Anonymous by Architecture
Status: concept — privacy by construction, designed into the production data path.
PRISM does not protect patient identities; it is built never to hold them. Identifying information is not removed, masked, or encrypted out of the data — it is absent from the data path by construction.
Anonymous is not de-identified
Healthcare privacy usually means de-identification: a standard list of identifiers — under HIPAA's Safe Harbor method, eighteen of them — is stripped from otherwise-complete records. De-identification is valuable, but it leaves the full texture of an individual life intact: every provider seen, every facility visited, every diagnosis in combination. That texture can act as a fingerprint. Re-identification of de-identified health data through linkage with other datasets is a demonstrated research result, not a hypothetical, which is why de-identified data still demands careful custody.
PRISM's data path is narrower by design. A model sees exactly six columns, and every field is either a small integer, a date, or a code drawn from a finite, public, standardized vocabulary. What a row says is: a 45-year-old female saw a family-medicine provider in an office and was prescribed a blood-pressure medication. Very large numbers of people match every individual row; the fields that would distinguish one of them — names, member numbers, addresses, birthdates, the identity of the physician or the pharmacy — were never in the columns to begin with.
The honest limit: a long, dated timeline is itself a distinctive object, and whole-record uniqueness is exactly why the linkage design below matters. The map from timelines back to people exists in one place — inside the insurer, who already knows its members — and the production posture keeps PRISM's hardware inside the insurer's walls too, as part of the zero-integration design, so the timelines never travel.
What PRISM never knows
| never present in PRISM's data | what a model sees instead |
|---|---|
| Name, member ID, policy number, SSN, any government identifier | A one-way hash (production design, below) whose map lives only with the insurer |
| Date of birth | An integer age |
| Address, city, ZIP, any geography | Nothing — location is not a column |
| Which physician, hospital, lab, or pharmacy | Provider taxonomy (the specialty) and place-of-service category (the kind of setting) |
| Employer, income, insurance tier, household or family links | Nothing |
| Lab values, vitals, clinical notes | Nothing — claims describe utilization, not clinical truth |
The second column is the point: each identity-bearing field is replaced not by a masked version of itself but by a categorical fact that is medically meaningful and individually anonymous. The absence runs deeper than the obvious identifiers. PRISM cannot tell whether two patients are related or share a household, whether care happened at an academic medical center or a rural clinic, or whether a prescription was filled at a chain or an independent pharmacy. Its entire universe is the six columns.
Age is an integer
The PERSON field carries age and sex, nothing else. In the production design, age is computed as year minus birth year, so an exact birthday never exists anywhere in PRISM's data — there is nothing finer-grained to leak. Age still advances naturally across a timeline (34 becomes 35 partway through a history), which is all the models need: medically load-bearing, temporally coherent, and useless for identification.
Grouping without identity
The system does need to know which rows belong to the same person. The production design: the insurer computes a one-way hash per patient before any data reaches PRISM, the hash groups a timeline's rows and travels with any suggestion PRISM emits, and the insurer alone holds the map from hash back to member. When a suggested test later appears in the claims stream under the same hash, the outcome loop closes — PRISM learns that its suggestion led somewhere without ever learning who was screened. The 2026 synthetic proof of concept ran entirely on fabricated patients, so there were no identities to protect and this mechanism is stated here as production design, not as something already exercised.
The consequences
Regulatory. Privacy regulation exists to protect information about identifiable individuals. Data constructed this way — no identifiers present, the linkage map never leaving the insurer — is designed to fall outside the definition of protected health information under HIPAA-style regimes. That is not a loophole; it is the regulation's own logic, applied at the architecture level. The classification is still confirmed with counsel per deployment; the design goal is that there is nothing in PRISM's copy for the regulation to protect. Verification is correspondingly simple: whether the data contains identifying fields is answered by inspecting the columns, not by auditing a security stack.
Ethical. What a model cannot see, it cannot be biased by. Income, employer, neighborhood, race, insurance tier, facility prestige — none of these are inputs, so none can steer a suggestion. Age and sex remain visible because they are medically necessary; everything socioeconomic is architecturally absent, and every timeline receives the same computational attention regardless of whose it is. This does not make the system bias-free — utilization itself reflects unequal access to care, and a thin record yields a thin pattern — but it removes the direct inputs, and the constructive-only architecture bounds the failure mode: the worst a biased pattern could produce is an extra suggestion to consider a test, never a denial.
Collaborative. Because trained models carry patterns rather than records, organizations can share model weights while data never moves — anonymity at the data layer is what makes that exchange thinkable at all.
See also
- The patient timeline format — the six columns that bound what any model can ever see.
- The insurance vantage point — complete visibility without clinical or identity detail.
- Constructive-only — why the failure modes are bounded to extra suggestions.
- Open collaboration — models shared, data never.
- Zero integration — the data stays inside the insurer's walls.