Multi-source longitudinal patient-level data encryption process

US 20050268094A1
Filed: 05/05/2005
Published: 12/01/2005
Est. Priority Date: 05/05/2004
Status: Active Grant

First Claim

Patent Images

1. A process for assembling a longitudinally-linked database from individual patient healthcare transaction data records, the process comprising the steps of:

at a data supplier location, (a) acquiring data records having patient-identifying attributes and non-identifying attributes;

(b) encrypting the patient-identifying attributes in the data records using a first encryption key specific to a central facility (LDF);

(c) encrypting the patient-identifying attributes in the data records encrypted at step b with a second encryption key specific to the data supplier location;

at the LDF, (d) receiving the data records that have been encrypted at steps (b) and (c) (e) partially decrypting the received data records so that the patient-identifying attributes retain only the step (b) encryption by the first encryption key specific to the LDF;

(f) using an attribute-matching algorithm to assign an LDF identifier (ID) to the encrypted data records. (g) linking the encrypted data records ID by ID, whereby the longitudinally-linked data base is formed.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and processes for assembling de-identified patient healthcare data records in a longitudinal database are provided. The systems and processes may be implemented over multiple data suppliers and common database facilities while ensuring patient privacy. At the data supplier locations, patient-identifying attributes in the data records are placed in standard format and then doubly encrypted using a pair of encryption keys before transmission to a common database facility. The pair of encryption keys includes a key specific to the data supplier and a key specific to the common database facility. At the common database facility, the encryption specific to the data supplier is removed, so that multi-sourced data records have only the common database encryption. Without direct access to patient identifying-information, the encrypted data records are assigned dummy labels or tags by which the data records can be longitudinally linked in the database. The tags are assigned based on statistical matching of the values of a select set of encrypted data attributes with a reference database of tags and associated encrypted data attribute values.

Citations

24 Claims

1. A process for assembling a longitudinally-linked database from individual patient healthcare transaction data records, the process comprising the steps of:
- at a data supplier location, (a) acquiring data records having patient-identifying attributes and non-identifying attributes;
  
  (b) encrypting the patient-identifying attributes in the data records using a first encryption key specific to a central facility (LDF);
  
  (c) encrypting the patient-identifying attributes in the data records encrypted at step b with a second encryption key specific to the data supplier location;
  
  at the LDF, (d) receiving the data records that have been encrypted at steps (b) and (c) (e) partially decrypting the received data records so that the patient-identifying attributes retain only the step (b) encryption by the first encryption key specific to the LDF;
  
  (f) using an attribute-matching algorithm to assign an LDF identifier (ID) to the encrypted data records. (g) linking the encrypted data records ID by ID, whereby the longitudinally-linked data base is formed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein step (e) further comprises encrypting the attributes using a third LDF encryption key.
  - 3. The method of claim 1 wherein step (a) further comprises processing the acquired data records to place their data fields in a standard content format.
  - 4. The method of claim 1 wherein step (a) further comprises separating the patient-identifying attributes and the non-identifying attributes in the data records, and steps (c) and (d) further comprise encrypting the separated patient-identifying attributes.
  - 5. The method of claim 2 further comprising the step of merging the encrypted patient-identifying attributes with the separated non-identifying attributes in the data records.
  - 6. The method of claim 1 wherein step (d) further comprises processing the received data records to separate the encrypted patient-identifying attributes and the non-identifying attributes in the data records, and step (e) further comprises partially decrypting the separated patient-identifying attributes.
  - 7. The method of claim 6 wherein step (e) further comprises merging the partially decrypted patient-identifying attributes with the separated non-identifying attributes in the data records.
  - 8. The method of claim 1 wherein the attribute-matching algorithm assigns an ID to an encrypted data record based on a statistical match of a select set of data attributes.
  - 9. The method of claim 8 wherein the select set of data attributes comprises at least one of a patient'"'"'s date of birth, cardholder identification, record number, zip code, first name, last name, street address, and an industry standard patient identifier.
  - 10. The method of claim 1 wherein the attribute-matching algorithm assigns an ID to an encrypted data record by referencing a cross database of IDs and corresponding attributes.
  - 11. The method of claim 1 wherein step (d) and step (e) are performed in a secure environment that limits unauthorized access to patient-identifying attribute information in the data records.

12. A system for longitudinally-linking individual patient healthcare transaction data records obtained from multiple data suppliers, the system comprising:
- at a data supplier location, a first component configured to;
  
  acquire data records having patient-identifying attributes and non-identifying attributes; and
  
  doubly encrypt the patient-identifying attributes in the data records with a first encryption key specific to a central facility (LDF) and a second encryption key specific to the data supplier;
  
  at the LDF, a second component configured to;
  
  receive doubly-encrypted data records from the multiple data suppliers;
  
  partially decrypt the received data records so that the patient-identifying attributes retain the encryption by the first encryption key specific to the LDF; and
  
  perform an additional layer of encryption; and
  
  a third component configured to;
  
  assign an LDF identifier (ID) to the encrypted data records by matching attributes in the encrypted data records; and
  
  link the encrypted data records ID by ID, whereby a longitudinal database is formed.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The system of claim 12 wherein the first component is further configured to separate the patient-identifying attributes and the non-identifying attributes in the data records and to encrypt the separated patient-identifying attributes.
  - 14. The system of claim 13 wherein the first component is further configured to merge the encrypted patient-identifying attributes with the separated non-identifying attributes in the data records.
  - 15. The system of claim 12 wherein the first component is further configured to process the acquired data records to place their data fields in a standard format.
  - 16. The system of claim 12 wherein the second component is further configured to separate the encrypted patient-identifying attributes and the non-identifying attributes in the received data records, and to partially decrypt the separated patient-identifying attributes.
  - 17. The system of claim 16 wherein the second component is further configured to merge the partially decrypted patient-identifying attributes with the separated non-identifying attributes in the data records.
  - 18. The system of claim 12 wherein the third component is further configured to assign an LDF identifier (ID) to the encrypted data records based on a statistical match of a select set of data attributes.
  - 19. The system of claim 18 wherein the select set of data attributes comprises at least one of a patient'"'"'s date of birth, cardholder identification, record number, zip code, first name, last name, street address, and an industry standard patient identifier.
  - 20. The system of claim 18 wherein the third component is further configured to assign an LDF identifier (LI) to the encrypted data records by referencing a cross database of LIs and corresponding attributes.
  - 21. The system of claim 12 wherein the second component is configured for operation in a secure environment that limits unauthorized access to patient-identifying attribute information in the data records.
  - 22. The system of claim 12 whose functions are implemented using software applications.

23. A longitudinally-linked database assembled from individual patient healthcare transaction data records, the database comprising:
- multi-sourced data records in which patient identifying attributes are encrypted to preserve patient privacy, wherein each encrypted data record is assigned an identifier based on a statistical match of a select set of data attributes with a reference set of values, and wherein the data records are linked by the assigned identifiers.

24. The longitudinally-linked database wherein the select set of data attributes comprises at least one of a patient'"'"'s date of birth, cardholder identification, record number, zip code, first name, last name, street address, and an industry standard patient identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IMS Software Services Ltd. (IQVIA Holdings, Inc.)
Original Assignee
IMS Software Services Ltd. (IQVIA Holdings, Inc.)
Inventors
Kohan, Mark E., Wolfe, Clinton J.

Granted Patent

US 8,275,850 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06Q 10/10   Office automation; Time man...

G16H 10/60   for patient-specific data, ...

Multi-source longitudinal patient-level data encryption process

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-source longitudinal patient-level data encryption process

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links