Computer Science Department, Oklahoma State University, Stillwater, OK, United States.
JMIR Med Inform. 2014 Jan 20;2(1):e2. doi: 10.2196/medinform.3090.
Linking medical records across different medical service providers is important to the enhancement of health care quality and public health surveillance. In records linkage, protecting the patients' privacy is a primary requirement. In real-world health care databases, records may well contain errors due to various reasons such as typos. Linking the error-prone data and preserving data privacy at the same time are very difficult. Existing privacy preserving solutions for this problem are only restricted to textual data.
To enable different medical service providers to link their error-prone data in a private way, our aim was to provide a holistic solution by designing and developing a medical record linkage system for medical service providers.
To initiate a record linkage, one provider selects one of its collaborators in the Connection Management Module, chooses some attributes of the database to be matched, and establishes the connection with the collaborator after the negotiation. In the Data Matching Module, for error-free data, our solution offered two different choices for cryptographic schemes. For error-prone numerical data, we proposed a newly designed privacy preserving linking algorithm named the Error-Tolerant Linking Algorithm, that allows the error-prone data to be correctly matched if the distance between the two records is below a threshold.
We designed and developed a comprehensive and user-friendly software system that provides privacy preserving record linkage functions for medical service providers, which meets the regulation of Health Insurance Portability and Accountability Act. It does not require a third party and it is secure in that neither entity can learn the records in the other's database. Moreover, our novel Error-Tolerant Linking Algorithm implemented in this software can work well with error-prone numerical data. We theoretically proved the correctness and security of our Error-Tolerant Linking Algorithm. We have also fully implemented the software. The experimental results showed that it is reliable and efficient. The design of our software is open so that the existing textual matching methods can be easily integrated into the system.
Designing algorithms to enable medical records linkage for error-prone numerical data and protect data privacy at the same time is difficult. Our proposed solution does not need a trusted third party and is secure in that in the linking process, neither entity can learn the records in the other's database.
在不同医疗服务提供者之间进行医疗记录链接对于提高医疗质量和公共卫生监测至关重要。在记录链接中,保护患者隐私是首要要求。在现实中的医疗保健数据库中,由于各种原因(例如打字错误),记录可能会包含错误。同时链接易错数据并保护数据隐私非常困难。针对此问题的现有隐私保护解决方案仅局限于文本数据。
为了使不同的医疗服务提供者能够以私密的方式链接其易错数据,我们旨在通过设计和开发医疗服务提供者的医疗记录链接系统提供整体解决方案。
为了发起记录链接,提供者在“连接管理模块”中选择其一个合作者,选择要匹配的数据库的一些属性,并在协商后与合作者建立连接。在“数据匹配模块”中,对于无误的数据,我们的解决方案为加密方案提供了两种不同的选择。对于易错的数值数据,我们提出了一种新设计的隐私保护链接算法,称为“容错链接算法”,如果两个记录之间的距离低于阈值,则允许易错数据正确匹配。
我们设计并开发了一个全面且用户友好的软件系统,为医疗服务提供者提供隐私保护的记录链接功能,符合《健康保险流通与责任法案》的规定。它不需要第三方,并且在安全性方面,任何实体都无法学习另一个实体数据库中的记录。此外,我们在该软件中实现的新颖的“容错链接算法”可以很好地处理易错的数值数据。我们从理论上证明了我们的“容错链接算法”的正确性和安全性。我们还完全实现了该软件。实验结果表明,它是可靠和高效的。我们的软件设计是开放的,因此可以轻松地将现有的文本匹配方法集成到系统中。
设计同时允许对易错数值数据进行记录链接并保护数据隐私的算法具有挑战性。我们提出的解决方案不需要可信的第三方,并且在链接过程中,任何实体都无法学习另一个实体数据库中的记录,因此具有安全性。
