Journal Article

A practical approach to achieve private medical record linkage in light of public resources

Mehmet Kuzu, Murat Kantarcioglu, Elizabeth Ashley Durham, Csaba Toth and Bradley Malin

in Journal of the American Medical Informatics Association

Published on behalf of American Medical Informatics Association

Volume 20, issue 2, pages 285-292
Published in print March 2013 | ISSN: 1067-5027
Published online July 2012 | e-ISSN: 1527-974X | DOI: https://dx.doi.org/10.1136/amiajnl-2012-000917
A practical approach to achieve private medical record linkage in light of public resources

More Like This

Show all results sharing these subjects:

  • Medical Statistics and Methodology
  • Bioinformatics and Computational Biology
  • Biomathematics and Statistics

GO

Show Summary Details

Preview

Abstract

Objective Integration of patients' records across resources enhances analytics. To address privacy concerns, emerging strategies such as Bloom filter encodings (BFEs), enable integration while obscuring identifiers. However, recent investigations demonstrate BFEs are, in theory, vulnerable to cryptanalysis when encoded identifiers are randomly selected from a public resource. This study investigates the extent to which cryptanalysis conditions hold for (1) real patient records and (2) a countermeasure that obscures the frequencies of the identifying values in encoded datasets.

Design First, to investigate the strength of cryptanalysis for real patient records, we build BFEs from identifiers in an electronic medical record system and apply cryptanalysis using identifiers in a publicly available voter registry. Second, to investigate the countermeasure under ideal cryptanalysis conditions, we compose BFEs from the identifiers that are randomly selected from a public voter registry.

Measurement We utilize precision (ie, rate of correct re-identified encodings) and computation efficiency (ie, time to complete cryptanalysis) to assess the performance of cryptanalysis in BFEs before and after application of the countermeasure.

Results Cryptanalysis can achieve high precision when the encoded identifiers are composed of a random sample of a public resource (ie, a voter registry). However, we also find that the attack is less efficient and may not be practical for more realistic scenarios. By contrast, the proposed countermeasure made cryptanalysis impractical in terms of precision and efficiency.

Conclusions Performance of cryptanalysis against BFEs based on patient data is significantly lower than theoretical estimates. The proposed countermeasure makes BFEs resistant to known practical attacks.

Keywords: Languages and computational methods; advanced algorithms; personal health records and self-care systems; privacy; security; record linkage; ethical study methods; statistical analysis of large datasets; methods for integration of information from disparate sources; distributed systems; assuring information system security and personal privacy

Journal Article.  6568 words.  Illustrated.

Subjects: Medical Statistics and Methodology ; Bioinformatics and Computational Biology ; Biomathematics and Statistics

Full text: subscription required

How to subscribe Recommend to my Librarian

Users without a subscription are not able to see the full content. Please, subscribe or login to access all content. subscribe or login to access all content.