System and method of de-identifying data

US 7,158,979 B2
Filed: 05/22/2002
Issued: 01/02/2007
Est. Priority Date: 05/22/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving data corresponding to an individual, wherein the data includes transactional data stored in a transaction table and data identifying the individual stored in a personal information table, and wherein the individual is associated with at least one transaction in the transaction table;

generating a de-identification pointer associated with a portion of the data, wherein the de-identification pointer substitutes the data identifying the individual in the personal information table;

creating a non-protected transaction table, wherein the non-protected transaction table includes de-identified transactional data corresponding to the individual, the de-identified transactional data not being capable of identifying the individual; and

creating an index table including the de-identification pointer and the non-protected transaction table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of de-identifying data, wherein the data to be de-identified is stored in a transaction table containing transactions and a personal information table containing identifiable information. The method includes the steps of generating a de-identification pointer associated with an individual in the personal information table, wherein the individual is associated with at least one transaction in the transaction table; creating a non-protected transaction table, wherein the non-protected transaction table includes a non-protected transaction reference and non-protected information associated with a transaction from the transactional table; and creating an index table including the identification and the non protected transaction reference. According to a preferred embodiment, the identification is advantageously unique and may also lack context to the individual. According to a further feature, the identification may be random or pseudo-random.

Citations

13 Claims

1. A method comprising:
- receiving data corresponding to an individual, wherein the data includes transactional data stored in a transaction table and data identifying the individual stored in a personal information table, and wherein the individual is associated with at least one transaction in the transaction table;
  
  generating a de-identification pointer associated with a portion of the data, wherein the de-identification pointer substitutes the data identifying the individual in the personal information table;
  
  creating a non-protected transaction table, wherein the non-protected transaction table includes de-identified transactional data corresponding to the individual, the de-identified transactional data not being capable of identifying the individual; and
  
  creating an index table including the de-identification pointer and the non-protected transaction table.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein generating a de-identification pointer further includes the step of generating the de-identification pointer based on a shuffling algorithm, wherein the data identifying the individual stored in the personal information table cannot be derived from the de-identification pointer.
  - 3. The method of claim 1, further including the steps of:
    - securing the transaction table by implementing a database view to control access to the transaction table; and
      
      initiating the index table, the non-protected transaction table and a secure reference table, wherein the secure reference table includes identifiable information and the de-identification pointer.
  - 4. The method of claim 1, further including the steps of:
    - querying the personal information table for a record comprising data identifying an individual; and
      
      if a new record exists, generating de-identification pointer not derived from information associated with the record, wherein the de-identification pointer is not being capable of identifying the individual.
  - 5. The method of claim 1, wherein generating the de-identification pointer associated with a portion of the data further comprising verifying that the generated de-identification pointer is not duplicated in the index table.
  - 6. The method of claim 3, further including the step of incorporating the de-identification pointer into a new record and adding the new record in the secure reference table.

7. A computer for de-identifying data stored in a transaction table comprising transactions and a personal information table comprising identifiable information, the computer comprising:
- a memory comprising software providing instructions for;
  
  (i) generating a de-identification pointer associated with an individual in the personal information table, wherein the de-identification pointer substitutes data identifying the individual, and wherein the individual is associated with at least one transaction in the transaction table;
  
  (ii) creating a non-protected transaction table, wherein the non-protected transaction table includes de-identified transactional data corresponding to the individual, the de-identified transactional data not being capable of identifying the individual;
  
  (iii) creating an index table including the identification pointer and the non protected transaction table; and
  
  a processor to execute the software.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The computer of claim 7, wherein the software providing instructions for generating the de-identification pointer comprises providing instructions for generating the de-identification pointer based on a shuffling algorithm, wherein any data elements associated with the personal information table cannot be derived from the identification pointer.
  - 9. The computer of claim 7, wherein the memory further comprising software for initializing the index table, the non-protected transaction table and a secure reference table, wherein the secure reference table includes data that identifies the individual information and the identification pointer.
  - 10. The computer of claim 7, wherein the memory further comprising software providing instructions for querying the personal information table for a record comprising data identifying an individual and generating a de-identification pointer not derived from information associated with the record, if a new record exists.
  - 11. The computer of claim 7, wherein the memory further comprising software providing instructions for(i) generating a de-identification pointer not based a subset of the data identifying an individual for each record in the personal information table;
    - and(ii) verifying that the generated de-identification pointer is not duplicated in the index table.
  - 12. The computer of claim 7, wherein the memory further comprising software providing instructions for incorporating the de-identification pointer into a new record and adds the new record in the secure reference table.
  - 13. The computer of claim 7, wherein the memory further comprising software providing instructions for securing the transaction database by implementing a database view to control access to the transaction database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ingenix Incorporated (UnitedHealth Group Incorporated)
Original Assignee
Ingenix Incorporated (UnitedHealth Group Incorporated)
Inventors
Iverson, Dane Steven, Davis, Karen Muthler
Primary Examiner(s)
Rimell; Sam

Application Number

US10/151,974
Publication Number

US 20030220927A1
Time in Patent Office

1,686 Days
Field of Search

707 1- 4, 707100-102, 707/104.1
US Class Current

707/741
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

System and method of de-identifying data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of de-identifying data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links