Anonymously linking a plurality of data records
DCFirst Claim
1. A computer-implemented method for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, the method comprising:
- for each of the plurality of data records;
encoding a first encoded identity reference from a first subset of the identifying elements of a data record;
encoding a second encoded identity reference from a second subset of the identifying elements of the data record;
assigning to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record; and
inserting the assigned anonymization code into the data record.
13 Assignments
Litigations
1 Petition
Accused Products
Abstract
A system for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, includes a first identity reference encoding module configured to encode a first encoded identity reference from a first subset of the identifying elements of a data record; a second identity reference encoding module configured to encode a second encoded identity reference from a second subset of the identifying elements of the data record; and an anonymization code assignment module configured to assign to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record.
303 Citations
42 Claims
-
1. A computer-implemented method for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, the method comprising:
-
for each of the plurality of data records;
encoding a first encoded identity reference from a first subset of the identifying elements of a data record;
encoding a second encoded identity reference from a second subset of the identifying elements of the data record;
assigning to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record; and
inserting the assigned anonymization code into the data record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
removing the plurality of identifying elements from the data record.
-
-
3. The method of claim 1, wherein assigning to each of the first and second encoded identity references an identical anonymization code comprises:
-
determining whether each of the first and second encoded identity references has an assigned anonymization code; and
in response to neither the first nor second encoded identity references having an assigned anonymization code;
providing a new anonymization code; and
assigning the new anonymization code to both the first and second encoded identity references.
-
-
4. The method of claim 3, wherein a database stores at least one anonymization code assigned to an encoded identity reference, and wherein determining whether each of the first and second encoded identity references has an assigned anonymization code comprises:
querying the database for an anonymization code assigned to each of the first and second encoded identity references.
-
5. The method of claim 3, wherein a database stores anonymization codes assigned to encoded identity references, and wherein assigning the new anonymization code to both the first and second encoded identity references comprises:
-
storing the new anonymization code in the database; and
associating, within the database, the new anonymization code with the first and second encoded identity references.
-
-
6. The method of claim 1, wherein assigning to each of the first and second encoded identity references an identical anonymization code comprises:
-
determining whether each of the first and second encoded identity references has an assigned anonymization code; and
in response to the first encoded identity reference having an anonymization code and the second encoded identity reference not having an assigned anonymization code;
assigning the second encoded identity reference the same anonymization code assigned to the first encoded identity reference.
-
-
7. The method of claim 6, wherein a database stores anonymization codes assigned to encoded identity references, and wherein assigning the second encoded identity reference the same anonymization code assigned to the first encoded identity reference comprises:
associating, within the database, the second encoded identity reference with assigned anonymization code of the first encoded identity reference.
-
8. The method of claim 1, further comprising:
repeating the calculating and assigning steps for each of the plurality of data records.
-
9. The method of claim 1, wherein encoding a first encoded identity reference comprises:
encoding the first subset of identifying elements using a one-way hash function.
-
10. The method of claim 1, wherein encoding a second encoded identity reference comprises:
encoding the second subset of identifying elements using a one-way hash function.
-
11. The method of claim 1, wherein one of the first and second subsets of identifying elements comprises a name, a birth date, and a zip code.
-
12. The method of claim 1, wherein one of the first and second subsets of identifying elements comprises a healthcare identifier and a birth date.
-
13. The method of claim 1, wherein one of the first and second subsets of identifying elements comprises a telephone number and birth date.
-
14. The method of claim 1, wherein the plurality of data records are selected from the group consisting of healthcare transaction records and financial transaction records.
-
15. A system for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, the system comprising:
-
a first identity reference encoding module configured to calculate a first encoded identity reference from a first subset of the identifying elements of a data record;
a second identity reference encoding module configured to calculate a second encoded identity reference from a second subset of the identifying elements of the data record;
an anonymization code assignment module configured to assign to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the record; and
an anonymization code insertion module configured to insert the assigned anonymization code into the data record;
wherein the system is configured to calculate first and second encoded identity references, and assign and insert anonymization codes for each of the plurality of data records. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
an identifying element removal module configured to remove the plurality of identifying elements from the data record.
-
-
17. The system of claim 15, wherein the anonymization code assignment module comprises:
-
an anonymization code lookup module configured to determine whether each of the first and second encoded identity references has an assigned anonymization code; and
an anonymization code generation module configured, in response to neither the first nor second encoded identity references having an assigned anonymization code, to provide a new anonymization code and assign the new anonymization code to both the first and second encoded identity references.
-
-
18. The system of claim 17, further comprising:
an anonymization code database configured to store at least one anonymization code assigned to an encoded identity reference.
-
19. The system of claim 18, wherein the anonymization code lookup module comprises:
a database querying module configured to query the anonymization code database for an anonymization code for each of the first and second encoded identity references.
-
20. The system of claim 18, wherein the anonymization code assignment module comprises:
a database update module configured to store the new anonymization code in the database and associate, within the database, the new anonymization code with the first and second encoded identity references.
-
21. The system of claim 15, wherein the anonymization code assignment module comprises:
-
an anonymization code lookup module configured to determine whether each of the first and second encoded identity references has an assigned anonymization code; and
an anonymization code generation module configured, in response to the first encoded identity reference having an anonymization code and the second encoded identity reference not having an assigned anonymization code, to assign the second encoded identity reference the same anonymization code assigned to the first encoded identity reference.
-
-
22. The system of claim 21, wherein an anonymization code database stores at least one anonymization code assigned to an encoded identity reference, and wherein the anonymization code assignment module comprises:
a database update module configured to associate, within the database, the second encoded identity reference with the same anonymization code assigned to first encoded identity reference.
-
23. The system of claim 15, wherein the first encoded identity reference comprises a one-way hash of the first subset of identifying elements.
-
24. The system of claim 15, wherein the second encoded identity reference comprises a one-way hash of the second subset of identifying elements.
-
25. The system of claim 15, wherein one of the first and second subsets of identifying elements comprises a name, a birth date, and a zip code.
-
26. The system of claim 15, wherein one of the first and second subsets of identifying elements comprises a healthcare identifier and a birth date.
-
27. The system of claim 15, wherein one of the first and second subsets of identifying elements comprises a telephone number and a birth date.
-
28. The system of claim 15, wherein the plurality of data records are selected from the group consisting of healthcare transaction records and financial transaction records.
-
29. An article of manufacture comprising a program storage medium readable by a processor and embodying one or more instructions executable by the processor to perform a computer-implemented method for anonymously linking a plurality of data records, each data record comprising a plurality of elements for identifying an associated individual, the method comprising:
-
for each of the plurality of data records;
encoding a first encoded identity reference from a first subset of the identifying elements of a data record;
encoding a second encoded identity reference from a second subset of the identifying elements of the data record;
assigning to each of the first and second encoded identity references an identical anonymization code for anonymously representing the individual associated with the data record; and
inserting the assigned anonymization code into the data record. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
removing the plurality of identifying elements from the data record.
-
-
31. The article of manufacture of claim 29, wherein assigning to each of the first and second encoded identity references an identical anonymization code comprises:
-
determining whether each of the first and second encoded identity references has an assigned anonymization code; and
in response to neither the first nor second encoded identity references having an assigned anonymization code;
providing a new anonymization code; and
assigning the new anonymization code to both the first and second encoded identity references.
-
-
32. The article of manufacture of claim 31, wherein a database stores at least one anonymization code assigned to an encoded identity reference, and wherein determining whether each of the first and second encoded identity references has an assigned anonymization code comprises:
querying the database for an anonymization code assigned to each of the first and second encoded identity references.
-
33. The article of manufacture of claim 31, wherein a database stores at least one anonymization code assigned to an encoded identity reference, and wherein assigning the new anonymization code to both the first and second encoded identity references comprises:
-
storing the new anonymization code in the database; and
associating, within the database, the new anonymization code with the first and second encoded identity references.
-
-
34. The article of manufacture of claim 29, wherein assigning to each of the first and second encoded identity references an identical anonymization code comprises:
-
determining whether each of the first and second encoded identity references has an assigned anonymization code; and
in response to the first encoded identity reference having an anonymization code and the second encoded identity reference not having an assigned anonymization code;
assigning the second encoded identity reference the same anonymization code assigned to the first encoded identity reference.
-
-
35. The article of manufacture of claim 34, wherein a database stores at least one anonymization code assigned to an encoded identity references, and wherein assigning the second encoded identity reference the same anonymization code assigned to the first encoded identity reference comprises:
associating, within the database, the second encoded identity reference with assigned anonymization code of the first encoded identity reference.
-
36. The article of manufacture of claim 29, the method further comprising:
repeating the calculating and assigning steps for each of the plurality of data records.
-
37. The article of manufacture of claim 29, wherein encoding a first encoded identity reference comprises:
encoding the first subset of identifying elements using a one-way hash function.
-
38. The article of manufacture of claim 29, wherein encoding a second encoded identity reference comprises:
encoding the second subset of identifying elements using a one-way hash function.
-
39. The article of manufacture of claim 29, wherein one of the first and second subsets of identifying elements comprises a name, a birth date, and a zip code.
-
40. The article of manufacture of claim 29, wherein one of the first and second subsets of identifying elements comprises a healthcare identifier and a birth date.
-
41. The article of manufacture of claim 29, wherein one of the first and second subsets of identifying elements comprises a telephone number and birth date.
-
42. The article of manufacture of claim 29, wherein the plurality of data records are selected from the group consisting of healthcare transaction records and financial transaction records.
Specification