Secure construction of k-unlinkable patient records from distributed providers

Artificial Intelligence in Medicine

Volumn 48, Issue 1, 2010, Pages 29-41

  Malin, Bradley ^a  

^a VANDERBILT UNIVERSITY MEDICAL CENTER   (United States)

Author keywords

Anonymization algorithms; Confidentiality; Distributed databases; Electronic medical records; Privacy

Indexed keywords

ALGORITHMIC APPROACH; ANONYMIZATION; ANONYMIZATION ALGORITHMS; BIOMEDICAL DATA; DATA PROTECTION; DATABANKS; DISTRIBUTED DATABASE; ELECTRONIC MEDICAL RECORD; EXTENDED FORM; HEALTHCARE ORGANIZATIONS; HOSPITAL DISCHARGE; PATIENT INFORMATION; PATIENT RECORD; PRIOR KNOWLEDGE; SECURE PROTOCOLS; SENSITIVE INFORMATIONS; SICKLE-CELL ANEMIA; THIRD PARTIES; UNLINKABILITY;

ALGORITHMS; DNA; DNA SEQUENCES; GENES; HEALTH CARE; MEDICAL COMPUTING; NETWORK PROTOCOLS; SOCIETIES AND INSTITUTIONS;

NETWORK SECURITY;

ALGORITHM; APPLICATION SERVICE PROVIDER; ARTICLE; CLINICAL EFFECTIVENESS; COMMUNICATION PROTOCOL; CONFIDENTIALITY; ELECTRONIC MEDICAL RECORD; HEALTH CARE ORGANIZATION; HOSPITAL DISCHARGE; KNOWLEDGE BASE; PATIENT INFORMATION; PRIORITY JOURNAL; QUANTITATIVE ANALYSIS; SICKLE CELL ANEMIA;

ALGORITHMS; COMPUTER SECURITY; CONFIDENTIALITY; DATABASE MANAGEMENT SYSTEMS; ELECTRONIC HEALTH RECORDS; HUMANS; INTERNET;

EID: 73449145604     PISSN: 09333657     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.artmed.2009.09.002     Document Type: Article

References (51)

1. National Institutes of Health. Final NIH statement on sharing research data. NOT-OD-03-032; February 2003.
2. Wiederhold G. Future of security and privacy in medical information. Stud Health Technol Inform 80 (2002) 213-229
3. Berman J.J. Confidentiality issues for medical data miners. Artif Intell Med 26 1-2 (2002) 25-36
4. Department of Health and Human Services. Standards for privacy of individually identifiable health information; Final Rule. Federal Register, 45 CFR, Parts 160-164; 12 August 2002.
5. National Institutes of Health. Policy for sharing of data obtained in NIH supported or conducted genome-wide association studies (GWAS). NOT-OD-07-088; August 2007.
6. El Emam K., Jabbouri S., Sams S., Drouet Y., and Power M. Evaluating common de-identification heuristics for personal health information. J Med Internet Res 8 4 (2006) e28
7. Griffith V., and Jakobsson M. Messin' with Texas: deriving mother's maiden names using public records. In: Ioannidis J., Keromytis A., and Yung M. (Eds). Proceedings of the 3rd international conference on applied cryptography and network security. New York, NY (2005) 91-103
8. Malin B. An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future. J Am Med Inform Assoc 12 January-February (1) (2005) 28-34
9. Narayanan A., and Shmatikov V. Robust de-anonymization of large sparse datasets. In: McDaniel P., and Rubin A. (Eds). Proceedings of the 29th IEEE symposium on security and privacy (2008), ACM Press, New York 111-125
10. Sweeney L. Weaving technology and policy together to maintain confidentiality. J Law Med Ethics 25 Summer-Fall (2-3) (1997) 98-110
11. Malin B., and Sweeney L. How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. J Biomed Inform 37 3 (2004) 179-192
12. Malin B. K-unlinkability: a formal privacy protection model for distributed data. Data Knowledge Eng 64 (2008) 294-311
13. Malin B. A computational model to protect patient data from location-based re-identification. Artif Intell Med 40 3 (2007) 223-239
14. Malin B., and Sweeney L. A secure protocol to distribute unlinkable health data. AMIA Annu Symp Proc (2005) 485-489
15. Malin B., and Sweeney L. Composition and disclosure of unlinkable distributed databases. In: Liu L., Reuter A., Whang K.Y., and Zhang J. (Eds). Proceedings of 22nd IEEE international conference on data engineering (2006), IEEE CS Press, New York 118
16. Sweeney L. k-Anonymity: a model for protection privacy. Int J Uncertainty Fuzziness Knowledge-based Syst 10 5 (2002) 557-570
17. Sweeney L. Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertainty Fuzziness Knowledge-based Syst 10 5 (2002) 571-588
18. Øhrn A., and Ohno-Machado L. Using Boolean reasoning to anonymize databases. Artif Intell Med 15 (1999) 235-254
19. Vinterbo S. A note on the hardness of the k-ambiguity problem. DSG Technical Report 2002-2006. Boston, MA: Harvard Medical School; 2002.
20. Agrawal R., and Johnson C. Securing electronic health records without impeding the flow of information. Int J Med Inform 76 5-6 (2007) 471-479
21. Brownstein J., Cassa C., Kohane I., and Mandl K. An unsupervised classification method for inferring original case locations from low-resolution disease maps. Int J Health Geogr 6 (2006) 56
22. Cassa C., Grannis S., Overhage M., and Mandl K. A context-sensitive approach to anonymizing spatial surveillance data: impact on outbreak detection. J Am Med Inform Assoc 13 2 (2006) 160-165
23. Aggarwal G., Feder T., Kenthapadi K., Motwani R., Panigrahy R., Thomas D., et al. Proc approximation algorithms for k-anonymity. J Privacy Technol (2005) 20051120001
24. Meyerson A., and Williams R. On the complexity of optimal k-anonymity. In: Deutsch A. (Ed). Proceedings of the 23rd ACM SIGMOD-SIGACT-SIGART symposium on principles of database systems. Paris, France (2004), ACM Press, New York 223-228
25. Vinterbo S. Privacy: a machine learning view. IEEE Trans Knowledge Data Eng 16 8 (2004) 939-948
26. Iyengar V. Transforming data to satisfy privacy constraints. In: Hand D., Keim D., and Ng R. (Eds). Proceedings of the 8th ACM SIGKDD international conference on data mining and knowledge discovery. Edmonton, Canada (2002), ACM Press, New York 279-288
27. Lefevre K., DeWitt D., and Ramakrishnan R. Mondrian multidimensional k-anonymity. In: Liu L., Reuter A., Whang K.Y., and Zhang J. (Eds). Proceedings of the 22nd IEEE international conference on data engineering (2006), IEEE CS Press, New York 25
28. Winkler W. Using simulated annealing for k-anonymity. Washington, DC: US Census Bureau Statistical Research Division. Technical Report 2002-07; 2002.
29. Chaytor R. Allowing privacy problems to jump out of local optimums: an ordered greed framework. In: Bonchi F., Ferrari E., Malin B., and Saygin Y. (Eds). Proceedings of the 1st ACM SIGKDD workshop on privacy, security, and trust in KDD (2008), Springer 33-55
30. Goldreich O. Foundations of cryptography, vol. 2-Basic applications (2004), Cambridge University Press
31. Kantarcioglu M., Jin J., and Clifton C. When do data mining results violate privacy?. In: Kim W., Kohavi R., Gehrke J., and DuMouchel W. (Eds). Proceedings of the 10th ACM SIGKDD international conference on data mining and knowledge discovery. Seattle, WA (2004), ACM Press, New York 599-604
32. Jiang W., and Clifton C. A secure distributed framework for achieving k-anonymity. VLDB J 15 4 (2006) 316-333
33. Benaloh J., and de Mare M. One-way accumulators: a decentralized alternative to digital signatures (extended abstract). In: Hellsuth T. (Ed). Proceedings of advances in cryptology-EUROCRYPT'93: workshop on the theory and application of cryptographic techniques. Lofthus, Norway (1993) 274-285
34. Pohlig S., and Hellman M. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Trans Information Theory 24 (1978) 106-110
35. Rivest R., Shamir A., and Adleman L. A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21 2 (1978) 120-126
36. Kantarcioglu M., and Clifton C. Privacy-preserving distributed mining of association rules on horizontally partitioned data. IEEE Trans Knowledge Data Eng 16 9 (2004) 1026-1037
37. Malin B., Airoldi E., Edoho-Eket S., and Li Y. Configurable security protocols for multi-party data analysis with malicious participants. In: Aberer K., Franklin M., and Nishio S. (Eds). Proceedings of the 21st IEEE international conference on data engineering (2005), IEEE CS Press, New York 533-544
38. State of Illinois Health Care Cost Containment Council. Data release overview. Springfield, IL: State of Illinois Health Care Cost Containment Council; March 1998.
39. Malin B. Trail re-identification and unlinkability in distributed databases. Ph.D. Thesis, Carnegie Mellon University, Pittsburgh, PA; May 2006.
40. Canetti R., Lindell Y., Ostrovsky R., and Sahai A. Universally composable two-party and multi-party secure computation. Proceedings of the 34th symposium on theory of computing. Montreal, Canada (2002) 494-503
41. Berman J.J. Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. Arch Pathol Lab Med 128 March (3) (2004) 344-346
42. Churches T. A proposed architecture and method of operation for improving the protection of privacy and confidentiality in disease registers. BMC Med Res Methodol 3 1 (2003) 1
43. de Moor G., Claerhout B., and de Meyer F. Privacy enhancing technologies: the key to secure communication and management of clinical and genomic data. Methods Inf Med 42 (2003) 148-153
44. Gulcher J., Kristjansson K., Gudbjartsson H., and Stefansson K. Protection of privacy by third-party encryption in genetic research. Eur J Hum Genet 8 (2000) 739-742
45. Manasco P. Ethical and legal aspects of applied genomic technologies: practical solutions. Curr Mol Med 5 February (2005) 23-28
46. Pharow P., and Blobel B. Security infrastructure services for electronic archives and electronic health records. Stud Health Technol Inform 103 (2004) 434-440
47. Al-Lawati A., Lee D., and McDaniel P. Blocking aware private record linkage. In: Berti-Equille L., Batini C., and Srivastava D. (Eds). Proceedings of the 2nd ACM international workshop on information quality in information systems (2005), ACM Press, New York 59-68
48. Atallah M., Kerschbaum F., and Du W. Secure and private sequence computations. In: Jajodia S., Samarati P., and Syverson P. (Eds). Proceedings of the 2nd ACM workshop on privacy in the electronic society (2003), ACM Press, New York 39-44
49. Churches T., and Christen P. Some methods for blindfolded record linkage. BMC Med Inform Decis Mak 4 June (2004) 9
50. Du W., and Atallah M. Protocols for secure remote database access with approximate matching. Proceedings of the 1st ACM workshop on security and privacy in E-commerce. Athens, Greece (2000)
51. Ravikumar P., Cohen W., and Fienberg S. A secure protocol for computing string distance metrics. Proceedings of the 3rd IEEE workshop on privacy and security aspects of data mining. Brighton, England (2004) 40-46