Protecting patient privacy the new fashioned way

Sep 25, 2008

Protecting patient privacy has been recognized as the duty of health-care providers for about as long as doctors have seen patients. In 1996 that duty became a legal obligation when Congress passed the Health Insurance Portability and Accountability Act.

HIPAA regulations safeguard patient's personal health information but can also complicate the process of safeguarding public health. Information aggregated from the medical records of vast numbers of individuals is needed to develop new drug therapies and novel medical treatments, to stop epidemics or prevent other life threatening events.

In a study published in the September-October issue of the Journal of the American Medical Informatics Association, Jeff Friedlin, D.O., of the Regenstrief Institute, Inc. and the Indiana University School of Medicine, discusses a new computer program that may resolve the complex issue of privacy vs. public good. Dr. Friedlin writes about the Medical De-identification System (MeDS), a highly accurate and speedy computer software program he has developed and successfully tested for de-identifying patient information while retaining the essential data key to medical research.

"Medical researchers need data from really large numbers of actual patients, but must protect their privacy. The more data we can access, the better our studies will be. This is not the first software program to remove or "scrub" patient identifiers from medical records, but compared to programs that have been evaluated and described in peer reviewed studies, it is both broader and more accurate," said Dr. Friedlin, who is a research scientist at Regenstrief and an assistant professor of family medicine at the IU School of Medicine.

MeDS can eliminate identifying data from history and physicals, discharge notes, and laboratory, pathology and radiology reports. The current generation of de-identifying software concentrates on removing patient identifiers from pathology reports.

The new software program replaces the deleted identifying data with a symbol so the researcher knows something was taken out. To further insure confidentiality, MeDS does not indicate the nature of what was removed. "This software does something that a human could easily do but in a fraction of the time and expense. A human could 'white out' personal identifying information in 10 hefty medical records in about 6 hours. MeDS can do the same thing in under two minutes," said Dr. Friedlin.

MeDS is the first system described in peer-reviewed literature which attempts to detect and eliminate misspelled names. In addition to deleting the patient's name, Smith, for example, MeDS also is able to find and delete misspellings like Ssmith or Smithh or Smmith or even mith. While acknowledging that this sometimes leads to eliminating information that does not identify the patient ("red" being eliminated from the record of a patient whose name is "Reed"), Dr. Friedlin says he would rather accept some degree of what he calls over-scrubbing than risk release of personal data by setting the bar too low.

No system is infallible. What information might MeDS neglect to protect? Not much, according to Dr. Friedlin, although something similar to "the patient is a former president of the United States with Alzheimer disease" would not be caught.

MeDS has been tested on data from the Regenstrief Medical Record System, a large (more than 660 million distinct observations) repository of 35 years of patient data and on data from other institutions.

Regenstrief Institute medical informatics research scientists comprise one of the largest medical informatics physician brain trusts in the United States.

Source: Indiana University

Explore further: Cardinal Health paying $26.8 million in FTC settlement

Related Stories

Hackers keep trying new targets in search of easy data

Apr 14, 2015

The health care sector has become the hot target for hackers in recent months, according to researchers at Symantec, a leading cybersecurity company that says it's also seeing big increases in "spear-phishing," ...

Device extracts rare tumor cells using sound

Apr 06, 2015

A simple blood test may one day replace invasive biopsies thanks to a new device that uses sound waves to separate blood-borne cancer cells from white blood cells.

Recommended for you

Cardinal Health paying $26.8 million in FTC settlement

14 hours ago

Cardinal Health will pay $26.8 million as part of a settlement with the Federal Trade Commission over charges it monopolized the sale in 25 markets of diagnostic drugs known as low-energy radiopharmaceuticals.

Selecting the right tool for the job

Apr 14, 2015

Randomized clinical trials of new drugs have long been considered the "gold standard" in determining safety and efficacy before drugs, biologics, vaccines or devices are introduced to the general public. However, in the case ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.