> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://blueprint.ziro.health/llms.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://blueprint.ziro.health/_mcp/server.

# Data Privacy by Design

Privacy in healthcare is both a legal requirement and a competitive advantage. Privacy by Design means building privacy controls into your architecture from the start.

## Data Minimization Principles

Collect only what you need, retain only what you must:

* **Purpose specification**: Define exactly why each data point is collected
* **Collection limitation**: Only collect data that serves a specified purpose
* **Data retention**: Define and enforce retention schedules for each data type
* **Anonymization**: Anonymize data when the purpose doesn't require identification

## Consent Management Architecture

Consent management is a core architectural component, not an afterthought:

* **Granular consent**: Separate consent for treatment, payment, operations, and research
* **Consent lifecycle**: Capture, store, enforce, audit, revoke
* **Temporal consent**: Time-limited consent with automatic expiration
* **Emergency override**: Mechanisms for emergency access with audit trail
* **Minor consent**: Special handling for pediatric data

## De-Identification Techniques

| Technique            | Re-identification Risk                   | Use Case             |
| -------------------- | ---------------------------------------- | -------------------- |
| Safe harbor (HIPAA)  | Low — remove 18 identifiers              | Research datasets    |
| Expert determination | Very low — statistical de-identification | Complex data sharing |
| Pseudonymization     | Moderate — reversible with key           | Production analytics |
| Aggregation          | Very low — group-level only              | Population reporting |
| Differential privacy | Low — calibrated noise                   | ML training          |

## Cross-Border Data Transfer

Health data crosses borders with increasing frequency:

* **EU-US Data Privacy Framework**: New framework for EU-US data transfers
* **Standard Contractual Clauses (SCCs)** : EU-approved contract terms for data transfers
* **Binding Corporate Rules (BCRs)** : Internal data protection policies for multinational organizations
* **Data residency**: Some countries require health data to remain within national borders

## Privacy Impact Assessments

A DPIA (Data Protection Impact Assessment) is required under GDPR for high-risk processing:

1. Describe the processing and purpose
2. Assess necessity and proportionality
3. Identify and assess risks to individuals
4. Identify measures to mitigate risks
5. Document the decision