IEEE J Biomed Health Inform. 2021 Jun;25(6):2172-2183. doi: 10.1109/JBHI.2020.3028454. Epub 2021 Jun 3.
Healthcare data for primary use (diagnosis) may be encrypted for confidentiality purposes; however, secondary uses such as feeding machine learning algorithms requires open access. Full anonymity has no traceable identifiers to report diagnosis results. Moreover, implicit and explicit consent routes are of practical importance under recent data protection regulations (GDPR), translating directly into break-the-glass requirements. Pseudonymisation is an acceptable compromise when dealing with such orthogonal requirements and is an advisable measure to protect data. Our work presents a pseudonymisation protocol that is compliant with implicit and explicit consent routes. The protocol is constructed on a (t,n)-threshold secret sharing scheme and public key cryptography. The pseudonym is safely derived from a fragment of public information without requiring any data-subject's secret. The method is proven secure under reasonable cryptographic assumptions and scalable from the experimental results.
医疗保健数据主要用于(诊断),出于保密性目的可能被加密;然而,次要用途,如为机器学习算法提供数据,则需要开放访问。完全匿名没有可追踪的标识符来报告诊断结果。此外,在最近的数据保护法规 (GDPR) 下,隐含和显式同意途径具有实际重要性,直接转化为应急需求。在处理这种正交要求时,化名是一种可以接受的折衷方案,也是保护数据的明智措施。我们的工作提出了一种符合隐含和显式同意途径的化名化协议。该协议基于 (t,n)-门限秘密共享方案和公钥密码学构建。化名可以从公共信息片段中安全派生,而无需任何数据主体的秘密。该方法在合理的密码学假设下是安全的,并且根据实验结果具有可扩展性。