Secure Payment Portal for T-Detect by Adaptive
"We need a secure, private payment portal for patients to order T cell test"
Knowing if you were infected with Covid-19 is useful information for doctors and patients to manage health. Recent studies have shown that testing for T cells, a type of white blood cell that remembers and fights foreign particles, outperforms antibody tests in determining recent or past infection of the Covid-19 virus. To make T cell testing more readily available and to give patients access to this vital information, Adaptive Biotechnology, a leader in the field of immunology and genome testing, developed a direct-to-consumer product called T-Detect. T-Detect allows individuals, physicians, and researchers to order T cell tests directly from a website without needing a medical referral.
While convenient access to Covid-19-related health information is a critical innovation, this type of direct-to-consumer online portal combines sensitive information like PII (personal identifiable information), PCI (payment card industry), and PHI (personal health information) and carries risk of HIPAA violations or identity theft.
In order to protect sensitive customer information in the T-Detect portal, Adaptive Biotech and AndPlus developed a solution for T-Detect’s payment process using data tokenization. Tokenization is the process of taking PCI, like a credit card number, and generating a token value into a random string of characters. When a customer orders a test, PII, PHI, and PCI are separated and sent to different servers. T-Detect’s staff can then process orders without receiving breachable data. After a contract is signed and an order is placed, a custom payment integration disseminates all payment information into tokenized data, which is indecipherable and irreversible by the recipient.
In order for medical software to be HIPAA compliant, ePHI (electronic Protected Health Information) must be protected against reasonably anticipated threats to the security or integrity of the information, impermissible uses or disclosures, and must ensure compliance by the workforce. Using the secure portal developed by AndPlus, the data is separated so that only medical professionals have access control of ePHI.
AndPlus utilized TrustCommerce, a secure third-party API, to handle all financial information separate from T-Detect’s order processing. This way, secure coding segregates data so Adaptive only receives PII, while TrustCommerce receives only PCI. For further security, customers’ locally stored data is encrypted and unreadable. For healthcare providers, AndPlus also created a separate gateway so physicians can order tests for their patients. TrustCommerce’s software follows the 12 requirements of PCI DSS (Payment Card Industry Data Security Standard) compliance.
By creating a secure online portal, Adaptive and AndPlus developed an accessible way for any individual, regardless of medical affiliation, to order a test that detects a past Covid-19 infection up to ten months after infection with 90% sensitivity. Additionally, employers can get answers for potential employment or current employees for hiring or HR purposes, physicians can capture past Covid-19 infections that may be missed by serology testing, and researchers have access to highly sensitive and specified testing technology.
Adaptive is a biotechnology company focused on translating the genetic language of the adaptive immune system into clinical products to diagnose and treat disease. Founded in 2009 by Chad and Harlan Robbins, Adaptive is a leader in the field of genomic immunology, and has created revolutionary medical technology for studying adaptive immune responses.