As the operations of Japan Medical Data Center Co., Ltd. (hereinafter referred to as "we," "us" or "our") involve handling high-level personal information, we have an important responsibility to safely protect and use the information both by processing it into databases and statistics, and then by storing and using it as an actual database. In order to fulfill this responsibility, we perform careful two-step security protection and leak prevention in accordance with our line of work. Moreover, we were certified as ISO/IEC 27001:2005 on November 22nd, 2008.

1. 1:Security measures to protect personal information up until commercialization, i.e., the process from the insurance claim cards to commercialization (database conversion/processing)
2. 2:Measures to prevent leakage of personal information from the product delivered to customers

Unlike general risk management, preventative measures are performed from the data creation phase (i.e., the phase before data storage), in addition to thorough measures performed to protect personal information, such as not allowing removal of information from controlled areas.

1. *1:Observance of compliance that begins with in-house confidentiality and the Personal Information Protection Law

   At JMDC, "Information not anticipated by the rules is not produced, possessed, or allowed entry." Furthermore, all of our employees are fully aware of the responsibility and commitment that comes with handling personal information, and we pay close attention to its handling.

2. *2:Infrastructure system [MediC4] for protection of personal information

   Data points that could identify an individual are heavily encrypted using MediC4 (international patent pending) = "irreversible anonymous aggregation technology." As information is saved in our database using strings of encrypted codes, it is virtually impossible to identify individuals. We perform sufficient proactive measures through development of innovative hash function-based algorithms, storage, and management of data creation processes.

3. *3:Data storage, preservation, and application

   @tokyo - DATA CITY (AT TOKYO Corporation) has been chosen as the data center.

   • Strict security management
   • 24 hours a day/365 days a year manned service operation, suitable air conditioning, safe and reliable supply of electricity from a main substation, designed to resist a level 7 earthquake (magnitude 6.5 or greater)
   • Servers with both high scalability and high reliability
   • Uses the latest biometric personal identification, along with greatly strengthened and logged entrance authorization, in addition to traditional security checks
   • Ultrafast/high capacity backbone (stable and high speed backbone utilizing multiple main backbones)
   • Active use of latest technologies (constantly tracking advanced IT technology and server solutions, actively incorporating the latest technologies to improve stability and reliability)

4. *4:Elimination of possibility of identifying personal information when supplying data

   We have established in-house standards that are stricter than the Personal Information Protection Law and guidelines, and have developed standards for eliminating even the smallest possibility of identification of an individual. In addition, we study global standards and examples and have established an independent JMDC Privacy Policy. Even further, we are developing and implementing "usage technologies and operating rules to eliminate the possibility of identification of anonymous data through paired and chronological data."

Use of Insurance Claim Information and Protection of Personal Information

It is generally accepted that the use of insurance claim information is extremely beneficial in improving the quality of healthcare of the insured person, epidemiological research, and medical treatment. However, when handling such information, it is necessary to both perform statistical analyses on the data while also protecting personal information in compliance with the Personal Information Protection Law and ethical guidelines for epidemiological research given by the Ministry of Health, Labour and Welfare, and the Ministry of Education, Culture, Sports, Science and Technology. The importance of following the Personal Information Protection Law and epidemiological research ethics guidelines is explained in a report regarding research on policy planning and evaluation through Health Labour Sciences Research Grants (reference 1).

Reference 1: As an opinion on the Health and Labour Research Fund - Research on Policy Planning and Evaluation (H13-Policy-016) "Proper Utilization of Insurance Claim Information Under the Personal Information Protection Law" report, "Insurance claims, which contain important personal information, should not only be used for determining appropriate medical costs, but can also be used to improve the epidemiological research and healthcare of the insured person, and therefore the quality of medical treatment. The soon to be established Personal Information Protection Law, and the epidemiological research guidelines that preceded it, are not intended to obstruct such use, but instead can be expected to promote it by clarifying rules for use of information. In addition, because of the Personal Information Protection Law, improvements to patients' rights in the health insurance system can be expected, such as the enhancement of the previously undervalued IC in insurance claims. It is integral that the persons concerned follow the new Personal Information Protection Law and the epidemiological research guidelines, and that fair use of insurance claim information continues to be promoted.

Return to Top