Safely and securely handle information that needs to be protected
Tokumei Bank: The Confidential Information Management Service
To comply with personal information protection laws, business operators are obliged to manage personal information more strictly. However, business operators also want to provide high value‑added products and services that utilize such personal information.
Solving the challenges of handling personal information
Using cloud services, organizations can share and efficiently use information: for example, diagnostic data from patients who visited multiple medical institutions or marketing information from the analysis of purchase histories. However, when handling such personal information, organizations always face issues such as the requirement to comply with laws and guidelines, the risk of information leakage, and the increased cost of collection and management.
Tokumei Bank is a cloud‑based service that solves these issues. Key features include the following.
- Tokumei Bank stores personal information separately.
Tokumei Bank manages collected personal information differently, depending on whether the information can be used to identify individuals. Such information includes names, dates of birth, or national ID numbers (such as Japan’s My Number). Other information is separated and managed as pseudonymized data.
Information that can be used to identify individuals is encrypted in a way that has no regularity, and pseudonymized data is anonymized using different names so that individuals cannot be identified. Both types of information are stored in a state where the two types are not connected. This enables the information to be safely managed in compliance with the laws and various guidelines that protect personal information.
- Tokumei Bank provides high safety and high speed.
Hitachi’s searchable encryption technology uses ciphertext that changes every time and high‑speed processing technology to provide both safe management of personal information as well as high‑speed processing.
- Ciphertext that changes every time
The searchable encryption technology uses a probability cipher in which a different ciphertext (random number) is generated each time for each processing. This is more secure than general encryption because the lack of regularity makes it difficult to perform frequency‑based parsing of ciphertext and to make analogical inferences.
- High‑speed processing technology
This technology applies high‑speed techniques to standard cryptography, random number generation, and computation. In addition, by implementing index functionality, the technology can ensure a processing speed that is practical for use with large‑scale data of more than one million people.
- Tokumei Bank achieves both cloud security and operational efficiency.
By combining TLS, which encrypts data before sending and receiving it, we can build highly secure information‑sharing systems that can prevent spoofing, eavesdropping, and falsification in the communication paths, as well as preventing information leakage at the data center.
With Tokumei Bank, organizations can manage information in the cloud and utilize such information within the scope of consent given by the information provider. This reduces the burden required to collect personal information for different purposes and to manage the consent information. With Tokumei Bank, organizations can utilize data at low cost.
Co‑creation with local governments and wellness companies
The Personal Information Management Platform manages personal information in Tokumei Bank and allows information providers to give their consent for their information to be used for a specific purpose. The platform enables the personal information to be safely distributed and greatly increases the value of the information itself. As part of the program Tokyo Metropolitan Government’s Project Support for Creating Next‑generation Wellness Solutions, in FY 2022, the Tokyo Metropolitan Government selected a project aimed at establishing an EBPM*3 business platform to foster results‑based businesses that will reduce the need for long‑term‑care.
- *3
- EBPM (Evidence‑Based Policy Making) refers to the process of clearly stating the purpose of policies, and planning and formulating policies based on rational evidence.
- Project overview
This was a collaborative project, in cooperation with A10 Lab Inc., Rehab for JAPAN, Inc., and Mealthy, Inc., which are wellness companies that develop and provide smartphone apps for preventive care and health promotion. In the project, we evaluated the results of businesses that aim to reduce the need for long‑term care in Hachioji City and Fuchu City, with the goal of providing services that will improve the quality of life of Tokyo residents by reducing their need for long‑term care.
- Project period
July 2022 to February 2023
- Project initiatives
In this project, we did the following:
- Created an EBPM business platform
As a service for residents, we collaborated with Hachioji City and Fuchu City, which have introduced smartphone apps designed to reduce the need for long‑term care. We created a business platform that can measure the effectiveness of initiatives designed to reduce the need for long‑term care by safely linking the following in the cloud: (i) data related to personal health, and statistics related to diagnostic, medical care, and nursing care businesses stored in the National Health Insurance Database System, and (ii) wellness‑company data related to health, medical care, and nursing care.
Hitachi provided safe management and distribution of personal information through its Personal Information Management Platform and provided big data analysis through its AI‑based Health Business Support Service*4. We calculated the reduction in the rate of certification for long‑term care and the reduction of long‑term care medical costs, which are indicators of effectiveness, and worked to create a system for evaluating projects designed to reduce the need for long‑term care.
- Established a foundation for PFS (pay for success) businesses that reduce the need for long‑term care
When a local government outsources the work of administrative services to a private business operator using a PFS private consignment contract method*5, it is necessary to quantitatively evaluate the results of the project in order to pay the appropriate commission fee. With the aim of fostering PFS businesses that reduce the need for long‑term care, Hitachi, together with Hachioji City and wellness companies, formulated and verified hypotheses using the EBPM business platform and examined a mechanism for quantitatively evaluating results.
- *4
- AI‑based health business support service (Japanese)
- *5
- In a PFS (pay for success) contract, the final amount of the commission fee payment is decided based on the results of the project, and the local government outsources the work of administrative services to private business.
Supplementary information: Managing the consents of information providers for the use of their personal information
The Personal Information Management Platform provides a common portal that allows information providers to view their personal information managed by Tokumei Bank and to edit their consent for their information to be used for a particular purpose. The information provider can provide additional consent for purposes other than the purpose they originally agreed to when registering the personal information. The information provider can also withdraw previously granted consent for a purpose they no longer want to agree to.
When the consent added by information providers is reflected in the Personal Information Management Platform, the organization (company, local government, or medical institution, etc.) can use the data for the purposes for which consent has been obtained, which makes information collection more efficient and saves labor. In addition, by quickly responding to the addition or withdrawal of consent, data can be flexibly distributed and used in accordance with the desires of the information providers. This will lead to the provision of appropriate services and to the creation of new services.
Future prospects of Tokumei Bank
Tokumei Bank helps to bring about DX (digital transformation) by aggregating and centrally managing data in collaboration with the work systems of an organization. Shifting from paper to online operations can achieve safe, secure, and efficient service operations.
In the future, by using APIs to utilize linked work systems and a wide variety of data managed by Tokumei Bank, we will be able to contribute to the creation of new services.