March 11, 2021

Data Privacy, Protection, and Compliance at a Global Medical Equipment and Services Company



This California-based PKWARE customer creates innovative medical equipment and services for diagnosing, treating, and managing pulmonary and respiratory disorders. Their cloud-connected medical devices transform care for people with critical chronic diseases. They also provide out-of-hospital healthcare management solutions that ultimately enable better health outcomes. With revenues of $2.6 billion USD, they employ more than 7,500 people and operate across 140 countries globally


The company receives massive amounts of patient data peppered with Protected Health Information (PHI) and Personally Identifiable Information (PII), also sometimes known as Personal Information (PI). The data is continually fed in through remote self-monitoring software of user devices to the company’s data repositories. By the end of 2018, the customer required automated capabilities to reliably and continuously protect all this personal and sensitive data. The company had been instituting a manual scan process to locate sensitive data, masked whatever they could find, rendering it useless, and was rapidly outstripping its capacity to comply in meeting their legal privacy requirements.

As the company participates in healthcare, they are required to secure PHI according to US Health Insurance Portability and Accountability Act (HIPAA) as well as PII according to the EU General Data Protection Regulations (GDPR) as of 2018. By the end of 2019, they also were going to be regulated by the upcoming California Privacy Protection Act (CPPA), as well, adding further PI compliance requirements. The customer had to find a reliable and automated service solution to identify and mask all the personal and sensitive elements in all their growing data reliably. The medical devices worn by users were generating 1-1.5 GB of new data every 10 minutes.

The first challenge was to set up a smooth migration process from the company’s on-premises data stores to quarantined S3 buckets. PKWARE had to be able to scan up to 30-TB of data elements, identify, and properly mask all current PHI and PII/PI according to the customer’s protection and masking policy requirements. The next challenge was in the laser-focused use case for ongoing operations. PKWARE would have to detect and mask sensitive PHI and PI/PI data elements in 1-1.5 GB micro-batches in Snappy Parquet files, with 2.5 to 7 x compression ratios. The customer’s time threshold requirement was not to exceed 5 minutes (+1-min tolerance) 24/7/365 and then land cleansed data in protected S3 buckets. From there, the data would be consumed by other AWS technologies like Redshift for the company to be able to run its critical, ongoing analytics. All this would have to be achieved along with meeting the third customer challenge to keep overall compute (EC2, EMR) cost to a minimum.

Company Profile

Global Medical Equipment and Services Company


Large Enterprise



Our Approach

PKWARE finds and masks all PHI and PI/PII in all locations, according to the customer’s data management policies, while keeping referential integrity and value of the data for use in dev/test, analytics, and business intelligence.

The level of customer obsession and interest in making the solution scale was the reason we were jointly successful. I would recommend working with PKWARE.
Nicole Beige, Named Account Manager, AWS

Use Cases

The company was a new AWS customer and had been actively searching for a data privacy technology provider and met PKWARE through the customer’s AWS Named Account Manager. At re:Invent 2018, the ISV Success Manager suggested the Account Manager reach out to PKWARE. Due to the urgency of the customer requirements, PKWARE and AWS technical and business teams committed to working closely and rapidly together right on the floor of re:Invent.

PKWARE responded rapidly to the customer inquiry and immediately met with the customer’s technical team and the AWS Account Executive and Sales Engineer to further delineate the customer’s fullest technical challenges. In less than one month, PKWARE fully documented requirements, ran testing, and wrapped up a compelling Proof of Concept (POC), allowing the customer to approve PKWARE as their technology provider of choice.

To begin its PKWARE software validation process, the customer successfully downloaded the PKWARE online SaaS version through AWS Marketplace, used it, and was happy with their PKWARE results in detecting and protecting patients’ sensitive data. With those results, the customer determined they would proceed in using the full capabilities of PKWARE scanning and de-identifying its entire 30TB of user data, achieved in the first 30 days. From there on, between 1-1.5 GB of new data has continued to hit S3 quarantined (restricted zone) buckets every 10 minutes to be de-identified and output for internal usages, such as analytics, before the next batch arrives.

Within one business quarter, the customer was able to successfully trial the platform, expanded their requirements, run a successful POC, and close a production level procurement and operations contract. The company is now securely pushing 1-1.5 GB micro-batches of data every 10 minutes in S3 quarantined buckets through PKWARE to scan, identify, and mask all its PHI and PI/PII, retaining their referential integrity. The PKWARE platform was able to solve the customer’s technical challenges while meeting critical business requirements. PKWARE
closed the procurement process during the second 30 days—including provisions for future privacy functionalities. With PKWARE, the customer is meeting its business and technology requirements for patients’ privacy and corporate security in analytics, dev/test, and business intelligence, all while complying with regulations.


Handles 1-1.5 GB Micro-Batches Every 5 Minutes
“PKWARE came highly recommended by AWS. Because PKWARE met the use case for detection and masking of sensitive data in 1-1.5 GB microbatches in less than 10 minutes, we went forward.”
—Director of Data Strategy and Engineering

HIPAA, GDPR, and CCPA Confidence
The customer realizes 100% compliance. PKWARE finds and masks all PHI and PI/PII in all locations, according to the customer’s data management policies, while keeping referential integrity and value of the data for use in dev/test, analytics, and business intelligence.

Reliable, Rapid, and Responsive: A Comprehensive End-to-End Business Process
Within a single business quarter, PKWARE and AWS identified a new customer need, documented requirements, completed a successful POC, signed the contract, and implemented a full, production-level technology solution.