Extraction and anonymity protocol of medical file.

To carry out the epidemiological study of patients suffering from a given cancer, the Department of Medical Informatics (DIM) has to link information coming from different hospitals and medical laboratories in the Burgundy region. Demands from the French department for computerized information security (Commission Nationale de l'Informatique et des Libertés: CNIL), in regard to abiding by the law of January 6, 1978, completed by the law of July 1st, 1994 on nominal data processing in the framework of medical research have to be taken into account. Notably, the CNIL advised to render anonymous patient identities before the extraction of each establishment file. This paper describes a recently implemented protocol, registered with the French department for computerized information security (Service Central de la Sécurité des Systèmes d'information : SCSSI) whose purpose is to render anonymous medical files in view of their extraction. Once rendered anonymous, these files will be exportable so as to be merged with other files and used in a framework of epidemiological studies. Therefore, this protocol uses the Standard Hash Algorithm (SHA) which allows the replacement of identities by their imprints while ensuring a minimal collision rate in order to allow a correct linkage of the different information concerning the same patient. A first evaluation of the extraction and anonymity software with regard to the purpose of an epidemiological survey is described here. In this paper, we also show how it would be possible to implement this system by means of the Internet communication network.