System and method for the protection and de-identification of health care data

US 9,355,273 B2
Filed: 11/27/2007
Issued: 05/31/2016
Est. Priority Date: 12/18/2006
Status: Active Grant

First Claim

Patent Images

1. A system for protecting and de-identifying healthcare data, the system comprising:

one or more computers;

a first set of non-transitory storage devices storing instructions that are operable, when executed by one or more computers, and causes the one or more computers to perform the steps of;

retrieving healthcare data and personally identifiable information of a person;

storing in a second set of non-transitory storage devices, the retrieved healthcare data and personally identifiable information for the person;

identifying a portion of the stored personally identifiable information from the storage device;

extracting the identified portion of the personally identifiable information from the storage device;

encrypting the extracted portion of the personally identifiable information;

inputting, into a keyed hash function, the encrypted portion of the personally identifiable information;

generating, by the keyed hash function, a first output;

inputting the generated first output to a second hash function;

generating, by the second hash function, a second output;

generating an anonymous linking code using the second output;

storing the anonymous linking code in association with the healthcare data for the person.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for protecting and de-identifying healthcare data includes a storage device for storing the healthcare data and personally identifiable information for a person and a processor in communication with the database. The processor generates an anonymous linking code using a keyed hash function and a second hash function. The anonymous linking code is based at least in part on a portion of the personally identifiable information. The processor further appends the anonymous linking code to the healthcare data for the person.

Citations

14 Claims

1. A system for protecting and de-identifying healthcare data, the system comprising:
- one or more computers;
  
  a first set of non-transitory storage devices storing instructions that are operable, when executed by one or more computers, and causes the one or more computers to perform the steps of;
  
  retrieving healthcare data and personally identifiable information of a person;
  
  storing in a second set of non-transitory storage devices, the retrieved healthcare data and personally identifiable information for the person;
  
  identifying a portion of the stored personally identifiable information from the storage device;
  
  extracting the identified portion of the personally identifiable information from the storage device;
  
  encrypting the extracted portion of the personally identifiable information;
  
  inputting, into a keyed hash function, the encrypted portion of the personally identifiable information;
  
  generating, by the keyed hash function, a first output;
  
  inputting the generated first output to a second hash function;
  
  generating, by the second hash function, a second output;
  
  generating an anonymous linking code using the second output;
  
  storing the anonymous linking code in association with the healthcare data for the person.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the portion of the personally identifying information comprises a predetermined set of one or more personal identifiers, and wherein there is a functional relationship between the generated anonymous linking code and the one or more personal identifiers included in the predetermined set.
  - 3. The system of claim 1, further comprising:
    - a second storage device that receives and store the healthcare data with the appended anonymous linking code; and
      
      a second processor in communication with the second database storage device.
  - 4. The system of claim 3, wherein the second processor uses the appended anonymous linking code of the received healthcare data to link the received healthcare data with stored healthcare data with a corresponding appended anonymous linking code.
  - 5. The system of claim 3, wherein the healthcare data with the appended anonymous linking code is received from a secure data pathway.
  - 6. The system of claim 3, wherein the second processor outputs a report based on the stored healthcare data.
  - 7. The system of claim 1, wherein the keyed hash function is a keyed SHA-256 hash function.
  - 8. The system of claim 1, wherein the second hash function is a SHA-256 hash function.

9. A computer-implemented method for protecting and de-identifying healthcare data containing personally identifiable information, the method comprising:
- retrieving, by one or more computers, healthcare data and personally identifiable information of a person;
  
  storing, by the one or more computers, in a storage device, the retrieved healthcare data and personally identifiable information for the person;
  
  identifying, by the one or more computers, a portion of the stored personally identifiable information from the storage device;
  
  extracting, by the one or more computer processor, the identified a portion of the personally identifiable information from the storage device;
  
  encrypting, by the one or more computer processor, the extracted portion of the personally identifiable information;
  
  inputting, into a keyed hash function, the encrypted portion of the personally identifiable information;
  
  generating, by the keyed hash function, a first output;
  
  inputting, by the one or more computer processors, the generated first output to a second hash function;
  
  generating, by the second hash function, a second output;
  
  generating, an anonymous linking code using the second output;
  
  storing the anonymous linking code in association with the healthcare data for the person.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising the step of transmitting the healthcare data with the appended anonymous linking code to a data warehouse.
  - 11. The method of claim 10, wherein the portion of the personally identifying information comprises a predetermined set of one or more personal identifiers, and wherein there is a functional relationship between the generated anonymous linking code and the one or more personal identifiers included in the predetermined set.
  - 12. The method of claim 9, further comprising the step of linking a first healthcare data file with a second healthcare data file by their respective appended anonymous linking codes,wherein the first and second data files are for a particular person, andwherein the first and second data files are from different sources or are created at different times.
  - 13. The method of claim 9, wherein the keyed hash function is a keyed SHA-256 hash function.
  - 14. The method of claim 9, wherein the second hash function is a SHA-256 hash function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Original Assignee
Bank Of America NA (Bank of America Corp.)
Inventors
Stevens, Steven E., Kress, Andrew E., Dublin, Adam
Primary Examiner(s)
Ravetti, Dante

Application Number

US11/945,795
Publication Number

US 20080147554A1
Time in Patent Office

3,108 Days
Field of Search

705/50
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2107   File encryption

G16H 10/60   for patient-specific data, ...

H04L 63/0428   wherein the data content is...

System and method for the protection and de-identification of health care data

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for the protection and de-identification of health care data

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links