Redaction of Sensitive Patient Data
First Claim
1. A method, in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions executed by the at least one processor to cause the at least one processor to redact sensitive data from a payload of data, the method comprising:
- analyzing, by the data processing system, one or more data types of data, in the payload of data, to be written to a first data structure, wherein the one or more data types correspond to attributes of a person;
scoring, by the data processing system, the one or more data types as to their sensitivity, wherein the sensitivity of a data type is a measure of a probability that a corresponding data value of the data type, either alone or in combination with other data values associated with other data types, will uniquely identify the person;
comparing, by the data processing system, each score, or an aggregation of the scores of a plurality of data types in the one or more data types, to at least one threshold;
responsive to at least one score, or the aggregation of the scores, being equal to or exceeding the at least one threshold, redacting, by the data processing system, data corresponding to one or more data types with which the at least one score, or the aggregation of scores, are associated, from the data structure; and
replacing, by the data processing system, the redacted data in the data structure with both a unique redacted identifier and at least one data type identifier that identifies at least one data type of the redacted data, to thereby generate a redacted data structure.
2 Assignments
0 Petitions
Accused Products
Abstract
Mechanisms are provided to redact sensitive data from a payload. The mechanisms analyze data types in the payload, where the data types correspond to attributes of a person. The mechanisms score the data types as to their sensitivity, which is a measure of a probability that a corresponding data value of the data type, either alone or in combination with other data values, will uniquely identify the person. Each score, or an aggregation of the scores, is compared to a threshold. Responsive to a score, or the aggregation of the scores, being equal to or exceeding the threshold, the mechanisms redact data corresponding to data types whose scores, or the aggregation of scores, are associated. The redacted data is replaced a unique redacted identifier and a data type identifier that identifies at least one data type of the redacted data.
16 Citations
20 Claims
-
1. A method, in a data processing system comprising at least one processor and at least one memory, the at least one memory comprising instructions executed by the at least one processor to cause the at least one processor to redact sensitive data from a payload of data, the method comprising:
-
analyzing, by the data processing system, one or more data types of data, in the payload of data, to be written to a first data structure, wherein the one or more data types correspond to attributes of a person; scoring, by the data processing system, the one or more data types as to their sensitivity, wherein the sensitivity of a data type is a measure of a probability that a corresponding data value of the data type, either alone or in combination with other data values associated with other data types, will uniquely identify the person; comparing, by the data processing system, each score, or an aggregation of the scores of a plurality of data types in the one or more data types, to at least one threshold; responsive to at least one score, or the aggregation of the scores, being equal to or exceeding the at least one threshold, redacting, by the data processing system, data corresponding to one or more data types with which the at least one score, or the aggregation of scores, are associated, from the data structure; and replacing, by the data processing system, the redacted data in the data structure with both a unique redacted identifier and at least one data type identifier that identifies at least one data type of the redacted data, to thereby generate a redacted data structure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
analyze one or more data types of data, in a payload of data, to be written to a first data structure, wherein the one or more data types correspond to attributes of a person; score the one or more data types as to their sensitivity, wherein the sensitivity of a data type is a measure of a probability that a corresponding data value of the data type, either alone or in combination with other data values associated with other data types, will uniquely identify the person; compare each score, or an aggregation of the scores of a plurality of data types in the one or more data types, to at least one threshold; responsive to at least one score, or the aggregation of the scores, being equal to or exceeding the at least one threshold, redact data corresponding to one or more data types with which the at least one score, or the aggregation of scores, are associated, from the data structure; and replace the redacted data in the data structure with both a unique redacted identifier and at least one data type identifier that identifies at least one data type of the redacted data, to thereby generate a redacted data structure. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to; analyze one or more data types of data, in a payload of data, to be written to a first data structure, wherein the one or more data types correspond to attributes of a person; score the one or more data types as to their sensitivity, wherein the sensitivity of a data type is a measure of a probability that a corresponding data value of the data type, either alone or in combination with other data values associated with other data types, will uniquely identify the person; compare each score, or an aggregation of the scores of a plurality of data types in the one or more data types, to at least one threshold; responsive to at least one score, or the aggregation of the scores, being equal to or exceeding the at least one threshold, redact data corresponding to one or more data types with which the at least one score, or the aggregation of scores, are associated, from the data structure; and replace the redacted data in the data structure with both a unique redacted identifier and at least one data type identifier that identifies at least one data type of the redacted data, to thereby generate a redacted data structure.
-
Specification