Systems and methods to relate multiple unit level datasets without retention of unit identifiable information
First Claim
Patent Images
1. A method of replacing a personally identifiable key with an anonymous key comprising:
- establishing a domain of data providers who agree to share elements of their datasets without personally identifiable information in accordance with a domain agreement;
transmitting the source data records to an anonymous key authority, the authority does not have access to non-key data of interest;
generating a consistent anonymous key to replace each personally identifiable key, the anonymous key being unique to the domain agreement;
transmitting the records to the recipient such that the recipient can receive the anonymous key and decrypt the associated non-identifying data values.
0 Assignments
0 Petitions
Accused Products
Abstract
A method by which researchers may receive unit level data (individual person records) from multiple sources and aggregate that data without receiving personally identifiable data. Since the unconstrained aggregation of seemingly non-identifying data elements can eventually lead to subject identification, the aggregation is limited to a predefined data aggregation domain.
64 Citations
24 Claims
-
1. A method of replacing a personally identifiable key with an anonymous key comprising:
-
establishing a domain of data providers who agree to share elements of their datasets without personally identifiable information in accordance with a domain agreement;
transmitting the source data records to an anonymous key authority, the authority does not have access to non-key data of interest;
generating a consistent anonymous key to replace each personally identifiable key, the anonymous key being unique to the domain agreement;
transmitting the records to the recipient such that the recipient can receive the anonymous key and decrypt the associated non-identifying data values. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system comprising:
-
at least one data provider;
first software that provides a plurality of records, from the data provider, each record having a personal identifier section and an encrypted data section;
an anonymous key authority;
second software that removes the identifier section and associates with each member of the plurality a new identifier which can not disclose the individual identifier; and
third software that combines the new identifier with one or more respective encrypted data sections. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of replacing a personally identifiable key with an anonymous key comprising:
-
establishing a domain of data providers who agree to share elements of their datasets without personally identifiable information in accordance with a domain agreement;
transmitting the source data records to an anonymous key authority, the authority does not have access to non-key data of interest;
generating a consistent anonymous key to replace each personally identifiable key, the anonymous key being unique to at least portions of the personally identifiable key and the domain agreement; and
transmitting the records to the recipient such that the recipient can receive the anonymous key and decrypt the associated non-identifying data values. - View Dependent Claims (23, 24)
-
Specification