Yi-hui Xu,Tian-shu Zhou,Yu Tian,Jing-song Li

DOI: https://doi.org/10.1109/ICSPCC.2015.7338760

2015-01-01

Abstract:Anonymization of the medical document provides effective protection of patient privacy so as to promote the development of anonymization of electronic medical records in China. However, traditional methods which identify patient privacy manually are not only inefficient with frequent errors and omissions but also labor-consuming. To solve this problem, this paper introduces an algorithm which has achieved batch anonymizing Chinese medical document upon EMR system through fragmenting natural sentences and words of medical document and fully exploiting the correlation between the names and the context. With this approach, the name detection rate has reached 96.82%, higher than manual average PHI detection rate of 81% done by clinical staff and has meanwhile reached an accuracy of 90.57%. It has reduced the impact of anonymization on the clinical and medical value of medical document to the maximum degree while still protecting patient privacy.

Yi-Yuang Wu,Zhi-Xun Shen,Wen-Yang Lin

DOI: https://doi.org/10.48550/arXiv.2211.10648

2022-11-19

Abstract:Spontaneous reporting systems (SRS) have been developed to collect adverse event records that contain personal demographics and sensitive information like drug indications and adverse reactions. The release of SRS data may disclose the privacy of the data provider. Unlike other microdata, very few anonymyization methods have been proposed to protect individual privacy while publishing SRS data. MS(k, {\theta}*)-bounding is the first privacy model for SRS data that considers multiple individual records, mutli-valued sensitive attributes, and rare events. PPMS(k, {\theta}*)-bounding then is proposed for solving cross-release attacks caused by the follow-up cases in the periodical SRS releasing scenario. A recent trend of microdata anonymization combines the traditional syntactic model and differential privacy, fusing the advantages of both models to yield a better privacy protection method. This paper proposes the PPMS-DP(k, {\theta}*, {\epsilon}) framework, an enhancement of PPMS(k, {\theta}*)-bounding that embraces differential privacy to improve privacy protection of periodically released SRS data. We propose two anonymization algorithms conforming to the PPMS-DP(k, {\theta}*, {\epsilon}) framework, PPMS-DPnum and PPMS-DPall. Experimental results on the FAERS datasets show that both PPMS-DPnum and PPMS-DPall provide significantly better privacy protection than PPMS-(k, {\theta}*)-bounding without sacrificing data distortion and data utility.

Cryptography and Security

Mingyue Shi,Rong Jiang,Wei Zhou,Sen Liu,Savio Sciancalepore

DOI: https://doi.org/10.1155/2020/5610839

IF: 1.968

2020-09-29

Security and Communication Networks

Abstract:Information leakage in the medical industry has become an urgent problem to be solved in the field of Internet security. However, due to the need for automated or semiautomated authorization management for privacy protection in the big data environment, the traditional privacy protection model cannot adapt to this complex open environment. Although some scholars have studied the risk assessment model of privacy disclosure in the medical big data environment, it is still in the initial stage of exploration. This paper analyzes the key indicators that affect medical big data security and privacy leakage, including user access behavior and trust, from the perspective of users through literature review and expert consultation. Also, based on the user’s historical access information and interaction records, the user’s access behavior and trust are quantified with the help of information entropy and probability, and a definition expression is given explicitly. Finally, the entire experimental process and specific operations are introduced in three aspects: the experimental environment, the experimental data, and the experimental process, and then, the predicted results of the model are compared with the actual output through the 10-fold cross verification with Matlab. The results prove that the model in this paper is feasible. In addition, the method in this paper is compared with the current more classical medical big data risk assessment model, and the results show that when the proportion of illegal users is less than 15%, the model in this paper is more superior in terms of accuracy and recall.

computer science, information systems,telecommunications

M. J. Edmondson,C. Luo,R. Duan,M. Maltenfort,Z. Chen,J. Shults,J. Bian,P. Ryan,C. Forrest,Y. Chen

DOI: https://doi.org/10.1101/2020.12.17.20248194

2020-01-01

MedRxiv

Abstract:Background Multi-site studies facilitate the study of rare outcomes or exposures through integrating patient information from several distinct care sites. Due to patient privacy concerns, sharing of patient-level information among collaborating sites is often prohibited, suggesting a need for privacy-preserving data analysis methods. Several such methods exist, but have been shown to sometimes result in biased estimation or require extensive communication among sites. Objective We present a communication-efficient, privacy-preserving method for performing distributed regression on Electronic Health Records (EHR) data across multiple sites for zero-inflated count outcomes. Our approach is motivated by two real-world data problems: examining risk factors associated with pediatric avoidable hospitalization and modeling frequency of serious adverse events in colorectal cancer patients. Methods We use hurdle regression, a two-part (logistic-Poisson) regression model, to characterize the effects of risk factors on zero-inflated count outcomes. We develop a one-shot algorithm for performing hurdle regression (ODAH) across multiple sites, using individual patient data at one site and aggregated data from all other sites to approximate the complete data log likelihood. We evaluate ODAH through extensive simulations and an application to EHR data from the Children's Hospital of Philadelphia (CHOP) and the OneFlorida Clinical Research Consortium. We compare ODAH estimates to those from meta-analysis and pooled analysis (all patient data pooled together, the gold standard). Results In simulations, ODAH estimates exhibited bias relative to the gold standard of less than 0.1% across several settings. In contrast, meta-analysis estimated exhibited relative bias up to 12.7%, largely dependent on event rate. When applying ODAH to CHOP data, relative biases for estimates in both components of the hurdle model were less than 5.1%, while meta-analysis estimates exhibited relative bias as high as 63.6%. When analyzing OneFlorida data, ODAH relative biases were less than 10% for eight of the ten estimated coefficients, while meta-analysis estimates again showed substantially greater bias. Conclusions Our simulations and real-world applications suggest ODAH is a promising method for performing privacy-preserving distributed learning on EHR data when modeling zero-inflated count outcomes.

Zheming Zuo,Matthew Watson,David Budgen,Robert Hall,Chris Kennelly,Noura Al Moubayed

DOI: https://doi.org/10.2196/preprints.29871

2021-04-23

Abstract:BACKGROUND Data science offers an unparalleled opportunity to identify new insights into many aspects of human life with recent advances in health care. Using data science in digital health raises significant challenges regarding data privacy, transparency, and trustworthiness. Recent regulations enforce the need for a clear legal basis for collecting, processing, and sharing data, for example, the European Union’s General Data Protection Regulation (2016) and the United Kingdom’s Data Protection Act (2018). For health care providers, legal use of the electronic health record (EHR) is permitted only in clinical care cases. Any other use of the data requires thoughtful considerations of the legal context and direct patient consent. Identifiable personal and sensitive information must be sufficiently anonymized. Raw data are commonly anonymized to be used for research purposes, with risk assessment for reidentification and utility. Although health care organizations have internal policies defined for information governance, there is a significant lack of practical tools and intuitive guidance about the use of data for research and modeling. Off-the-shelf data anonymization tools are developed frequently, but privacy-related functionalities are often incomparable with regard to use in different problem domains. In addition, tools to support measuring the risk of the anonymized data with regard to reidentification against the usefulness of the data exist, but there are question marks over their efficacy. OBJECTIVE In this systematic literature mapping study, we aim to alleviate the aforementioned issues by reviewing the landscape of data anonymization for digital health care. METHODS We used Google Scholar, Web of Science, Elsevier Scopus, and PubMed to retrieve academic studies published in English up to June 2020. Noteworthy gray literature was also used to initialize the search. We focused on review questions covering 5 bottom-up aspects: basic anonymization operations, privacy models, reidentification risk and usability metrics, off-the-shelf anonymization tools, and the lawful basis for EHR data anonymization. RESULTS We identified 239 eligible studies, of which 60 were chosen for general background information; 16 were selected for 7 basic anonymization operations; 104 covered 72 conventional and machine learning–based privacy models; four and 19 papers included seven and 15 metrics, respectively, for measuring the reidentification risk and degree of usability; and 36 explored 20 data anonymization software tools. In addition, we also evaluated the practical feasibility of performing anonymization on EHR data with reference to their usability in medical decision-making. Furthermore, we summarized the lawful basis for delivering guidance on practical EHR data anonymization. CONCLUSIONS This systematic literature mapping study indicates that anonymization of EHR data is theoretically achievable; yet, it requires more research efforts in practical implementations to balance privacy preservation and usability to ensure more reliable health care applications.

Bangyao Zhao,Lili Zhao

DOI: https://doi.org/10.48550/arXiv.2010.12471

2020-10-23

Abstract:Vaccine safety is a concerning problem of the public, and many signal detecting methods have been developed to identify relative risks between vaccines and adverse events (AEs). Those methods usually focus on individual AEs, where the randomness of data is high. The results often turn out to be inaccurate and lack of clinical meaning. The AE ontology contains information about biological similarity of AEs. Based on this, we extend the concept of relative risks (RRs) to AE group level, which allows the possibility of more accurate and meaningful estimation by utilizing data from the whole group. In this paper, we propose the method <a class="link-external link-http" href="http://zGPS.AO" rel="external noopener nofollow">this http URL</a> (Zero Inflated Gamma Poisson Shrinker with AE ontology) based on the zero inflated negative binomial distribution. This model has two purples: a regression model estimating group level RRs, and a empirical bayes framework to evaluate AE level RRs. The regression part can handle both excess zeros and over dispersion in the data, and the empirical method borrows information from both group level and AE level to reduce data noise and stabilize the AE level result. We have demonstrate the unbiaseness and low variance features of our model with simulated data, and obtained meaningful results coherent with previous studies on the VAERS (Vaccine Adverse Event Reporting System) database. The proposed methods are implemented in the R package <a class="link-external link-http" href="http://zGPS.AO" rel="external noopener nofollow">this http URL</a>, which can be installed from the Comprehensive R Archive Network, CRAN. The results on VAERS data are visualized using the interactive web app Rshiny.

Applications

Zheming Zuo,Matthew Watson,David Budgen,Robert Hall,Chris Kennelly,Noura Al Moubayed

DOI: https://doi.org/10.2196/29871

IF: 3.2

2021-10-15

JMIR Medical Informatics

Abstract:Background Data science offers an unparalleled opportunity to identify new insights into many aspects of human life with recent advances in health care. Using data science in digital health raises significant challenges regarding data privacy, transparency, and trustworthiness. Recent regulations enforce the need for a clear legal basis for collecting, processing, and sharing data, for example, the European Union’s General Data Protection Regulation (2016) and the United Kingdom’s Data Protection Act (2018). For health care providers, legal use of the electronic health record (EHR) is permitted only in clinical care cases. Any other use of the data requires thoughtful considerations of the legal context and direct patient consent. Identifiable personal and sensitive information must be sufficiently anonymized. Raw data are commonly anonymized to be used for research purposes, with risk assessment for reidentification and utility. Although health care organizations have internal policies defined for information governance, there is a significant lack of practical tools and intuitive guidance about the use of data for research and modeling. Off-the-shelf data anonymization tools are developed frequently, but privacy-related functionalities are often incomparable with regard to use in different problem domains. In addition, tools to support measuring the risk of the anonymized data with regard to reidentification against the usefulness of the data exist, but there are question marks over their efficacy. Objective In this systematic literature mapping study, we aim to alleviate the aforementioned issues by reviewing the landscape of data anonymization for digital health care. Methods We used Google Scholar, Web of Science, Elsevier Scopus, and PubMed to retrieve academic studies published in English up to June 2020. Noteworthy gray literature was also used to initialize the search. We focused on review questions covering 5 bottom-up aspects: basic anonymization operations, privacy models, reidentification risk and usability metrics, off-the-shelf anonymization tools, and the lawful basis for EHR data anonymization. Results We identified 239 eligible studies, of which 60 were chosen for general background information; 16 were selected for 7 basic anonymization operations; 104 covered 72 conventional and machine learning–based privacy models; four and 19 papers included seven and 15 metrics, respectively, for measuring the reidentification risk and degree of usability; and 36 explored 20 data anonymization software tools. In addition, we also evaluated the practical feasibility of performing anonymization on EHR data with reference to their usability in medical decision-making. Furthermore, we summarized the lawful basis for delivering guidance on practical EHR data anonymization. Conclusions This systematic literature mapping study indicates that anonymization of EHR data is theoretically achievable; yet, it requires more research efforts in practical implementations to balance privacy preservation and usability to ensure more reliable health care applications.

medical informatics

Jian Xu,Wei Wang,Jian Pei,Xiaoyuan Wang,Baile Shi,Ada Wai-Chee Fu

DOI: https://doi.org/10.1145/1233321.1233324

2006-01-01

ACM SIGKDD Explorations Newsletter

Abstract:Privacy becomes a more and more serious concern in applications involving microdata. Recently, efficient anonymization has attracted much research work. Most of the previous methods use global recoding, which maps the domains of the quasi-identifier attributes to generalized or changed values. However, global recoding may not always achieve effective anonymization in terms of discernability and query answering accuracy using the anonymized data. Moreover, anonymized data is often used for analysis. As well accepted in many analytical applications, different attributes in a data set may have different utility in the analysis. The utility of attributes has not been considered in the previous methods. In this paper, we study the problem of utility-based anonymization. First, we propose a simple framework to specify utility of attributes. The framework covers both numeric and categorical data. Second, we develop two simple yet efficient heuristic local recoding methods for utility-based anonymization. Our extensive performance study using both real data sets and synthetic data sets shows that our methods outperform the state-of-the-art multidimensional global recoding methods in both discernability and query answering accuracy. Furthermore, our utility-based method can boost the quality of analysis using the anonymized data.

Nafees Qamar,Yilong Yang,Andras Nadas,Zhiming Liu,Janos Sztipanovits

DOI: https://doi.org/10.48550/arXiv.1501.05916

2014-11-19

Abstract:This paper takes on the problem of automatically identifying clinically-relevant patterns in medical datasets without compromising patient privacy. To achieve this goal, we treat datasets as a black box for both internal and external users of data that lets us handle clinical data queries directly and far more efficiently. The novelty of the approach lies in avoiding the data de-identification process often used as a means of preserving patient privacy. The implemented toolkit combines software engineering technologies such as Java EE and RESTful web services, to allow exchanging medical data in an unidentifiable XML format as well as restricting users to the need-to-know principle. Our technique also inhibits retrospective processing of data, such as attacks by an adversary on a medical dataset using advanced computational methods to reveal Protected Health Information (PHI). The approach is validated on an endoscopic reporting application based on openEHR and MST standards. From the usability perspective, the approach can be used to query datasets by clinical researchers, governmental or non-governmental organizations in monitoring health care services to improve quality of care.

Software Engineering,Cryptography and Security,Databases

Alireza Zamanian,Henrik von Kleist,Octavia-Andreea Ciora,Marta Piperno,Gino Lancho,Narges Ahmidi

DOI: https://doi.org/10.3390/jpm14050514

IF: 3.5083

2024-05-12

Journal of Personalized Medicine

Abstract:Despite the extensive literature on missing data theory and cautionary articles emphasizing the importance of realistic analysis for healthcare data, a critical gap persists in incorporating domain knowledge into the missing data methods. In this paper, we argue that the remedy is to identify the key scenarios that lead to data missingness and investigate their theoretical implications. Based on this proposal, we first introduce an analysis framework where we investigate how different observation agents, such as physicians, influence the data availability and then scrutinize each scenario with respect to the steps in the missing data analysis. We apply this framework to the case study of observational data in healthcare facilities. We identify ten fundamental missingness scenarios and show how they influence the identification step for missing data graphical models, inverse probability weighting estimation, and exponential tilting sensitivity analysis. To emphasize how domain-informed analysis can improve method reliability, we conduct simulation studies under the influence of various missingness scenarios. We compare the results of three common methods in medical data analysis: complete-case analysis, Missforest imputation, and inverse probability weighting estimation. The experiments are conducted for two objectives: variable mean estimation and classification accuracy. We advocate for our analysis approach as a reference for the observational health data analysis. Beyond that, we also posit that the proposed analysis framework is applicable to other medical domains.

medicine, general & internal,health care sciences & services

J. Thomas Brown,Chao Yan,Weiyi Xia,Zhijun Yin,Zhiyu Wan,Aris Gkoulalas-Divanis,Murat Kantarcioglu,Bradley A. Malin

DOI: https://doi.org/10.48550/arXiv.2106.14649

2021-06-21

Cryptography and Security

Abstract:Supporting public health research and the public's situational awareness during a pandemic requires continuous dissemination of infectious disease surveillance data. Legislation, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and recent state-level regulations, permits sharing de-identified person-level data; however, current de-identification approaches are limited. namely, they are inefficient, relying on retrospective disclosure risk assessments, and do not flex with changes in infection rates or population demographics over time. In this paper, we introduce a framework to dynamically adapt de-identification for near-real time sharing of person-level surveillance data. The framework leverages a simulation mechanism, capable of application at any geographic level, to forecast the re-identification risk of sharing the data under a wide range of generalization policies. The estimates inform weekly, prospective policy selection to maintain the proportion of records corresponding to a group size less than 11 (PK11) at or below 0.1. Fixing the policy at the start of each week facilitates timely dataset updates and supports sharing granular date information. We use August 2020 through October 2021 case data from Johns Hopkins University and the Centers for Disease Control and Prevention to demonstrate the framework's effectiveness in maintaining the PK!1 threshold of 0.01. When sharing COVID-19 county-level case data across all US counties, the framework's approach meets the threshold for 96.2% of daily data releases, while a policy based on current de-identification techniques meets the threshold for 32.3%. Periodically adapting the data publication policies preserves privacy while enhancing public health utility through timely updates and sharing epidemiologically critical features.

Wenhui Ren,Zheng Liu,Yanqiu Wu,Zhilong Zhang,Shenda Hong,Huixin Liu,Missing Data in Electronic health Records (MINDER) Group

DOI: https://doi.org/10.34133/hds.0176

2024-01-01

Health Data Science

Abstract:Background: Missing data in electronic health records (EHRs) presents significant challenges in medical studies. Many methods have been proposed, but uncertainty exists regarding the current state of missing data addressing methods applied for EHR and which strategy performs better within specific contexts. Methods: All studies referencing EHR and missing data methods published from their inception until 2024 March 30 were searched via the MEDLINE, EMBASE, and Digital Bibliography and Library Project databases. The characteristics of the included studies were extracted. We also compared the performance of various methods under different missingness scenarios. Results: After screening, 46 studies published between 2010 and 2024 were included. Three missingness mechanisms were simulated when evaluating the missing data methods: missing completely at random (29/46), missing at random (20/46), and missing not at random (21/46). Multiple imputation by chained equations (MICE) was the most popular statistical method, whereas generative adversarial network-based methods and the k nearest neighbor (KNN) classification were the common deep-learning-based or traditional machine-learning-based methods, respectively. Among the 26 articles comparing the performance among medical statistical and machine learning approaches, traditional machine learning or deep learning methods generally outperformed statistical methods. Med.KNN and context-aware time-series imputation performed better for longitudinal datasets, whereas probabilistic principal component analysis and MICE-based methods were optimal for cross-sectional datasets. Conclusions: Machine learning methods show significant promise for addressing missing data in EHRs. However, no single approach provides a universally generalizable solution. Standardized benchmarking analyses are essential to evaluate these methods across different missingness scenarios.

Mingyue Shi,Rong Jiang,Xiaohan Hu,Jingwei Shang

DOI: https://doi.org/10.1007/s10729-019-09490-4

2019-07-23

Health Care Management Science

Abstract:With the rapid development of modern information technology, the health care industry is entering a critical stage of intelligence. Faced with the growing health care big data, information security issues are becoming more and more prominent in the management of smart health care, especially the problem of patient privacy leakage is the most serious. Therefore, strengthening the information management of intelligent health care in the era of big data is an important part of the long-term sustainable development of hospitals. This paper first identified the key indicators affecting the privacy disclosure of big data in health management, and then established the risk access control model based on the fuzzy theory, which was used for the management of big data in intelligent medical treatment, and solves the problem of inaccurate experimental results due to the lack of real data when dealing with actual problems. Finally, the model is compared with the results calculated by the fuzzy tool set in Matlab. The results verify that the model is effective in assessing the current safety risks and predicting the range of different risk factors, and the prediction accuracy can reach more than 90%.

health policy & services

J Thomas Brown,Chao Yan,Weiyi Xia,Zhijun Yin,Zhiyu Wan,Aris Gkoulalas-Divanis,Murat Kantarcioglu,Bradley A Malin

DOI: https://doi.org/10.1093/jamia/ocac011

2022-04-13

Abstract:Objective: Supporting public health research and the public's situational awareness during a pandemic requires continuous dissemination of infectious disease surveillance data. Legislation, such as the Health Insurance Portability and Accountability Act of 1996 and recent state-level regulations, permits sharing deidentified person-level data; however, current deidentification approaches are limited. Namely, they are inefficient, relying on retrospective disclosure risk assessments, and do not flex with changes in infection rates or population demographics over time. In this paper, we introduce a framework to dynamically adapt deidentification for near-real time sharing of person-level surveillance data. Materials and methods: The framework leverages a simulation mechanism, capable of application at any geographic level, to forecast the reidentification risk of sharing the data under a wide range of generalization policies. The estimates inform weekly, prospective policy selection to maintain the proportion of records corresponding to a group size less than 11 (PK11) at or below 0.1. Fixing the policy at the start of each week facilitates timely dataset updates and supports sharing granular date information. We use August 2020 through October 2021 case data from Johns Hopkins University and the Centers for Disease Control and Prevention to demonstrate the framework's effectiveness in maintaining the PK11 threshold of 0.01. Results: When sharing COVID-19 county-level case data across all US counties, the framework's approach meets the threshold for 96.2% of daily data releases, while a policy based on current deidentification techniques meets the threshold for 32.3%. Conclusion: Periodically adapting the data publication policies preserves privacy while enhancing public health utility through timely updates and sharing epidemiologically critical features.

Jianfei Cui,He Zhu,Hao Deng,Ziwei Chen,Dianbo Liu

DOI: https://doi.org/10.48550/arXiv.2001.09751

2020-11-23

Abstract:Sometimes electrical medical records are restricted and difficult to centralize for machine learning, which could only be trained in distributed manner that involved many institutions in the process. However, sometimes some institutions are likely to figure out the private data used for training certain models based on the parameters they obtained, which is a violation of privacy and certain regulations. Under those circumstances, we develop an algorithm, called 'federated machine learning with anonymous random hybridization'(abbreviated as 'FeARH'), using mainly hybridization algorithm to eliminate connections between medical record data and models' parameters, which avoid untrustworthy institutions from stealing patients' private medical records. Based on our experiment, our new algorithm has similar AUCROC and AUCPR result compared with machine learning in centralized manner and original federated machine learning, at the same time, our algorithm can greatly reduce data transfer size in comparison with original federated machine learning.

Computers and Society,Machine Learning

Chengsheng Mao,Yuan Zhao,Mengxin Sun,Yuan Luo

DOI: https://doi.org/10.48550/arXiv.1806.05520

2018-06-13

Abstract:Privacy is a major concern in sharing human subject data to researchers for secondary analyses. A simple binary consent (opt-in or not) may significantly reduce the amount of sharable data, since many patients might only be concerned about a few sensitive medical conditions rather than the entire medical records. We propose event-level privacy protection, and develop a feature ablation method to protect event-level privacy in electronic medical records. Using a list of 13 sensitive diagnoses, we evaluate the feasibility and the efficacy of the proposed method. As feature ablation progresses, the identifiability of a sensitive medical condition decreases with varying speeds on different diseases. We find that these sensitive diagnoses can be divided into 3 categories: (1) 5 diseases have fast declining identifiability (AUC below 0.6 with less than 400 features excluded); (2) 7 diseases with progressively declining identifiability (AUC below 0.7 with between 200 and 700 features excluded); and (3) 1 disease with slowly declining identifiability (AUC above 0.7 with 1000 features excluded). The fact that the majority (12 out of 13) of the sensitive diseases fall into the first two categories suggests the potential of the proposed feature ablation method as a solution for event-level record privacy protection.

Information Retrieval,Computers and Society

Ofer Mendelevitch,Michael D. Lesh

DOI: https://doi.org/10.48550/arXiv.2101.08658

2021-06-02

Abstract:The digitization of medical records ushered in a new era of big data to clinical science, and with it the possibility that data could be shared, to multiply insights beyond what investigators could abstract from paper records. The need to share individual-level medical data to accelerate innovation in precision medicine continues to grow, and has never been more urgent, as scientists grapple with the COVID-19 pandemic. However, enthusiasm for the use of big data has been tempered by a fully appropriate concern for patient autonomy and privacy. That is, the ability to extract private or confidential information about an individual, in practice, renders it difficult to share data, since significant infrastructure and data governance must be established before data can be shared. Although HIPAA provided de-identification as an approved mechanism for data sharing, linkage attacks were identified as a major vulnerability. A variety of mechanisms have been established to avoid leaking private information, such as field suppression or abstraction, strictly limiting the amount of information that can be shared, or employing mathematical techniques such as differential privacy. Another approach, which we focus on here, is creating synthetic data that mimics the underlying data. For synthetic data to be a useful mechanism in support of medical innovation and a proxy for real-world evidence, one must demonstrate two properties of the synthetic dataset: (1) any analysis on the real data must be matched by analysis of the synthetic data (statistical fidelity) and (2) the synthetic data must preserve privacy, with minimal risk of re-identification (privacy guarantee). In this paper we propose a framework for quantifying the statistical fidelity and privacy preservation properties of synthetic datasets and demonstrate these metrics for synthetic data generated by Syntegra technology.

Machine Learning,Artificial Intelligence,Cryptography and Security

Yuanmeng Zhao,Jian Weng,Jia-Nan Liu,Mei Cai

DOI: https://doi.org/10.1016/j.jisa.2024.103749

IF: 4.96

2024-05-01

Journal of Information Security and Applications

Abstract:The digitalization of the medical field has resulted in a vast amount of medical data stored in Electronic Health Record (EHR) systems. Among the various valuable applications of EHRs, medication efficacy analysis stands out as a powerful tool for drug development and enhancing patient treatment. This analysis relies on multi-dimensional medical data, encompassing various factors. Currently, medical research is increasingly inclined towards inter-institutional sharing of medical data to enhance the accuracy and reliability of analysis results. However, due to the sensitivity of personal medical data, privacy and security considerations must be taken into account when conducting medical analyses across institutions. In this paper, we present a novel privacy-preserving scheme for distributed medication efficacy analysis. Our work allows for the analysis of multi-dimensional medical data by leveraging the private set intersection protocol and the Paillier cryptosystem. To validate the feasibility of our scheme, we implement it using some real medical datasets. Experimental results demonstrate that our approach offers enhanced security and lower computational and communication overhead compared to the original approach, which solely processes single-dimensional data at a time.

computer science, information systems

Wei Huang,Tong Yi,Haibin Zhu,Wenqian Shang,Weiguo Lin

DOI: https://doi.org/10.1371/journal.pone.0250457

IF: 3.7

2021-04-22

PLoS ONE

Abstract:Spontaneous reporting systems (SRSs) are used to collect adverse drug events (ADEs) for their evaluation and analysis. Periodical SRS data publication gives rise to a problem where sensitive, private data can be discovered through various attacks. The existing SRS data publishing methods are vulnerable to Medicine Discontinuation Attack( MD -attack) and Substantial symptoms-attack( SS -attack). To remedy this problem, an improved periodical SRS data publishing—PPMS( k , θ , ɑ )-bounding is proposed. This new method can recognize MD -attack by ensuring that each equivalence group contains at least k new medicine discontinuation records. The SS -attack can be thwarted using a heuristic algorithm. Theoretical analysis indicates that PPMS( k , θ , ɑ )-bounding can thwart the above-mentioned attacks. The experimental results also demonstrate that PPMS( k , θ , ɑ )-bounding can provide much better protection for privacy than the existing method and the new method dose not increase the information loss. PPMS( k , θ , ɑ )-bounding can improve the privacy, guaranteeing the information usability of the released tables.

multidisciplinary sciences

Neslihan Suzen,Evgeny M. Mirkes,Damian Roland,Jeremy Levesley,Alexander N. Gorban,Tim J. Coats

DOI: https://doi.org/10.1109/BigData59044.2023.10386194

2024-02-10

Abstract:Electronic patient records (EPRs) produce a wealth of data but contain significant missing information. Understanding and handling this missing data is an important part of clinical data analysis and if left unaddressed could result in bias in analysis and distortion in critical conclusions. Missing data may be linked to health care professional practice patterns and imputation of missing data can increase the validity of clinical decisions. This study focuses on statistical approaches for understanding and interpreting the missing data and machine learning based clinical data imputation using a single centre's paediatric emergency data and the data from UK's largest clinical audit for traumatic injury database (TARN). In the study of 56,961 data points related to initial vital signs and observations taken on children presenting to an Emergency Department, we have shown that missing data are likely to be non-random and how these are linked to health care professional practice patterns. We have then examined 79 TARN fields with missing values for 5,791 trauma cases. Singular Value Decomposition (SVD) and k-Nearest Neighbour (kNN) based missing data imputation methods are used and imputation results against the original dataset are compared and statistically tested. We have concluded that the 1NN imputer is the best imputation which indicates a usual pattern of clinical decision making: find the most similar patients and take their attributes as imputation.

Artificial Intelligence,Computation and Language,Human-Computer Interaction,Information Theory