SYSTEM FOR ANONYMIZING AND AGGREGATING PROTECTED HEALTH INFORMATION

US 20150149208A1
Filed: 11/27/2013
Published: 05/28/2015
Est. Priority Date: 11/27/2013
Status: Active Grant

First Claim

Patent Images

1. A system for anonymizing and aggregating protected health information (PHI) from a plurality of data sources, the system comprising:

a plurality of data hashing appliances each operatively coupled to a respective data source, each hashing appliance configured to receive from the respective data source, one or more patient medical records, each patient medical record containing at least one data element corresponding to confidential protected health information (PHI), and a master record number (MRN) assigned by the respective data source;

each data hashing appliance configured to;

append a salt value to each data element corresponding to confidential PHI in the patient medical record;

generate a hash value for each data element corresponding to salted confidential PHI;

replace the data element corresponding to confidential PHI with the corresponding generated hash value to generate an anonymized patient medical record;

a master patient index server coupled to a data repository, configured to aggregate a plurality of anonymized patient medical records received from the plurality of data hashing appliances under a unique patient identifier;

a vector and cluster matching engine operatively coupled to the master patient index server and the data repository, and configured to determine if the anonymized patient medical record received from respective hashing appliances match the unique patient identifier corresponding to at least a second anonymized patient medical record stored in the data repository, the matching determined by;

generating a comparison vector by comparing the hash values corresponding to the confidential PHI in the received anonymized patient medical record with corresponding hash values in the second anonymized patient medical record;

generating a confidence vector by assigning weights based on predetermined match conditions;

crossing the comparison vector with the confidence vector to obtain a match confidence level;

comparing the match confidence level to a predetermined threshold; and

mapping the received anonymized patient medical record to the unique patient identifier if the confidence level is greater than the predetermined threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A patient anonymizing system includes a plurality of hashing appliances and data sources. Each appliance receives medical records containing at least confidential protected health information (PHI). A salt value is appended to each confidential PHI, and a hash is generated, which replaces the confidential PHI to generate an anonymized record. A master patient index server aggregates the anonymized records. A vector and cluster matching engine determines if the anonymized record matches a unique patient identifier corresponding to a second anonymized record. A comparison vector is generated by comparing hash values of the confidential PHI with hash values in the second anonymized record, and is crossed with a confidence vector having weights based on match conditions. This produces a match confidence level, which is compared to a threshold. If the threshold is met, the anonymized record is mapped to the unique patient identifier associated with the second record.

74 Citations

View as Search Results

20 Claims

1. A system for anonymizing and aggregating protected health information (PHI) from a plurality of data sources, the system comprising:
- a plurality of data hashing appliances each operatively coupled to a respective data source, each hashing appliance configured to receive from the respective data source, one or more patient medical records, each patient medical record containing at least one data element corresponding to confidential protected health information (PHI), and a master record number (MRN) assigned by the respective data source;
  
  each data hashing appliance configured to;
  
  append a salt value to each data element corresponding to confidential PHI in the patient medical record;
  
  generate a hash value for each data element corresponding to salted confidential PHI;
  
  replace the data element corresponding to confidential PHI with the corresponding generated hash value to generate an anonymized patient medical record;
  
  a master patient index server coupled to a data repository, configured to aggregate a plurality of anonymized patient medical records received from the plurality of data hashing appliances under a unique patient identifier;
  
  a vector and cluster matching engine operatively coupled to the master patient index server and the data repository, and configured to determine if the anonymized patient medical record received from respective hashing appliances match the unique patient identifier corresponding to at least a second anonymized patient medical record stored in the data repository, the matching determined by;
  
  generating a comparison vector by comparing the hash values corresponding to the confidential PHI in the received anonymized patient medical record with corresponding hash values in the second anonymized patient medical record;
  
  generating a confidence vector by assigning weights based on predetermined match conditions;
  
  crossing the comparison vector with the confidence vector to obtain a match confidence level;
  
  comparing the match confidence level to a predetermined threshold; and
  
  mapping the received anonymized patient medical record to the unique patient identifier if the confidence level is greater than the predetermined threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system according to claim 1, wherein a third party hash key service provides the salt value to the hashing appliance, the third party hash key service being separate and independent from the data source, the master patient index server, and the data repository.
  - 3. The system according to claim 1, wherein the patient medical record includes data elements corresponding to confidential PHI and non-confidential PHI, wherein only data elements corresponding to confidential PHI are anonymized at the respective data source prior to transmission to the master patient index server.
  - 4. The system according to claim 1, wherein the predetermined match conditions include a data match condition, a data not matched condition, and a data not supplied condition.
  - 5. The system according to claim 1, wherein:
    - each data element corresponding to confidential PHI is processed using a first hash algorithm to generate a first hash value;
      
      each first hash value is processed using a second hash algorithm to generate a second hash value;
      
      each first hash value is destroyed; and
      
      each data element corresponding to confidential PHI in the patent medical record is replaced by the corresponding second hash value, such that the corresponding second hash value cannot be decoded so as to identify the value of the original data element corresponding to confidential PHI.
  - 6. The system according to claim 5, wherein the corresponding second hash values will be identical if the value of the original data element corresponding to confidential PHI were identical.
  - 7. The system according to claim 5, wherein the second hash algorithm has hash bit-width smaller than a hash bit-width of the first hash algorithm so that a data is lost from a first hash in the creation of a corresponding second hash, wherein the second hash value cannot be decoded or reversed to decode the value of the original data element corresponding to confidential PHI.
  - 8. The system according to claim 1, wherein the weights provided in the confidence vector are based on a not equal condition, an equal condition, and a not supplied condition with respect to hash values corresponding to the confidential PHI between the received anonymized patient medical record and the second anonymized patient medical record.
  - 9. The system according to claim 8,wherein the confidence vector includes a value for each not supplied condition based historical statistical data;
    - wherein a weight corresponding to a not supplied condition varies according to the field in the patient medical record that is missing; and
      
      wherein the weights are tunable.
  - 10. The system according to claim 1 wherein the anonymizer appliance provides an offset value to replace each date of service field in the patient medical record using an integer valued saved in the data repository so as to offset the dates of service.
  - 11. The system according to claim 1, wherein the hashing appliance is operatively coupled within the respective data source, and the respective data source is separate and independent from the master patient index server and from the data repository.
  - 12. The system according to claim 1, wherein the hashing appliance generates a hash value for the MRN of the patient medical record, and encrypts the hashed MRN using a key provided by the respective data source, and wherein the data source saves the hashed MRN in a MRN-to-patient table to provide a correspondence between the hashed MRN value and an identity of the patient associated with the patient medical record.
  - 13. The system according to claim 12, wherein:
    - based on a re-identification request corresponding to a targeted MRN, the master patient index server transmits the encrypted targeted MRN to the source system that originally assigned the MRN to the patient record; and
      
      the source system decrypts the targeted MRN and locates the targeted MRN in the table to re-identify the patient associated with the targeted MRN.

14. A method for anonymizing and aggregating protected health information (PHI) from multiple data sources, the method comprising:
- transmitting, by a data source, a plurality of patient medical records, to a hashing appliance operatively coupled to the data source, each patient medical record containing at least one data element corresponding to confidential protected health information (PHI);
  
  the hashing appliance;
  
  appending a salt value to each data element corresponding to confidential PHI in the patient medical record;
  
  generating a hash value for each data element corresponding to salted confidential PHI;
  
  replacing the data element corresponding to confidential PHI with the corresponding generated hash value to generate an anonymized patient medical record;
  
  transmitting, by the hashing appliance, a plurality of anonymized patient medical records, to a data repository;
  
  aggregating, by the data repository, the plurality of anonymized patient medical records under a unique patient identifier;
  
  determining, using a vector and cluster matching engine operatively coupled to the data repository, if the anonymized patient medical record received from the hashing appliance matches the unique patient identifier corresponding to at least a second anonymized patient medical record stored in the data repository, the matching determined by;
  
  generating a comparison vector by comparing the hash values corresponding to the confidential PHI in the received anonymized patient medical record with the hash values in the second anonymized patient medical record;
  
  generating a confidence vector by assigning weights based on predetermined match conditions;
  
  crossing the comparison vector with the confidence vector to obtain a match confidence level;
  
  comparing the match confidence level to a predetermined threshold; and
  
  mapping the received anonymized patient medical record to the unique patient identifier if the confidence level is greater than the predetermined threshold.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The system according to claim 14, wherein a third party hash key service provides the salt value to the hashing appliance, the third party hash key service being separate and independent from the source system, the master patient index server, and the data repository.
  - 16. The system according to claim 14, wherein:
    - the data element corresponding to confidential PHI is processed using a first hash algorithm to generate a first hash value;
      
      each first hash value is processed using a second hash algorithm to generate a second hash value;
      
      each first hash value is destroyed; and
      
      data element corresponding to confidential PHI in the patent medical record is replaced by the corresponding second hash value, such that the corresponding second hash value cannot be decoded so as to identify the value of the original data element corresponding to confidential PHI.
  - 17. The system according to claim 16, wherein the second hash algorithm has a hash bit-width smaller than a hash-bit width of the first hash algorithm so that data is lost from a first hash in the creation of a corresponding second hash, so that the second hash value cannot be decoded or reversed to obtain the value of the original data element corresponding to the confidential PHI.
  - 18. The system according to claim 14, wherein:
    - each patient medical record includes a master record number (MRN) assigned by the data source;
      
      the hashing appliance generates a hash value for the MRN of the patient medical record, and encrypts the hashed MRN using a key provided by the respective source system; and
      
      the source system saves the hashed MRN in a MRN-to-patient table to provide a correspondence between the hashed MRN value and an identity of the patient associated with the patient medical record.
  - 19. The system according to claim 18, wherein:
    - based on a re-identification request corresponding to a targeted MRN, the master patient index server transmits the encrypted targeted MRN to the source system that originally assigned the MRN to the patient record; and
      
      the source system decrypts the targeted MRN and locates the targeted MRN in the table to re-identify the patient associated with the targeted MRN.

20. A method for anonymizing and aggregating protected health information (PHI) from multiple data sources, the method comprising:
- transmitting a plurality of patient medical records, to a hashing appliance, each patient medical record containing at least one data element corresponding to confidential protected health information (PHI);
  
  the hashing appliance configured to;
  
  append a salt value to each data element corresponding to confidential PHI in the patient medical record;
  
  generate a hash value for each data element corresponding to salted confidential PHI;
  
  replace the data element corresponding to confidential PHI with the corresponding generated hash value to generate an anonymized patient medical record;
  
  aggregating the plurality of anonymized patient medical records under a unique patent identifier;
  
  determining if the anonymized patient medical record matches the unique patient identifier corresponding to at least a second anonymized patient medical record, the matching determined by;
  
  generating a comparison vector by comparing the hash values corresponding to the confidential PHI in the anonymized patient medical record with the hash values in a cluster of anonymized patient medical records;
  
  generating a confidence vector by assigning weights based on predetermined match conditions;
  
  crossing the comparison vector with the confidence vector to obtain a match confidence level;
  
  comparing the match confidence level to a predetermined threshold; and
  
  mapping the received anonymized patient medical record to the cluster if the confidence level is greater than the predetermined threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accenture Global Services Limited (Accenture PLC)
Original Assignee
Accenture Global Services Limited (Accenture PLC)
Inventors
Lynch, Cecil O., Carroll, Dennis, Truscott, Andrew J.

Granted Patent

US 10,607,726 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/3
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G16H 10/60   for patient-specific data, ...

G16Z 99/00   Subject matter not provided...

SYSTEM FOR ANONYMIZING AND AGGREGATING PROTECTED HEALTH INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR ANONYMIZING AND AGGREGATING PROTECTED HEALTH INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links