Systems and methods for encryption-based de-identification of protected health information

US 7,519,591 B2
Filed: 03/09/2004
Issued: 04/14/2009
Est. Priority Date: 03/12/2003
Status: Active Grant

First Claim

Patent Images

1. A method for processing data, comprising the steps of:

obtaining a patient data record of a patient which includes patient identifying information;

removing the patient identifying information from the patient data record to generate a de-identified data record comprising unencrypted patient data in the patient data record which does not identify the patient;

generating an encrypted ID for the patient, wherein the encrypted ID comprises an encrypted representation of one or more items of patient identifying information; and

storing the encrypted ID with or in the de-identified data record,wherein the step of removing the patient identifying information in the patient data record includes automatically removing patient identifying information from an unstructured data record by locating a text string in the unstructured data records that includes patient identifying information, and removing the text string from the unstructured data record, wherein the text string to be removed from the unstructured data record is determined based on a matching text string that is included in a database element of a structured data record associated with the unstructured data record.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for protecting individual privacy (e.g., patient privacy) when individual data records (e.g., patient data records) are shared between various entities (e.g., healthcare entities). In one aspect, systems and methods are provided which implement secured key encryption for de-identifying patient data to ensure patient privacy, while allowing only the owners of the patient data and/or legally empowered entities to re-identify subject patients associated with de-identified patient data records, when needed.

121 Citations

33 Claims

1. A method for processing data, comprising the steps of:
- obtaining a patient data record of a patient which includes patient identifying information;
  
  removing the patient identifying information from the patient data record to generate a de-identified data record comprising unencrypted patient data in the patient data record which does not identify the patient;
  
  generating an encrypted ID for the patient, wherein the encrypted ID comprises an encrypted representation of one or more items of patient identifying information; and
  
  storing the encrypted ID with or in the de-identified data record,wherein the step of removing the patient identifying information in the patient data record includes automatically removing patient identifying information from an unstructured data record by locating a text string in the unstructured data records that includes patient identifying information, and removing the text string from the unstructured data record, wherein the text string to be removed from the unstructured data record is determined based on a matching text string that is included in a database element of a structured data record associated with the unstructured data record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the step of generating an encrypted ID for the patient comprises encrypting the one or more items of patient identifying information using a public key.
  - 3. The method of claim 1, further comprising securely maintaining a decryption key, which can be accessed by an authorized entity to decrypt the encrypted ID in the de-identified data record to re-identify the patient.
  - 4. The method of claim 3, wherein the decryption key is a private key that is associated with the public key for encryption.
  - 5. The method of claim 3, wherein the decryption key is a master private key that can decrypt de-identified data produced from many encryption/decryption key pairs.
  - 6. The method of claim 1, wherein the step of removing the patient identifying information in the patient data record to generate a de-identified data record is performed in compliance with a Safe Harbor rule or Limited Data set Rule of HIPAA.
  - 7. The method of claim 1, wherein the step of removing the patient identifying information in the patient data record includes automatically removing patient identifying information from a structured data record.
  - 8. The method of claim 6, wherein the step of removing the patient identifying information from the patient data record comprises removing database elements that contain the patient identifying information.
  - 9. The method of claim 1, wherein the step of removing the patient identifying information from the patient data record includes automatically removing patient identifying information from an image.
  - 10. The method of claim 9, wherein the step of automatically removing patient identifying information from an image comprises removing patient identifying information contained in structured fields.
  - 11. The method of claim 9, wherein the step of automatically removing patient identifying information from an image comprises manually identifying burned-in patient identifying information within an image and automatically blanking the identified patient identifying information.
  - 12. The method of claim 1, further comprising the steps of:
    - mapping the encrypted ID to a Study ID that comprises an arbitrary human readable ID which contains no patient identifying information; and
      
      generating a data structure that includes the mapping.
  - 13. The method of claim 12, further comprising mapping the Study ID to one or more replacement strings that can be used to replace de-identified data in the de-identified data record.
  - 14. The method of claim 12, further comprising making the data structure publicly accessible.
  - 15. The method of claim 12, further comprising using the encrypted ID or corresponding Study ID to recognize a subject patient of patient data records collected at different times.
  - 16. The method of claim 1, wherein the method is implemented for sharing patient data for purposes of research.
  - 17. The method of claim 1, wherein the method is implemented for sharing patient data for purposes of central monitoring for natural or human induced disease outbreaks.

18. A program storage device readable by a machine, tangibly embodying a program of instructions executable on the machine to perform method steps for processing medical information, the method steps comprising:
- obtaining a patient data record of a patient which includes patient identifying information;
  
  removing the patient identifying information from the patient data record to generate a de-identified data record comprising unencrypted patient data in the patient data record which does not identify the patient;
  
  generating an encrypted ID for the patient, wherein the encrypted ID comprises an encrypted representation of one or more items of patient identifying information; and
  
  storing the encrypted ID with or in the de-identified data record,wherein the instructions for removing the patient identifying information in the patient data record comprise instructions for automatically removing patient identifying information from an unstructured data record by locating a text string in the unstructured data records that includes patient identifying information and removing the text string from the unstructured data record, wherein the text string to be removed from the unstructured data record is determined based on a matching text string that is included in a database element of a structured data record associated with the unstructured data record.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The program storage device of claim 18, wherein the instructions for generating an encrypted ID for the patient comprise instructions for encrypting the one or more items of patient identifying information using a public key.
  - 20. The program storage device of claim 18, further comprising instructions for securely maintaining a decryption key, which can be accessed by an authorized entity to decrypt the encrypted ID in the de-identified data record to re-identify the patient.
  - 21. The program storage device of claim 20, wherein the decryption key is a private key that is associated with the public key for encryption.
  - 22. The program storage device of claim 20, wherein the decryption key is a master private key that can decrypt de-identified data produced from many encryption/decryption key pairs.
  - 23. The program storage device of claim 18, wherein the instructions for removing the patient identifying information in the patient data record to generate a de-identified data record is performed in compliance with a Safe Harbor rule or Limited Data set Rule of HIPAA.
  - 24. The program storage device of claim 18, wherein the step of removing the patient identifying information in the patient data record includes automatically removing patient identifying information from a structured data record.
  - 25. The program storage device of claim 24, wherein the instructions for automatically removing patient identifying information from a structured data record comprise instructions for removing database elements that contain patient identifying information.
  - 26. The program storage device of claim 18 wherein the instructions for removing the patient identifying information in the patient data record comprise instructions for automatically removing patient identifying information from an image.
  - 27. The program storage device of claim 26, wherein the instructions for automatically removing patient identifying information from an image comprise instructions for removing patient identifying information contained in structured fields.
  - 28. The program storage device of claim 18, farther comprising instructions for performing the steps of:
    - mapping the encrypted ID to a Study ID that comprises an arbitrary human readable ID which contains no patient identifying information; and
      
      generating a data structure that includes the mapping.
  - 29. The program storage device of claim 28, further comprising instructions for mapping the Study ID to one or more replacement strings that can be used to replace de-identified data in the de-identified data record.

30. A method for processing data, comprising the steps of:
- obtaining a data record of an individual which includes individual identifying information;
  
  removing the individual identifying information from the data record to generate a de-identified data record comprising unencrypted data in the data record which does not identify the individual;
  
  generating an encrypted ID for the individual, wherein the encrypted ID comprises an encrypted representation of one or more items of individual identifying information; and
  
  storing the encrypted ID with or in the de-identified data record,wherein the step of removing the individual identifying information from the data record includes automatically removing the individual identifying information from an unstructured data record by locating a text string in the unstructured data records that includes the individual identifying information, and removing the text string from the unstructured data record, wherein the text string to be removed from the unstructured data record is determined based on a matching text string that is included in a database element of a structured data record associated with the unstructured data record.
- View Dependent Claims (31, 32, 33)
- - 31. The method of claim 30, wherein the data record comprises medical information.
  - 32. The method of claim 30, wherein the data record comprises financial information.
  - 33. The method of claim 30, further comprising securely maintaining a decryption key, which can be accessed by an authorized entity to decrypt the encrypted ID in the de-identified data record to re-identify the individual.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cerner Innovation, Inc. (Oracle Corporation)
Original Assignee
Siemens Medical Solutions USA Incorporated (Siemens AG)
Inventors
Landi, William A., Rao, R. Bharat
Primary Examiner(s)
Wong; Don
Assistant Examiner(s)
Nguyen; Merilyn P

Application Number

US10/796,255
Publication Number

US 20050165623A1
Time in Patent Office

1,862 Days
Field of Search

707/1, 707/9, 707/100, 707/102, 707/103.R, 707/6, 707/10, 707/104.1, 707/200, 713/109, 713/193, 705/2, 705/3, 705/51, 726/26, 726/27
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2107   File encryption

G06F 2221/2115   Third party

G16H 10/60   for patient-specific data, ...

H04L 2209/88   Medical equipments

H04L 9/083   involving central third par...

H04L 9/14   using a plurality of keys o...

Y10S 707/99936   Pattern matching access

Y10S 707/99939   Privileged access

Y10S 707/99945   Object-oriented database st...

Systems and methods for encryption-based de-identification of protected health information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for encryption-based de-identification of protected health information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links