Preserving confidentiality when sharing medical database with the Cellsecu system.

We propose a computer system called Cellsecu that maintains the anonymity and the confidentiality of each cell containing sensitive information in medical database. Cellsecu attains this by automatically removing, generalizing, and expanding information. It is designed to enhance data privacy protection so a data warehouse can automatically handle queries. In most cases, health organizations collect medical data with explicit identifiers, such as name, address and phone number. Simply removing all explicit identifiers prior to release of the data is not enough to preserve the data confidentiality. Remaining data can be used to re-identify individuals by linking or matching the data to other database, or by looking at unique characteristics found in the database. A formal model based on Modal logic is the theoretical foundation of Cellsecu. As well, a new confidentiality criteria called "non-uniqueness" is defined and implemented. We believe modeling this problem formally can clarify the issue as well as clearly identify the boundary of current technology. Base on our preliminary performance evaluation, the confidentiality check module and the confidentiality enhancing module only slightly degrade system performance.