Chapter Overview
This chapter explores issues in managing privacy and security of healthcare information used to mine data by reviewing their fundamentals, components and principles as well as relevant laws and regulations. It also presents a literature review on technical issues in privacy assurance and a case study illustrating some potential pitfalls in data mining of individually identifiable information. The chapter closes with recommendations for privacy and security good practices for medical data miners.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Keywords
References
Adam, N.R., Wortmann, J.C. (1989). “Security-control Methods for Statistical Databases: A Comparative Study,” ACM Computing Surveys (CSUR) 21(4) 515–556.
Alberts C., Doroffe A. (2003). Managing Information Security Risks: The OCTAVEsm pproach. Boston, MA, Addison-Wesley.
Behlen, F.M., Johnson, S.B. (1999). “Multicenter Patient Records Research: Security Policies and Tools,” J Am Med Inform Assoc. 6(6) 435–43.
Berman, J.J. (2002). “Confidentiality Issues for Medical Data Miners,” Artif Intell Med. 26(1–2):25–36.
California HealthCare Foundation (1999). Medical Privacy and Confidentiality Survey Summary and Overview, http://www.chcf.org/documents/ihealth/survey.pdf.
Cios, K.J., Moore, G.W. (2002). “Uniqueness of Medical Data Mining,” Artif Intell Med. 26(1–2), 1–24.
Claerhout, B., De Moor, G.J., De Meyer, F. (2003). “Secure Communication and Management of Clinical and Genomic Data: The Use of Pseudonymisation as Privacy Enhancing Technique,” Stud Health Technol Inform. 95:170–5.
Crews, Jr., C.W., November 26, 2002). “The Pentagon’s Total Information Awareness Project: Americans Under the Microscope?”, Techknowledge, Issue #45, originally in National Review Online, November 25, 2002.
Defense Advanced Research Project Agency (July 19, 2002). “Total Information Awareness Program (TIA) System Description Document (SDD),” Version 1.1.
Defense Advanced Research Project Agency (May 20, 2003). Information Awareness Office, “Report to Congress regarding the Terrorist Information Awareness Program: In response to Consolidated Appropriations Resolution, Pub.L. No. 108-7, Division M, § 111(b)”, Detailed Information.
Department of Defense (December 12, 2003). Office of the Inspector General, Information Technology Management, “Terrorist Information Awareness Program” (D-2004-033).
Department of Health and Human Services (August 10, 2004). Office for Human Research Protections Guidance on Research Involving Coded Private Information or Biological Specimens, http://www.hhs.gov/ohrp/humansubjects/guidance/cdebiol.pdf.
Department of Health and Human Services (July 13, 2004). Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule, (NIH Publication Number 03-5388), http://privacyruleandresearch.nih.gov/pr_02.asp.
Department of Health and Human Services (2002). Final Privacy Standard, Title 45 CFR Parts 160 and 164, http://www.hhs.gov/ocr/hipaa/privrulepd.
Department of Health and Human Services (2003). Final Security Standard, Title 45 CFR Parts 160, 162, and 164, www.cms.hhs.gov/hipaa/hipaa2/regulations/security/03-3877.pdf.
Department of Health and Human Services (2001). Human Subjects Regulations Common Rule Title 45 part 46, http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm.
Department of Health and Human Services (2001). Office for Human Research Protections, Code of Federal Regulations, Title 45, Part 46, Subpart A, 46.101 (b) (4); http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htmtfsubparta.
Department of Health and Human Services (2004). Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule, (NIH Publication Number 03-5388), http://privacyruleandresearch.nih.gov/pr_02.asp.
Department of Health and Human Services (August 14, 2002). Office of the Secretary. 45 CFR Part 160, 162, and 164, Standards for Privacy of Individually Identifiable Health Information: Final Rule, Federal Register, Vol. 67, No. 157, 53181–53273.
Department of Health and Human Services (February 20, 2003). Office of the Secretary. 45 CFR Part 160, 162, and 164, Security Standards: Final Rule. Federal Register, Vol. 68, No. 34, 8333–8381.
Dicker, K.M. (2003). “The Evolution of Data Mining and Related Security Correlation Technology,” SANS Institute, http://www.giac.org/practical/GSEC/Keith_Dickter_GSEC.pdf.
Federal Office of Management and Budget (1994). Statistical Policy Working Paper 22, Report on Statistical Disclosure Limitation Methodology, http://www.fcsm.gov/working-papers/wp22.html.
Ferris, T.A., Garrison, G.M., Lowe, H.J. (2002). “A Proposed Key Escrow System for Secure Patient Information Disclosure in Biomedical Research Databases,” in Proc AMIA Symp. 245–9.
Food and Drug Administration (2002). Protection of Human Subjects Regulations Title 21 CFR parts 50 and 56, http://vm.cfsan.fda.gov/~lrd/cfr50.html.
Friedman, B., Kahn, JR., P.H. and Borning, A., et al. (Draft of June 2003). Value Sensitive Design: Theory and Methods, http://www.ischool.washington.edu/vsd/vsd-theory-methods-draft-june2003.pdf
Galandiuk, S. (2004). Legislative Threat to Clinical Science: The Obfuscation and De-identification of Protected Health Information,” Br J Surg. 91(3) 259–61
Goldman, J. and Hudson, Z. (2000). “Perspective Virtually Exposed: Privacy and E-Health,” Health Affairs, 19(6), 140–8.
Goodwin, L.K. and Prather, J.C. (2002). “Protecting Patient Privacy in Clinical Data Mining,” J Healthc Inf Manag, 16(4):62–7.
Health Privacy Project (2003). Medical Privacy Stories, http://www.healthprivacy.org/usr_doc/Privacy_storiesupd.pdf
International Information Security Foundation (1997). Generally-Accepted System Security Principles, http://web.mit.edu/security/www/GASSP/gasspO21.html
Islan, M.Z., and Brankovic, L., A. (2004). “Framework for Privacy Preserving Classification in Data Mining, School of Electrical Engineering and Computer Science,” Australasian omputer Science Week.
Levin, E.G., Arango, J., Steimle, A.E., Lee, P.C., Fireman, B. (2001). “Innovative Approach to Guidelines Implementation Is Associated with Declining Cardiovascular Mortality in a Population of Three Million [abstract],” in American Heart Association’s Scientific Sessions, Anaheim, California.
Lin, Z., Hewett, M., Altaian, R.B. (2002). “Using Binning to Maintain Confidentiality of Medical Data,” in Proc AMIA Symp. 454–8.
Lin, Z., Owen, A.B., Altman, R.B. (2004). “Genetics. Genomic Research and Human Subject Privacy,” Science, 9:305(5681):183.
Lowrance, W. (2002). “Learning from Experience: Privacy and the Secondary Use of Data in Health Research,” The Nuffield Trust; www.nuffield trust.org.uk
Malin B., Sweeney L. (2001). “Re-identification of DNA through an Automated Linkage Process,” in Proc AMIA Symp. 423–7.
Malin, B., Sweeny, L., and Newton, E. (2003). “Trail Re-identification: Learning Who You Are from Where You Have Been,” Carnegie Mellon University, School of Computer Science Data Privacy Laboratory, Technical Report, LIDAP-WP12 (Pittsburgh).
Meany, M.E. (2001). “Data Mining, Dataveillance, and Medical Information Privacy,” in Privacy in Health Care. J, Humber, ed., Humana Press, pp. 145–164.
Melton, L.J. (1997). “The Threat to Medical-Records Research,” N Engl J Med., 13;337(20) 1466–70.
Moore, G.W., Brown, L.A., Miller, R.E. (2001). “Gödelization of a Pathology Database: Re-Identification by Inference,” Johns Hopkins Autopsy Resource, http://www.netautopsy.org
Moore, G.W., Brown, L.A., Miller, R.E. (2000). “Set Theory Definition and Algorithm for Medical De-identification,” Johns Hopkins Autopsy Resource, http://www.netautopsy.org
Murphy, S.N., Chueh, H.C. (2002). “A Security Architecture for Query Tools Used to Access Large Biomedical Databases,” in Proc AMIA Symp. 552–6.
National Committee for Quality Assurance (2002). Annual Report.
National Institute of Health (2004). HIPAA Privacy Rule, Frequently Asked Questions # 17; http://privacyruleandresearch.nih.gov/faq.asp#17
National Institute of Health (2004). HIPAA Privacy Rule, Clinical Research and the HIPAA Privacy Rule, http://privacyruleandresearch.nih.gov/clin_research.asp
Newton, E., Sweeney, L. and Malin, B. (2003). Preserving Privacy by De-identifying Facial Images, Carnegie Mellon University, School of Computer Science, Technical Report, CMU-CS-03-119 (Pittsburgh).
Oliveira, S.R.M., Zaïane, O.R. (2003). “Protecting Sensitive Knowledge by Data Sanitization,” in Proceedings of the Third IEEE International Conference on Data Mining, Melbourne, Florida, USA, 613–616.
Pheatt, N., Brindis, R., Levin, E. (2003). “Putting Heart Disease Guidelines into Practice: Kaiser Permanente Leads the Way,” The Permanente Journal, 7(1) 18–23, http://xnet.kp.org/permanentejournal/winter03/guides.html
Quantin, C., Bouzelat, H., Allaert, F.A., Benhamiche, A.M., Faivre, J., Dusserre, L. (1998). “Automatic Record Hash Coding and Linkage for Epidemiological Follow-up Data Confidentiality,” Methods Inf Med, 37(3) 271–7.
Ruch, P., Baud, R. H., Rassinoux A., Bouillon, P., Robert, G. (2000). “Medical Document Anonymization with a Semantic Lexicon,” in Proc AMIA Symp 729–733.
Safire, W. (November 14, 2002). “You are a Suspect,” New York Times.
Saul, M. (2004). “De-Identification Tool for Patient Records Used in Clinical Research,” Health Services Library System, 9(3). http://www.hsls.pitt.edu/about/news/hslsupdate/2004/june/iim_de_id/
Simons, B. Spafford, E.H. (2003). Co-chairs, US ACM Policy Committee, Association for Computing Machinery, Letter to Honorable John Warner, Chairman, Senate Committee on Armed Forces.
Stanley, J., Steinhardt, B., (January 2003). Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, American Civil Liberties Union, Technology and Liberty Program.
Sweeney, L. (1997). “Weaving Technology and Policy Together to Maintain Confidentiality,” J Law Med Ethics, 25(2–3):98–110, 82.
Sweeney, L. (1997). “Guaranteeing Anonymity When Sharing Medical Data, The Datafly System,” in Proc AMIA Symp 51–55.
Sweeney, L. (2002). “K-anonymity: A Model for Protecting Privacy,” International Journal on Uncertainty, Fuzziness, and Knowledge-based Systems, 10(7) 557–570.
Sweeney, L. (2003). “Navigating Computer Science Research through Waves of Privacy Concerns: Discussions among Computer Scientists at Carnegie Mellon University,” ACM Computers and Society, 34(1): 1–18.
Sweeney, L. (1996). “Replacing Personally-Identifying Information in Medical Records, The Scrub System,” in Proc. AMIA, 333–337.
Taipale, K.A. (2003). “Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data,” The Columbia Science and Technology Law Review, Vol. V, 5–83, http://www.stlr.org/cite.cgi?volume=5&article=2
Taylor, S., (December 2002). “Big Brother and Another Overblown Privacy Scare,” Atlantic Online
Thomas, S.M., Mamlin, B., Schadow, G., McDonald, C. (2002). “A Successful Technique for Removing Names in Pathology Reports Using an Augmented Search and Replace Method,” in Proc AMIA Symp. 777–81.
Tzelepi, S., Pangalos, G. and Nikolacopoulou, G. (2002). “Security of Medical Multimedia,” Med. Inform, 27(3):169–184.
UCLA DataServer — An open source xml data gateway, UCLA medical imaging informatics, http://www.mii.ucla.edu/dataserver/docs/features/deidentification.html
Verykios, V.S., et al. (2004). “State-of-the-art in Privacy Preserving Data Mining,” SIGMOD Record, 33(1):1–8.
Washington Post (November 16, 2002). “Total Information Awareness,” Saturday.
Wiederhold, G., Bilello, M. (1998). “Protecting Inappropriate Release of Data from Realistic Databases,” in DEXA ’98 Workshop on Security and Integrity of Data Intensive Applications, http://www-db.stanford.edu/pub/gio/TIHI/DEXAgio.html
Wiederhold, G., Bilello, M., Sarathy, V., Qian, X. (1996). “A Security Mediator for Health Care Information,” in Proc AMIA Symp. 120–4.
Wiederhold, G. (2002). “Future of Security and Privacy in Medical Information,” Stud Health Technol Inform, 80:213–29.
Wylie J.E., and Mineau, G.P. (2003). “Biomedical Databases: Protecting Privacy and Promoting Research,” Trends Biotechnol, 21(3):113–6.
Suggested Readings
Department of Defense, Office of the Inspector General, Information Technology Management, “Terrorist Information Awareness Program (D-2004-033), December 12, 2003.
Department of Health and Human Services, Protecting Personal Health Information in Research: Understanding the HIPAA Privacy Rule, (NIH Publication Number 03-5388).
Berman, J.J., “Confidentiality Issues for Medical Data Miners.” Artif Intell Med., 26(1–2):25–36 (2002).
Sweeney, L., “Navigating Computer Science Research Through Waves of Privacy Concerns: Discussions among Computer Scientists at Carnegie Mellon University.” A CM Computers and Society. 34(1) (2003).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer Science+Business Media, Inc.
About this chapter
Cite this chapter
Cooper, T., Collman, J. (2005). Managing Information Security and Privacy in Healthcare Data Mining. In: Chen, H., Fuller, S.S., Friedman, C., Hersh, W. (eds) Medical Informatics. Integrated Series in Information Systems, vol 8. Springer, Boston, MA. https://doi.org/10.1007/0-387-25739-X_4
Download citation
DOI: https://doi.org/10.1007/0-387-25739-X_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-24381-8
Online ISBN: 978-0-387-25739-6
eBook Packages: MedicineMedicine (R0)