4 Responses 02/27

Preethi Work:

“The advancement of health information technology has made it possible for healthcare institutions to have a great deal of information about patients” (Sweeney, von Loewenfeldt, & Perry, 2018). Ensuring that only authorized individuals can be able to access this information is however a challenge due to the many different people that can have access to these records. The existence of laws that require healthcare institution to maintain confidentiality when dealing with patient data, however, means that measures need to be put in place by healthcare institutions that will ensure confidentiality is maintained when dealing with patient data. A key way through which this can be achieved is through redaction that anonymizes patient identities.

Legal rules on the confidentiality of health data do not state the type of patient data that may need to be anonymized in case health records are shared with third parties in the healthcare system. Generally, personal information that can be used to identify a patient is the data is most likely targeted by confidentiality laws. The healthcare data that is contained in a database is usually classified into two categories, direct identifiers that can be used to identify an individual and quasi identifies that cannot directly identify a patient but may give an indication of who they are. A key detail that can be redacted from patient data in order to make it anonymous is the name of the patient. The reductions of personal information about a patient can significantly aid in maintaining their anonymity in healthcare records that may be viewed by unauthorized parties. Key details about the patient such as the address date of visit other than the year, the geographical location can be redacted in health records as a way of protecting their identities, but at the same time, critical records about their treatment can be maintained so as to ensure their health records have some utility.

 

An effective strategy that can be used to ensure personal information contained in health records cannot be accessed by third parties is the replacement of existing patient information with random information, while still ensuring that the health records have some utility to users that may need them in a healthcare setting. This ensuring that patient information remains useful after reduction is of key importance in health records management, as useful information that can be used to improve the quality of healthcare will still be available to practitioners while protecting the identity of individual patients. “This means obfuscation of patient data needs to be carried out in ways that maintain as much information as possible that can be useful for practitioners while at the same time ensuring personal details are eliminated from health records” (Kayaalp, 2018).

An effective method that can be used to ensure patient data is protected but useful information is still available is value enumeration. Patient data that is contained in a structured database is analyzed is value enumeration that aids in the identification of crucial information that may be needed by practitioners and personal data that needs to be redacted. As a result, obfuscation is done in the right way that protects patient identities but still ensures that useful information is maintained. It is important for healthcare institutions to take deliberate measures meant to protect patient data, as is required by law. “The redaction of electronic health records is an effective way through which this can be achieved” (Hassan, Sánchez, Soria-Comas & Domingo-Ferrer, 2019, August). Using this method, all personal details relating to a patient ate redacted from existing records, but clinical information may be retained for use by other practitioners.

 

 

References

Hassan, F., Sánchez, D., Soria-Comas, J., & Domingo-Ferrer, J. (2019, August). Automatic Anonymization of Textual Documents: Detecting Sensitive Information via Word Embeddings. In 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 358-365). IEEE.

Kayaalp, M. (2018). Patient privacy in the era of big data. Balkan medical journal, 35(1), 8.

Sweeney, L., von Loewenfeldt, M., & Perry, M. (2018). Saying it’s Anonymous Doesn't Make It So: Re-identifications of “anonymized” law school data. Technology Science.

Sravani Work:

Data Redaction

Data protection at different levels is important. Depending on the type of data redaction levels needs to be increased. Data redaction is a data masking technique that enables you to mask data by removing or substituting all or part of the field value. This helps protect sensitive personally identifying data (Bernstein, 2021). Some of the well-known redaction techniques are full, partial, & lookup which involves replacing actual data with constant values, replacing actual data with dummy or alias values, replacing actual data with crosswalk values etc. Data redaction works out most of the time with great efficiency but need to be careful when using because it is not easily reversible i.e. reverse lookup is not simple. Some of use cases of data redaction are masking date of birth, social security number, credit card number, diagnoses codes in health care records etc.

How much redaction is necessary to anonymize an electronic health record?

Level of redaction is also important when implementing data redaction techniques. Electronic health record (EHR) is a significant data record which needs to be redacted to maximum possible level because it is considered as a fingerprint for any individual. It is important to redact name, address, social security number, diagnoses details etc. Electronic medical records (EMR) have largely replaced hand-written patient files in healthcare. The growing pool of EMR data presents a significant resource in medical research, but the U.S. Health Insurance Portability and Accountability Act (HIPAA) mandates redacting medical records before performing any analysis on the same. This process complicates obtaining medical data and can remove much useful information from the record (Polsley et al., 2017). Principle along with a significant rise in HIPAA enforcement, practices must remain sensitive of how they handle the data that’s released to third parties. Redaction of personal information from records is one important way practice administrators can improve security, though it’s not the only way. Automating the removal of PHI by integrating redaction solutions with existing practice technology such as electronic health records searching and removing any protected information becomes electronic, eliminating a manual, repetitive process. Removing risks associated with the release of PHI is possible with automated solutions that can remove data fields like patient name, dates of service, medication lists and other general information in the health record. But even though solutions exist to automate the redaction of protected PHI, most organizations process records manually even as they migrate to electronic systems in other areas (Rasmussen, 2014). Data redaction will help EHR in multiple ways like creating audit workflows, making patient lab records available to providers with ease, reducing wait time in accessing reports, structuring lab results to support meaningful use, better management of incoming paper-based labs, etc.

References

Bernstein, D. (2021, January 02). Data Redaction: What It Is and When to Use It. Retrieved February 25, 2021, from https://www.privitar.com/blog/data-redaction-what-it-is-and-when-to-use-it/

Polsley, S., Tahir, A., Raju, M., Akinleye, A., & Steward, D. (2017). Role-Preserving Redaction of Medical Records to Enable Ontology-Driven Processing. BioNLP 2017. doi:10.18653/v1/w17-2324

Rasmussen, D. (2014, May 9). Electronic Health Reporter. Retrieved February 25, 2021, from https://electronichealthreporter.com/keeping-an-eye-on-redaction-and-data-automation-why-its-important-to-small-practices/

What is Least Privilege Access? PoLP Explained. (n.d.). Retrieved February 11, 2021, from https://www.cyberark.com/what-is/least-privilege/