Multi-source longitudinal patient-level data encryption process
First Claim
1. A method for assembling a longitudinally-linked database from individual patient healthcare transaction data records, the method comprising:
- at a central facility (LDF),receiving data records including at least one patient non-identifying attribute and at least one individually encrypted patient-identifying attribute, the at least one patient-identifying attribute first encrypted using a first encryption key specific to the LDF and further encrypted with a second encryption key unique to a data source so that original unencrypted patient identification information in the at least one patient-identifying attribute remains secret with respect to other data sources;
partially decrypting the received data records using a decryption key complementary to the second encryption key so that the at least one patient-identifying attribute retains only the encryption by the first encryption key specific to the LDF;
using an attribute-matching algorithm to assign an LDF identifier (ID) to the encrypted data records; and
linking the encrypted data records ID by ID, whereby the longitudinally-linked data base is formed.
7 Assignments
0 Petitions
Accused Products
Abstract
Systems and processes for assembling de-identified patient healthcare data records in a longitudinal database are provided. The systems and processes may be implemented over multiple data suppliers and common database facilities while ensuring patient privacy. At the data supplier locations, patient-identifying attributes in the data records are placed in standard format and then doubly encrypted using a pair of encryption keys before transmission to a common database facility. The pair of encryption keys includes a key specific to the data supplier and a key specific to the common database facility. At the common database facility, the encryption specific to the data supplier is removed, so that multi-sourced data records have only the common database encryption. Without direct access to patient identifying-information, the encrypted data records are assigned dummy labels or tags by which the data records can be longitudinally linked in the database. The tags are assigned based on statistical matching of the values of a select set of encrypted data attributes with a reference database of tags and associated encrypted data attribute values.
102 Citations
24 Claims
-
1. A method for assembling a longitudinally-linked database from individual patient healthcare transaction data records, the method comprising:
at a central facility (LDF), receiving data records including at least one patient non-identifying attribute and at least one individually encrypted patient-identifying attribute, the at least one patient-identifying attribute first encrypted using a first encryption key specific to the LDF and further encrypted with a second encryption key unique to a data source so that original unencrypted patient identification information in the at least one patient-identifying attribute remains secret with respect to other data sources; partially decrypting the received data records using a decryption key complementary to the second encryption key so that the at least one patient-identifying attribute retains only the encryption by the first encryption key specific to the LDF; using an attribute-matching algorithm to assign an LDF identifier (ID) to the encrypted data records; and linking the encrypted data records ID by ID, whereby the longitudinally-linked data base is formed. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A system for longitudinally-linking individual patient healthcare transaction data records obtained from multiple data suppliers, the system comprising:
-
at a central facility (LDF), a first component configured to; receive data records including at least one patient non-identifying attribute and at least one individually, doubly encrypted patient-identifying attribute encrypted with a first encryption key specific to an LDF and further encrypted with a second encryption key unique to a data source so that original unencrypted patient identification information in the at least one patient-identifying attribute remains secret with respect to other data sources; partially decrypt the received data records using a decryption key complementary to the second encryption key so that the at least one patient-identifying attribute retains the encryption by the first encryption key specific to the LDF; perform an additional layer of encryption on the data records; and a second component configured to; assign an LDF identifier (ID) to the encrypted data records by matching attributes in the encrypted data records; and link the encrypted data records ID by ID, whereby a longitudinal database is formed. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A longitudinally-linked electronic database assembled from individual patient healthcare transaction data records, the electronic database comprising:
-
multi-sourced data records in which patient identifying attributes are encrypted to preserve patient privacy, wherein each encrypted data record is assigned an identifier based on a statistical match of a select set of data attributes with a reference set of values, wherein the data records are linked by the assigned identifiers wherein, when received, the patient-identifying attributes are doubly encrypted on an individual attribute basis with a first encryption key specific to a central facility (LDF) and a second encryption key specific to a data supplier so that original unencrypted patient identification information in the patient-identifying attributes remains secret with respect to other data suppliers and wherein the electronic database is coupled to a hardware security module comprising an encryption application programmed to partially decrypt the received attributes using a decryption key complementary to the second encryption key so that the attributes retain only the encryption by the first encryption key specific to the LDF. - View Dependent Claims (24)
-
Specification