data and then make use of it for scientific loose it's
00:15:33
so what what their rights are subject has
00:15:37
so they like to extensive but because i think it was an article thirteen which i wouldn't go into details
00:15:42
but that so many clause that but i have a subject always has the right to withdraw his participation or
00:15:50
oh and and also he has to be informed in if we extend in order to have him or her that's part of the subject
00:15:57
so it's not just about the concern that we get but also the later dealings if if you're also be informed about the
00:16:03
like person to contact in order to withdraw his participation that's usually
00:16:07
the data protection opposite but all this site because all this laws finally
00:16:13
whilst onto one thing informing them on this having people informed
00:16:17
about what we're doing with the data is one day off oh
00:16:21
and they also only problems i'm not getting into problems even after having fun
00:16:26
thing for the for the lifetime maybe but if you are going to make
00:16:31
a new study or if you're going to make a new analysis then it's
00:16:34
always mandated to have consent of the people that have the people informed again
00:16:40
and at the end of the day however good the project is how innovative the subject to if people find it creepy
00:16:47
it could be a big problem they could just be draw from the thought from the analysis often the stadium then your project would
00:16:54
going to him
00:16:57
and the last five would be on information security in
00:17:01
the search so this is also the important aspect because usually
00:17:05
oh it's always that we take care of the loss and all this for all the processes why in having steady having the
00:17:12
uh uh the third going on but then at the end of the day if you don't have enough security for the data you collected there's always the
00:17:19
problem so this is one cartoon that's depicting it i guess
00:17:23
it's a typical startups evaluating people don't really concentrate on the
00:17:27
information security they get their product ending and at the end of the day when there's a
00:17:31
security breach ended so hacking up with upside down there like and this
00:17:37
and then have to end of thing a huge flame you should so but how security like if that
00:17:45
anything like a hundred percent agreed is never something got time to present security thought about risk management so
00:17:52
they could be systems which made it seem to be secured like
00:17:55
the baby have been the best picture like any be any person from
00:17:59
the the lens me identify that it's not really secure you can on with with the site bike and then you can take it away
00:18:05
and the other one it's too secure but you can't really make use of the facility so it's always a compromise in them
00:18:15
usually the simple mistake for the ones which lead to huge penalty so we always had this oh
00:18:20
you should have this thing in philips wherein people approach the uh security officers and say that got the discord
00:18:27
to test on ten or twenty people and the name of the out there were to make a post nice have
00:18:32
uh so why don't we have before i should be found all this procedures
00:18:35
could we not get exemption and the only thing they come up with finances
00:18:39
when there's a beach in the data it doesn't matter whether it's one participant or hundred participants it's always the beach
00:18:45
so the only way to cancel this is have predictions so
00:18:50
one way is to have rubber security been raised i mean the
00:18:53
the first thing is to have a physical security for the database servers are we having them in secluded location as secure locations
00:18:59
and also the devices that we have at home that should be encrypted properly but collecting data
00:19:04
and it should be authentication and authorisation picnics for the internal employees so that they wouldn't be a bit it's something outside
00:19:11
and all mad with production is also important thing and there's also interesting upset quite have i been on if it's like
00:19:17
i would say creating you can check whether you email id or password is already
00:19:21
reached on not because usually when you have some public domain cycling been or something and
00:19:25
it is a data between thinking of this book everyone has the password or email id
00:19:29
already and the person who doesn't already on the net so anyone can make use of
00:19:35
and anyone who has a person in a lady who has activated
00:19:40
opposed eliminated what the us back is already bleached is what they form
00:19:46
i'm i should be implemented difficulty one reason for short is because the d. p. o. one two and i don't is
00:19:53
when there is usually a thick uh when there's usually a beach it would become a huge news and that would hamper the repetition of a company
00:20:00
even though is that if the business actually doesn't have posted it is example philips electronics may not have
00:20:05
any personal details it's a very loving but still a beach is always a beating a good habit adaptation
00:20:12
i know that the other side when you say that you have encrypted i'm secure kind of they put
00:20:17
people acting to billy then there's a credibility for the company so it's all this pasta hope from the people
00:20:25
so that
00:20:27
pretty much
00:20:30
ah ha
Conference Program
Storage and management of sensitive speech data
Henk van den Heuvel
Sept. 4, 2019 · 11:51 a.m.
ESR01 : Speech based automatic dementia detection in a home environment
Yilin Pan
Sept. 4, 2019 · 2:14 p.m.
ESR03 : Interpretable speech pathology detection
Julian Fritsch
Sept. 4, 2019 · 2:30 p.m.
ESR04 : Acoustic speech based monitoring for telehealth and predictive analytics
V. Srikanth Nallanthighal
Sept. 4, 2019 · 2:54 p.m.
161 views
ESR07 : Modeling progression of patients with neurodegenerative disorders
Camilio Vásquez
Sept. 4, 2019 · 4:05 p.m.
ESR08 : Developing measurment procedure of pathological speech intelligibility
Wei Xue
Sept. 4, 2019 · 4:31 p.m.
ESR09 : Clinical relevance of intelligibility mesures
Pommée Timothy
Sept. 4, 2019 · 4:49 p.m.
Big Data with Health Data
Sébastien Déjean
Sept. 5, 2019 · 9:20 a.m.
Small Data, Number of features vs. number of observations
Olivier Crouzet
Sept. 5, 2019 · 9:47 a.m.
ESR11 : First year review
Bence Halpern
Sept. 5, 2019 · 11:20 a.m.
ESR10 : Acoustic features to support the perceptual evaluation of accent production in dysarthric speech
Viviana Mendoza Ramos
Sept. 5, 2019 · 11:39 a.m.
110 views
ESR12 : Continuous speech recognition for people with dysarthria
Zhengjun Yue
Sept. 5, 2019 · 11:50 a.m.
153 views
Management of health data in an industrial company
V. Srikanth Nallanthighal
Sept. 5, 2019 · 1:57 p.m.
146 views
