Skip to main content

Hitachi

Featured customer case

Lumada customer case code: UC-01724S

Reducing the risk of information leakage, improving the efficiency of personal‑information handling operations, and improving convenience by utilizing personal information (2/2)

—Tokumei Bank: The Confidential Information Management Service—

2023-08-25

Safely and securely handle information that needs to be protected

Tokumei Bank: The Confidential Information Management Service

To comply with personal information protection laws, business operators are obliged to manage personal information more strictly. However, business operators also want to provide high value‑added products and services that utilize such personal information.

Solving the challenges of handling personal information

Using cloud services, organizations can share and efficiently use information: for example, diagnostic data from patients who visited multiple medical institutions or marketing information from the analysis of purchase histories. However, when handling such personal information, organizations always face issues such as the requirement to comply with laws and guidelines, the risk of information leakage, and the increased cost of collection and management.

Tokumei Bank is a cloud‑based service that solves these issues. Key features include the following.

  • Tokumei Bank stores personal information separately.
    Tokumei Bank manages collected personal information differently, depending on whether the information can be used to identify individuals. Such information includes names, dates of birth, or national ID numbers (such as Japan’s My Number). Other information is separated and managed as pseudonymized data.
    Information that can be used to identify individuals is encrypted in a way that has no regularity, and pseudonymized data is anonymized using different names so that individuals cannot be identified. Both types of information are stored in a state where the two types are not connected. This enables the information to be safely managed in compliance with the laws and various guidelines that protect personal information.
  • Tokumei Bank provides high safety and high speed.
    Hitachi’s searchable encryption technology uses ciphertext that changes every time and high‑speed processing technology to provide both safe management of personal information as well as high‑speed processing.
    • Ciphertext that changes every time
      The searchable encryption technology uses a probability cipher in which a different ciphertext (random number) is generated each time for each processing. This is more secure than general encryption because the lack of regularity makes it difficult to perform frequency‑based parsing of ciphertext and to make analogical inferences.
    • High‑speed processing technology
      This technology applies high‑speed techniques to standard cryptography, random number generation, and computation. In addition, by implementing index functionality, the technology can ensure a processing speed that is practical for use with large‑scale data of more than one million people.
  • Tokumei Bank achieves both cloud security and operational efficiency.
    By combining TLS, which encrypts data before sending and receiving it, we can build highly secure information‑sharing systems that can prevent spoofing, eavesdropping, and falsification in the communication paths, as well as preventing information leakage at the data center.
    With Tokumei Bank, organizations can manage information in the cloud and utilize such information within the scope of consent given by the information provider. This reduces the burden required to collect personal information for different purposes and to manage the consent information. With Tokumei Bank, organizations can utilize data at low cost.

Co‑creation with local governments and wellness companies

The Personal Information Management Platform manages personal information in Tokumei Bank and allows information providers to give their consent for their information to be used for a specific purpose. The platform enables the personal information to be safely distributed and greatly increases the value of the information itself. As part of the program Tokyo Metropolitan Government’s Project Support for Creating Next‑generation Wellness Solutions, in FY 2022, the Tokyo Metropolitan Government selected a project aimed at establishing an EBPM*3 business platform to foster results‑based businesses that will reduce the need for long‑term‑care.

*3
EBPM (Evidence‑Based Policy Making) refers to the process of clearly stating the purpose of policies, and planning and formulating policies based on rational evidence.
  • Project overview
    This was a collaborative project, in cooperation with A10 Lab Inc., Rehab for JAPAN, Inc., and Mealthy, Inc., which are wellness companies that develop and provide smartphone apps for preventive care and health promotion. In the project, we evaluated the results of businesses that aim to reduce the need for long‑term care in Hachioji City and Fuchu City, with the goal of providing services that will improve the quality of life of Tokyo residents by reducing their need for long‑term care.
  • Project period
    July 2022 to February 2023
  • Project initiatives
    In this project, we did the following:
    • Created an EBPM business platform
      As a service for residents, we collaborated with Hachioji City and Fuchu City, which have introduced smartphone apps designed to reduce the need for long‑term care. We created a business platform that can measure the effectiveness of initiatives designed to reduce the need for long‑term care by safely linking the following in the cloud: (i) data related to personal health, and statistics related to diagnostic, medical care, and nursing care businesses stored in the National Health Insurance Database System, and (ii) wellness‑company data related to health, medical care, and nursing care.
      Hitachi provided safe management and distribution of personal information through its Personal Information Management Platform and provided big data analysis through its AI‑based Health Business Support Service*4. We calculated the reduction in the rate of certification for long‑term care and the reduction of long‑term care medical costs, which are indicators of effectiveness, and worked to create a system for evaluating projects designed to reduce the need for long‑term care.
    • Established a foundation for PFS (pay for success) businesses that reduce the need for long‑term care
      When a local government outsources the work of administrative services to a private business operator using a PFS private consignment contract method*5, it is necessary to quantitatively evaluate the results of the project in order to pay the appropriate commission fee. With the aim of fostering PFS businesses that reduce the need for long‑term care, Hitachi, together with Hachioji City and wellness companies, formulated and verified hypotheses using the EBPM business platform and examined a mechanism for quantitatively evaluating results.
*4
AI‑based health business support service (Japanese)
*5
In a PFS (pay for success) contract, the final amount of the commission fee payment is decided based on the results of the project, and the local government outsources the work of administrative services to private business.

Supplementary information: Managing the consents of information providers for the use of their personal information

The Personal Information Management Platform provides a common portal that allows information providers to view their personal information managed by Tokumei Bank and to edit their consent for their information to be used for a particular purpose. The information provider can provide additional consent for purposes other than the purpose they originally agreed to when registering the personal information. The information provider can also withdraw previously granted consent for a purpose they no longer want to agree to.

When the consent added by information providers is reflected in the Personal Information Management Platform, the organization (company, local government, or medical institution, etc.) can use the data for the purposes for which consent has been obtained, which makes information collection more efficient and saves labor. In addition, by quickly responding to the addition or withdrawal of consent, data can be flexibly distributed and used in accordance with the desires of the information providers. This will lead to the provision of appropriate services and to the creation of new services.

Future prospects of Tokumei Bank

Tokumei Bank helps to bring about DX (digital transformation) by aggregating and centrally managing data in collaboration with the work systems of an organization. Shifting from paper to online operations can achieve safe, secure, and efficient service operations.
In the future, by using APIs to utilize linked work systems and a wide variety of data managed by Tokumei Bank, we will be able to contribute to the creation of new services.

For details on our solutions, see the following webpages.

Tokumei Bank: The Confidential Information Management Service
This cloud‑based service enables safer and more secure handling of information that requires protection, such as personal information.
This solution can be provided to customers in any region.
Ehime General Health Association (Tokumei Bank case study): This case study describes a system for making health checkup reservations on the web. The system uses Tokumei Bank to provide highly secure management of residents’ personal information on the cloud.
Personal Information Management Platform
Distributing information based on the consent of the individual greatly increases the value of the information itself.
This solution can be provided to customers in any region.
Hitachi participated in the program Tokyo Metropolitan Government’s Project Support for Creating Next‑generation Wellness Solutions to create an EBPM business platform to foster results‑based businesses that will reduce the need for long‑term‑care.
Hitachi provides both a secure personal data utilization platform and an AI analysis technology for nursing care, health, and medical big data. Both are contributing to the promotion of evidence‑based work in local governments, with the aim of improving the quality of life of Tokyo residents.

For details, see the relevant news release.

Summary

Protecting the rights and interests of information providers while leveraging the usefulness of personal information
Organizations (companies, local governments, medical institutions, etc.) are working on initiatives to share and utilize personal information, but information providers are worried about how organizations are handling their personal information. Hitachi’s Tokumei Bank uses a unique searchable encryption technology to safely manage information that can be used to identify individuals, and provides a mechanism that allows information that cannot be used to identify individuals to be used for each purpose for which the information provider has given consent.
Tokumei Bank: The Confidential Information Management Service
Tokumei Bank solves issues that arise when handling personal information (such as compliance with laws and guidelines, risk of information leakage, and increased costs related to collection and management), and improves business efficiency and convenience. In the future, organizations will be able to use the data managed by Tokumei Bank to create new services and businesses.
Does your business have a large amount of data that is not being used?
Do any of your business sites generate highly useful data (such as personal information) daily, and are you examining ways to manage and utilize such data?
You can unlock the true potential of your data and create new value through data collection and analysis.

Key points of this article

By using this service, organizations can:

  • Improve the efficiency of personal‑information handling operations while improving convenience through consent‑based usage of such information.
  • Comply with laws and guidelines related to personal information, and collect and store such information safely.
  • Search and collate such information while it is encrypted, thereby reducing the risk of information leakage.

For example:

Tokumei Bank can be used in a variety of operations and services, including centralized management of employee health information, registration of national ID numbers (such as Japan’s Individual Number, commonly referred to as My Number) at financial institutions, and enabling local governments to set up appointments for health checkups.
Hitachi will continue to expand the application of this service to different industries and fields so that organizations can protect personal information and use it appropriately, and the information providers (the persons providing their personal information) can eliminate their anxiety over how their information will be handled and can receive more convenient services.

*
The service (or solution) specifications are subject to change without prior notice due to reasons such as continual improvements.