TL; DR: BurstIQ’s global data network is providing businesses with a broader view of health profiles via granular data ownership and consent. The HIPAA and GDPR-compliant solution links complex data between multiple sources, creating an environment suitable for data-driven partnerships and relationships. The technology behind the platform, a secure, blockchain and cloud-based network of networks, essentially creates a plug-and-play hosting solution with all of the data management features needed for complex analytics.
For years, tech giants have delighted in monetizing the personal information consumers throw around the internet like confetti.
But it’s fair to say the party is over.
In the last decade, the public has become more aware of data privacy rights than ever before. Whether through regulatory requirements, consent notices, or distributed technologies, many wish to regain ownership of their personal information.
Unfortunately, ownership isn’t easy to define. When it comes to data, each thread doesn’t stand alone — they are woven into a complex and ever-growing tapestry.
Amber Hartley, Chief Strategy Officer at BurstIQ, said her company’s technology helps businesses navigate these complicated scenarios in healthcare and beyond.
“Our platform helps assign both ownership and consent on a granular level,” she said. “Say there’s a diabetes test of some kind in my health record. There could be a scenario where the information is co-owned between my doctor and me, or even partially owned by a third party that ran the tests, such as Quest Diagnostics.”
That’s just one example — Amber told us the data profiles BurstIQ manages can be far more complex. The global data network and management system, which is compliant with both the Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR), processes data differently than most traditional and even blockchain-based systems.
“We build longitudinal profiles of people, places, things, and processes from all sorts of different data sources,” Amber said. “We map those into data profiles, and then enable connections between those data profiles.”
Ultimately, the cloud-based network of networks — essentially a plug-and-play hosting solution with all of the data management features needed for complex analytics — creates an environment suitable for fostering data-driven partnerships and relationships.
Enabling Granular Data Ownership and Consent Since 2015
BurstIQ, based in Denver, was launched in April 2015 by Brian Jackson and Frank Ricotta. Both founders have decades of experience in cybersecurity.
Frank started his IT career at the United States Air Force Academy north of Colorado Springs, Colorado. His first commission after graduating from the academy was to build data communication networks between the air force’s satellite and ground operations.
“He’s been in the industry, and familiar with the fundamental technologies that came together as blockchain — zero-knowledge proofs, distributed databases, security requirements for the U.S. Department of Defense — for years,” Amber said.
Brian, on the other hand, has vast experience as an ethical, or white-hat, computer hacker. Amber told us he knows cybersecurity “inside out and backward.”
“My favorite story about him is the one where he sat on a park bench outside the LAPD, hacked into their system, walked in, and handed the chief of police his admin password,” she said.
Shortly before BurstIQ was founded, Frank was the victim of three data breaches — one of which involved the United States Office of Personnel Management. “He got a letter in the mail stating that his background information, and that of his entire family dating back 30 years, had been hacked, and that China might have access to it,” Amber said. “And all they offered was a year of identity protection.”
The experience inspired Frank and Brian to found BurstIQ with a mission to enable individual privacy and sovereignty over data while preserving the accessibility and interoperability that is essential to so many businesses.
Illuminating Connections for a Broader View of Health Profiles
Today, Amber said BurstIQ has evolved into an enterprise-grade blockchain solution for healthcare institutions, government agencies, and other organizations at the state, national, and international level. The platform-as-a-service (PaaS) technology is strictly B2B, but consumers enjoy benefits downstream.
“We enable businesses to comply with regulations like GDPR and the California Consumer Privacy Act (CCPA) while providing better, more granular data access,” she said. “A lot of our partners sell direct-to-consumer products, such as personal health records or personalized medicine tests. Their value propositions are intertwined with direct consumer data ownership, which we make possible on the back end.”
These companies need to give consumers the ability to consent to things like clinical trials, sharing their information with physicians, and using their data for analytics on consumer products.
“If a consumer purchases a 23andMe genomics test, for example, the company would need a consent mechanism that allows the consumer to share that data with their primary care doctor,” Amber said. “That’s where the granular ownership and consent come in.”
In terms of data associations, BurstIQ creates layered profiles that go beyond medical record information.
“You have a profile that includes your clinical data from multiple electronic health records, social data, environmental data, educational data, and nutritional data, plus information on habits, family, and broader ‘omic’ data,” Amber said.
But that’s not all: The profiles also contain information about the overall health of the individual’s community, manufacturing protocols of the prescription drugs a person takes, and their use of medical devices, such as pacemakers.
“A manufacturer could make a minor change in a protocol that seems insignificant to a pharmaceutical company when it actually has a downstream impact on the people taking that drug,” Amber said. “You wouldn’t know it unless you can connect those profiles.”
Helping Facilitate Data-Driven Partnerships and Relationships
Amber told us that BurstIQ aims to empower governments, businesses, researchers, and other entities to connect, contribute to, and benefit from a broad-based data network — ultimately creating a healthier world.
“Through data-driven partnerships, consent structures, and permission-based data sharing, businesses can create relationships with complementary companies to put out bundled products that are better than what each can produce on their own,” she said. “It’s creating entirely new data-driven markets for health.”
BurstIQ is also bringing the power of blockchain and big data to the healthcare space by overcoming two challenges: lack of support for large volumes of data, and difficulty securing underlying data.
Today, the platform can process and organize big data across sources, manage complex permission records, and perform data transactions at record speed. Amber said the way the company approaches blockchain is far different than the average system.
“We built BurstIQ with secure, on-chain data management specifically so that when we manage consent structures and ownership, consent is a matter of handing over a key to the data,” she said. “When I don’t want you to have my data, I revoke the key — I’ve never actually lost custodial control of my data, which is really important.”
A Blockchain and Cloud-Based Network of Networks
BurstIQ is supported by a cloud-based system in which nodes are hosted on AWS, Google Cloud, Microsoft Azure, and even private cloud platforms. Amber said to think of it as a network of subnetworks.
“All of our partners who are on the platform get a secure data zone, exactly the same way you would through AWS,” she said. “The big difference is that instead of getting a chunk of space on AWS, you’re getting regulatory compliance, security layers, the ability to build granular ownership and consent, and all of the blockchain-related features, such as immutability.”
Amber said the broad-based network also doesn’t compromise data security.
“Fundamentally, cryptographically, the data is locked to the owner, and only the owner can create the consent to say, ‘I want to share my data with other participants in the network,’” she said.