Pfaff Emily R, Haendel Melissa A, Kostka Kristin, Lee Adam, Niehaus Emily, Palchuk Matvey B, Walters Kellie, Chute Christopher G
Department of Medicine, UNC Chapel Hill School of Medicine, Chapel Hill, North Carolina, USA.
University of Colorado Anschutz Medical Campus, Aurora, Colorado, USA.
J Clin Transl Sci. 2021 Dec 9;6(1):e10. doi: 10.1017/cts.2021.880. eCollection 2022.
Recent findings have shown that the continued expansion of the scope and scale of data collected in electronic health records are making the protection of personally identifiable information (PII) more challenging and may inadvertently put our institutions and patients at risk if not addressed. As clinical terminologies expand to include new terms that may capture PII (e.g., Patient First Name, Patient Phone Number), institutions may start using them in clinical data capture (and in some cases, they already have). Once in use, PII-containing values associated with these terms may find their way into laboratory or observation data tables via extract-transform-load jobs intended to process structured data, putting institutions at risk of unintended disclosure. Here we aim to inform the informatics community of these findings, as well as put out a call to action for remediation by the community.
最近的研究结果表明,电子健康记录中所收集数据的范围和规模不断扩大,这使得保护个人身份信息(PII)变得更具挑战性,如果不加以解决,可能会在不经意间使我们的机构和患者面临风险。随着临床术语的扩展,纳入了可能包含个人身份信息的新术语(例如患者名字、患者电话号码),机构可能会开始在临床数据采集中使用这些术语(在某些情况下,它们已经在使用了)。一旦投入使用,与这些术语相关的包含个人身份信息的值可能会通过旨在处理结构化数据的提取-转换-加载作业进入实验室或观察数据表,使机构面临意外披露的风险。在此,我们旨在向信息学领域通报这些研究结果,并呼吁该领域采取行动进行补救。
