A methodology for the pseudonymization of medical data

International Journal of Medical Informatics

Volumn 80, Issue 3, 2011, Pages 190-204

  Neubauer, Thomas ^a   Heurix, Johannes ^b  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b SBA RESEARCH   (Austria)

Author keywords

Computer security; Electronic medical record; Information management; Privacy; Pseudonymization

Indexed keywords

ANALYTICAL APPROACH; ANONYMIZATION; CLINICAL STUDY; COMPUTER SECURITY; EHEALTH; ELECTRONIC HEALTH RECORD; ELECTRONIC MEDICAL RECORD; HEALTH CARE PROVIDERS; HEALTH DATA; HEALTH INFORMATIONS; HEALTH RECORDS; HEALTH STATUS; HIGHLY SENSITIVE; INSURANCE COMPANIES; JOB APPLICANT; MEDICAL DATA; PATIENT CONTROL; PATIENT INFORMATION; POLITICAL PRESSURES; PRIVACY; PRIVACY PRESERVING; PRIVACY PROTECTION; PSEUDONYMIZATION; REDUCED COST; RESEARCH APPROACH; RESEARCH RESULTS; SECONDARY USE; SECURITY ANALYSIS; THREAT ANALYSIS;

COMPUTER PRIVACY; HEALTH; HEALTH CARE; HEALTH INSURANCE; HEALTH RISKS; INFORMATION MANAGEMENT; MEDICAL COMPUTING; RECORDS MANAGEMENT; RESEARCH; SECURITY SYSTEMS;

DATA PRIVACY;

ARTICLE; COMPUTER PROGRAM; CONFIDENTIALITY; DECISION MAKING; ELECTRONIC MEDICAL RECORD; HEALTH CARE COST; HEALTH CARE PERSONNEL; HEALTH CARE QUALITY; HEALTH INSURANCE; INFORMATION PROCESSING; INFORMATION RETRIEVAL; MEDICAL RECORD; METHODOLOGY; PRIORITY JOURNAL; PSEUDONYMIZATION; TECHNIQUE;

ANONYMS AND PSEUDONYMS; COMPUTER SECURITY; DISCLOSURE; HEALTH PERSONNEL; HUMANS; INSURANCE, HEALTH; MEDICAL RECORD LINKAGE; MEDICAL RECORDS SYSTEMS, COMPUTERIZED; PATIENT IDENTIFICATION SYSTEMS; PRIVACY;

EID: 79851514417     PISSN: 13865056     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijmedinf.2010.10.016     Document Type: Article

References (51)

1. Märkle S., Köchy K., Tschirley R., Lemke H.U. The PREPaRe system-patient oriented access to the personal electronic medical record. Proceedings of the 17th International Congress and Exhibition on Computer Assisted Radiology and Surgery, ser. International Congress Series, no. 1256 2001, 849-854.
2. Ernst F.R., Grizzle A.J. Drug-related morbidity and mortality: updating the cost-of-illness model. Journal of the American Pharmacists Association 2001, 41(2):192-199.
3. United States Department of Health Human Service HIPAA administrative simplification: enforcement; final rule. Federal Register/Rules and Regulations 2006, 71(32).
4. European Union Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities 1995, L 281:31-50.
5. Council of Europe European Convention on Human Rights 1987, Martinus Nijhoff Publishers.
6. Fischer-Hübner S. IT-Security and Privacy: Design and Use of Privacy-Enhancing Security Mechanisms 2001, Springer.
7. Hinde S. Privacy legislation: a comparison of the US and European approaches. Computers and Security 2003, 22(5):378-387.
8. Hornung G., Goetz C.F.-J., Goldschmidt A.J.W. Die künftige Telematik-Rahmenarchitektur im Gesundheitswesen. Wirtschaftsinformatik 2005, 47:171-179.
9. U.S. Department of Health & Human Services Office for Civil Rights, "Summary of the HIPAA Privacy Rule" 2003. [Online]. Available: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/.
10. U.S. Congress, "Health Insurance Portability and Accountability Act of 1996" 104th Congress, 1996. [Online]. Available: http://www.cms.hhs.gov/HIPAAGenInfo/Downloads/HIPAALaw.pdf.
11. Schabetsberger T., Ammenwerth E., Göbel G., Lechleitner G., Penz R., Vogl R., Wozak F. What are functional requirements of future shared electronic health records?. Connecting Medical Informatics and Bio-Informatics 2005, 1070-1075.
12. Riedl B., Neubauer T., Goluch G., Boehm O., Reinauer G., Krumboeck A. A secure architecture for the pseudonymization of medical data. Proceedings of the Second International Conference on Availability Reliability and Security 2007, 318-324.
13. Barrows R.C., Clayton P.D. Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association 1996, 13:139-148.
14. Attridgde J An Overview of Hardware Security Modules 2002, SANS Institute, Tech. Rep.
15. Montagnat J., Bellet F., Benoit-Cattin H., Breton V., Brunie L., Duque H., Legré Y., Magnin I.E., Maigne L., Miguet S., Pierson J.M., Seitz L., Tweed T. Medical images simulation, storage, and processing on the European DataGrid Testbed. Journal of Grid Computing 2004, 2(4):387-400.
16. Sharp R Principles of Protocol Design 2008, Springer.
17. Pfitzmann A., Koehntopp M. Anonymity, unobservability and pseudeonymity-a proposal for terminology. International Workshop on Designing Privacy Enhancing Technologies 2001, 1-9. Springer-Verlag, Inc., New York.
18. Taipale K.A. Technology, security and privacy: the fear of Frankenstein, the mythology of privacy and the lessons of King Ludd. International Journal of Communications Law & Policy 2004, 9.
19. Rector A, Rogers J., Taweel A., Ingram D., Kalra D., Milan J., Singleton P., Gaizauskas R., Hepple M., Scott D., Power R. Clef-joining up healthcare with clinical and post-genomic research. Proceedings of UK e-Science All Hands Meeting 2003, 203-211.
20. C. Thielscher, M. Gottfried, S. Umbreit, F. Boegner, J. Haack, N. Schroeders, Patent: data processing system for patient data, Int. Patent, WO 03/034294 A2, 2005.
21. Maris K. The human factor in information technology. Proceedings of Hack.lu 2005.
22. Thornburgh T. Social engineering: The "Dark Art" Proceedings of the First Annual ACM Conference on Information Security Curriculum Development 2004, 133-135. ACM Press.
23. Bishop M., Gollmann D., Hunker J., Probst C.W. Countering insider threats. Dagstuhl Seminar Proceedings 08302 2008.
24. Pommerening K. Medical requirements for data protection. Proceedings of IFIP Congress, vol. 2 1994, 533-540.
25. Pommerening K., Reng M. Secondary use of the electronic health record via pseudonymisation. Medical and Care Compunetics 2004, vol. 1. IOS Press, pp. 441-446.
26. A.A.E. Kalam, Y. Deswarte, G. Trouessin, E. Cordonnier, A generic approach for healthcare data anonymization, 2004.
27. R. Noumeir, A. Lemay, J. Lina, Pseudonymization of radiology data for research purposes, 2007.
28. Digital Imaging Communications in Medicine 2008, National Electrical Manufacturers Association Std.
29. R.L. Peterson, Patent: encryption system for allowing immediate universal access to medical records while maintaining complete patient control over privacy, US Patent US 2003/0074564 A1, 2003.
30. Caumanns J. Der Patient bleibt Herr seiner Daten: Realisierung des eGK-Berechtigungskonzepts über ein ticketbasiertes, virtuelles Dateisystem. Informatik-Spektrum 2006, 29(5):323-331.
31. Fraunhofer Institut, Spezifikation der Lösungsarchitektur zur Umsetzung der Anwendungen der elektronischen Gesundheitskarte, March 2005.
32. Stingl C.D., Slamanig D., Rauner-Reithmayer D., Fischer H. Realisierung eines sicheren zentralen Datenrepositories. Tagungsband 2006, DACH Security, pp. 1-15.
33. Stingl C., Slamanig D. Berechtigungskonzept für ein e-health-portal. eHealth 2007-Medical Informatics Meets eHealth, no. 227 2007, 135-140. Österreichische Computer Gesellschaft. G. Schreier, D. Hayn, E. Ammenwerth (Eds.).
34. Stingl C., Slamanig D. Privacy aspects of e-health. Proceedings of the Third International Conference on Availability, Reliability and Security 2008, 1226-1233.
35. M.K. Bond, Understanding Security APIs, Ph.D. dissertation, University of Cambridge, Computer Laboratory, Emmanuel College, 2004.
36. Federal information processing standards publication, "Security requirements for cryptographic modules (Fips pub 140-2)," Institute of Standards and Technology (NIST), Tech. Rep., 05 2001.
37. Anderson R., Bond M., Clulow J., Skorobogatov S. Cryptographic Processors-A Survey 2005, University of Cambridge, Computer Laboratory Tech. Rep.
38. PKCS#11 v2.20: Cryptographic Token Interface Standard 2004, RSA Laboratories Std.
39. Wherry D.C. Secure Your Public Key Infrastructure with Hardware Security Modules 2003, SANS Institute, Tech. Rep.
40. Lorch M., Basney J., Kafura D. A hardware-secured credential repository for grid PKIs. Proceedings of the 4th IEEE/ACM International Symposium on Cluster Computing and the Grid 2004.
41. Rössler T., Leithold H., Posch R. E-voting: a scalable approach using XML and hardware security modules. Proceedings of the 2005 IEEE International Conference on e-Technology, e-commerce and e-Service EFF'05 2005.
42. Baldwin A., Shiu S. Hardware encapsulation of security services. 8th European Symposium on Research in Computer Security (ESORICS), ser. LNCS, vol. 2808 2003, Springer, Berlin/Heidelberg.
43. Casassa-Mont M., Baldwin A., Pato J. Secure Hardware-based Distributed Authorisation Underpinning a Web Service Framework 2003, Trusted Systems Laboratory, HP Laboratories Bristol, Tech. Rep.
44. Baldwin A., Shiu S. Hardware security appliances for trust. First International Conference on First International Conference, ser. LNCS, vol. 2692 2003, Springer.
45. Ferreira A., Shiu S., Baldwin A. Towards accountability for electronic patient records. Proceedings of the 16th IEEE Symposium on Computer-Based Medical Systems (CBMS'03) 2003, 189-194.
46. Shamir A. How to share a secret. Communications of the ACM 1979, 22(11):612-613.
47. Jurgensen T., Guthery S. Smart Cards: The Developer's Toolkit 2002, Pearson Education, Inc. Prentice Hall PTR, Upper Saddle River.
48. Holcombe B. Government Smart Card Handbook 2004, U.S. General Services Administration (GSA).
49. International Statistical Classification of Diseases and Related Health Problems (ICD) 2007, World Health Organization Std.
50. Dolin R.H., Alschuler L., Beebe C. The HL7 clinical document architecture. Journal of the American Medical Informatics Association 2001, 8(6):552-569.
51. Avizienis A., Laprie J.-C., Randell B., Landwehr C. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 2004, 1(1):11-33.