Tian-shu ZHOU,Xing-hua ZHU,Jing-song LI

DOI: https://doi.org/10.3969/j.issn.1673-7571.2015.06.025

2015-01-01

Abstract:To meet the demand of big data sharing and communication in regional medical systems in a secure manner, we designed and developed a security system within HIE-oriented EMR, including identity authentication, privilege management, access log, and data encryption modules. The establish and deployment of the system could prevent access from the illegal users, keep EMR system accessibility while controllability, record the modification traces and make it undeniability, protect the medical data from intercepted by intruders, keep the data confidentiality from none stakeholders, and finally construct a complete security system in EMR.

Xiaoliang Wang,Liang Bai,Qing Yang,Liu Wang,Frank Jiang

DOI: https://doi.org/10.1016/j.jisa.2019.04.010

IF: 4.96

2019-01-01

Journal of Information Security and Applications

Abstract:With the development of wireless sensor network and internet, ubiquitous eHealth care systems are booming. However, a great deal of data computing and storage processing restrict the scalability of ubiquitous eHealth. As a solution, cloud-based eHealth is coming up. However, using cloud-computing model often causes some privacy concerns. Massive medical data in eHealth system contain numerous sensitive information and electronic health records of users. Meanwhile, if data encryption is adopted to protect privacy, cloud center cannot process data. To solve this problem, a scheme based on fully homomorphism conception for privacy protection and data processing of eHealth is proposed in this paper. Our scheme not only meets the aforementioned dual requirements but also limit the arbitrary actions of patients and doctors.

Kong Hua-Ming,Qin Yao,Peng-Fei Li,Jing-Song Li

DOI: https://doi.org/10.1007/978-94-007-7618-0_64

2013-01-01

Abstract:With the development of medical health, regional health information sharing has become the inevitable trend of the development of medical information. However, due to the regional medical information construction, it hinders the exchange and sharing of clinical data for some disadvantages like low-level degree of system integration, low real-time of information exchange, poor reliability, etc. According to the existing problems of the regional health, this paper constructs a regional health information collaborative platform, utilizes information integration to form patient as core of clinical data, uses clinical document architecture (CDA) as data exchange standard, and implements the data exchange and sharing between medical institutions and the regional medical center.

Wang Yu,Guo Long,Tian Yu,Jingsong Li

DOI: https://doi.org/10.1007/978-94-007-7618-0_37

2014-01-01

Abstract:With the pace of China's New Medical Reform, medical information systems have been rapidly developing, thus generating tremendous clinical data that contain large amount of information. Clinical data exchange is one of the most important foundations to make full use of clinical data. Under the whole background of Global Dolphin (an international data exchange system between China and Japan), this paper demonstrates a method of achieving standardized clinical data exchange based on Ensemble Integration Platform and using Health Level Seven International (HL7) as the data exchange standard. HL7 helps to standardize the data exchange process; Ensemble Platform contributes to the loose coupling of medical information systems and constructing a unified data management layer in logic, ultimately achieving the goal of sharing clinical data between a data center and medical institutions. ? Springer Science+Business Media Dordrecht 2014.

Liting Du,Chenxi Xia,Zhaohua Deng,Gary Lu,Shuxu Xia,Jingdong Ma

DOI: https://doi.org/10.1016/j.ijmedinf.2018.05.010

IF: 4.73

2018-01-01

International Journal of Medical Informatics

Abstract:Background: With the increasing application of electronic health records (EHRs) in the world, protecting private information in clinical text has drawn extensive attention from healthcare providers to researchers. De-identification, the process of identifying and removing protected health information (PHI) from clinical text, has been central to the discourse on medical privacy since 2006. While de-identification is becoming the global norm for handling medical records, there is a paucity of studies on its application on Chinese clinical text. Without efficient and effective privacy protection algorithms in place, the use of indispensable clinical information would be confined. Objectives: We aimed to (i) describe the current process for PHI in China, (ii) propose a machine learning based approach to identify PHI in Chinese clinical text, and (iii) validate the effectiveness of the machine learning algorithm for de-identification in Chinese clinical text. Methods: Based on 14,719 discharge summaries from regional health centers in Ya'an City, Sichuan province, China, we built a conditional random fields (CRF) model to identify PHI in clinical text, and then used the regular expressions to optimize the recognition results of the PHI categories with fewer samples. Results: We constructed a Chinese clinical text corpus with PHI tags through substantial manual annotation, wherein the descriptive statistics of PHI manifested its wide range and diverse categories. The evaluation showed with a high F-measure of 0.9878 that our CRF-based model had a good performance for identifying PHI in Chinese clinical text. Conclusion: The rapid adoption of EHR in the health sector has created an urgent need for tools that can parse patient specific information from Chinese clinical text. Our application of CRF algorithms for de-identification has shown the potential to meet this need by offering a highly accurate and flexible solution to analyzing Chinese clinical text.

Ishna Neamatullah,Margaret M Douglass,Li-wei H Lehman,Andrew Reisner,Mauricio Villarroel,William J Long,Peter Szolovits,George B Moody,Roger G Mark,Gari D Clifford

DOI: https://doi.org/10.1186/1472-6947-8-32

2008-07-24

Abstract:Background: Text-based patient medical records are a vital resource in medical research. In order to preserve patient confidentiality, however, the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires that protected health information (PHI) be removed from medical records before they can be disseminated. Manual de-identification of large medical record databases is prohibitively expensive, time-consuming and prone to error, necessitating automatic methods for large-scale, automated de-identification. Methods: We describe an automated Perl-based de-identification software package that is generally usable on most free-text medical records, e.g., nursing notes, discharge summaries, X-ray reports, etc. The software uses lexical look-up tables, regular expressions, and simple heuristics to locate both HIPAA PHI, and an extended PHI set that includes doctors' names and years of dates. To develop the de-identification approach, we assembled a gold standard corpus of re-identified nursing notes with real PHI replaced by realistic surrogate information. This corpus consists of 2,434 nursing notes containing 334,000 words and a total of 1,779 instances of PHI taken from 163 randomly selected patient records. This gold standard corpus was used to refine the algorithm and measure its sensitivity. To test the algorithm on data not used in its development, we constructed a second test corpus of 1,836 nursing notes containing 296,400 words. The algorithm's false negative rate was evaluated using this test corpus. Results: Performance evaluation of the de-identification software on the development corpus yielded an overall recall of 0.967, precision value of 0.749, and fallout value of approximately 0.002. On the test corpus, a total of 90 instances of false negatives were found, or 27 per 100,000 word count, with an estimated recall of 0.943. Only one full date and one age over 89 were missed. No patient names were missed in either corpus. Conclusion: We have developed a pattern-matching de-identification system based on dictionary look-ups, regular expressions, and heuristics. Evaluation based on two different sets of nursing notes collected from a U.S. hospital suggests that, in terms of recall, the software out-performs a single human de-identifier (0.81) and performs at least as well as a consensus of two human de-identifiers (0.94). The system is currently tuned to de-identify PHI in nursing notes and discharge summaries but is sufficiently generalized and can be customized to handle text files of any format. Although the accuracy of the algorithm is high, it is probably insufficient to be used to publicly disseminate medical data. The open-source de-identification software and the gold standard re-identified corpus of medical records have therefore been made available to researchers via the PhysioNet website to encourage improvements in the algorithm.

Nan Zhang,Liam O'Neill,Gautam Das,Xiuzhen Cheng,Heng Huang

DOI: https://doi.org/10.4018/jhisi.2012100104

2012-01-01

International Journal of Healthcare Information Systems and Informatics

Abstract:In accordance with HIPAA regulations, patients' personal information is typically removed or generalized prior to being released as public data files. However, it is not known if the standard method of de-identification is sufficient to prevent re-identification by an intruder. The authors conducted analytical processing to identify security vulnerabilities in the protocols to de-identify hospital data. Their techniques for discovering privacy leakage utilized three disclosure channels: (1) data inter-dependency, (2) biomedical domain knowledge, and (3) suppression algorithms and partial suppression results. One state's inpatient discharge data set was used to represent the current practice of de-identification of health care data, where a systematic approach had been employed to suppress certain elements of the patient's record. Of the 1,098 records for which the hospital ID was suppressed, the original hospital ID was recovered for 616 records, leading to a nullification rate of 56.1%. Utilizing domain knowledge based on the patient's Diagnosis Related Group (DRG) code, the authors recovered the real age of 64 patients, the gender of 83 male patients and 713 female patients. They also successfully identified the ZIP code of 1,219 patients. The procedure used to de-identify hospital records was found to be inadequate to prevent disclosure of patient information. As the masking procedure described was found to be reversible, this increases the risk that an intruder could use this information to re-identify individual patients.

Zhiming Liu,Nafees Qamar,Jie Qian

DOI: https://doi.org/10.1007/978-3-642-53956-5_18

2013-01-01

Abstract:Recent developments in data de-identification technologies offer sophisticated solutions to protect medical data when, especially the data is to be provided for secondary purposes such as clinical or biomedical research. So as to determine to what degree an approach--- along with its tool--- is usable and effective, this paper takes into consideration a number of de-identification tools that aim at reducing the re-identification risk for the published medical data, yet preserving its statistical meanings. We therefore evaluate the residual risk of re-identification by conducting an experimental evaluation of the most stable research-based tools, as applied to our Electronic Health Records EHRs database, to assess which tool exhibits better performance with different quasi-identifiers. Our evaluation criteria are quantitative as opposed to other descriptive and qualitative assessments. We notice that on comparing individual disclosure risk and information loss of each published data, the μ -Argus tool performs better. Also, the generalization method is considerably better than the suppression method in terms of reducing risk and avoiding information loss. We also find that sdcMicro has the best scalability among its counterparts, as has been observed experimentally on a virtual data consisted of 33 variables and 10,000 records.

Shouling Ji,Qinchen Gu,Haiqin Weng,Qianjun Liu,Pan Zhou,Jing Chen,Zhao Li,Raheem Beyah,Ting Wang

DOI: https://doi.org/10.1109/icde48307.2020.00143

2019-01-01

Abstract:In this paper, we study the privacy of online health data. We present a novel online health data De-Anonymization (DA) framework, named De-Health. Leveraging two real world online health datasets WebMD and HealthBoards, we validate the DA efficacy of De-Health. We also present a linkage attack framework which can link online health/medical information to real world people. Through a proof-of-concept attack, we link 347 out of 2805 WebMD users to real world people, and find the full names, medical/health information, birthdates, phone numbers, and other sensitive information for most of the re-identified users. This clearly illustrates the fragility of the privacy of those who use online health forums.

Marcos Da Silveira,Stefan Benzschawel

2011-02-23

Abstract:This paper describes a national eHealth platform concept with a multi-level privacy protection in order to improve the security and privacy of medical information on their storage locations as well as during the exchanging/sharing processes. The key idea is to classify and split-up data into different servers. A Trusted Third Party server manages personal identifying data together with the related pseudonyms while the medical information server manages the related medical data assigned to pseudonyms. The well known IHE-XDS profiles are enriched by Public Key Infrastructure, symmetric and asymmetric encryption together with pseudonymization methods. IHE-XDS promote the interoperability level and the extensions increase the security level. Keywords— eHealth; Patient Privacy; Electronic Health Records; Secure Patient Data Storage

Computer Science,Medicine

XIE Anming,JIN Tao,ZHOU Tao

DOI: https://doi.org/10.11959/j.issn.2096-0271.2017048

2017-01-01

Abstract:With the development of big data,there are many difficulties to protect personal information.De-identification removes identifiable information from a dataset so that individual data cannot be linked with specific individuals.De-identification thus helps to balance the contradictory goals of sharing personal information while protecting privacy.De-identification architecture on personal information was proposed.The specifications on implementing a de-identification process were described.On the basis of big data security standard system,some suggestions were proposed to develop de-identification standards.

Jing-song Li,Tian-shu Zhou,Jian Chu,Kenji Araki,Hiroyuki Yoshihara

DOI: https://doi.org/10.1136/amiajnl-2011-000111

Abstract:Objective: At present, most clinical data are exchanged between organizations within a regional system. However, people traveling abroad may need to visit a hospital, which would make international exchange of clinical data very useful. Background: Since 2007, a collaborative effort to achieve clinical data sharing has been carried out at Zhejiang University in China and Kyoto University and Miyazaki University in Japan; each is running a regional clinical information center. Methods An international layer system named Global Dolphin was constructed with several key services, sharing patients' health information between countries using a medical markup language (MML). The system was piloted with 39 test patients. Results: The three regions above have records for 966,000 unique patients, which are available through Global Dolphin. Data exchanged successfully from Japan to China for the 39 study patients include 1001 MML files and 152 images. The MML files contained 197 free text-type paragraphs that needed human translation. Discussion The pilot test in Global Dolphin demonstrates that patient information can be shared across countries through international health data exchange. To achieve cross-border sharing of clinical data, some key issues had to be addressed: establishment of a super directory service across countries; data transformation; and unique one-language translation. Privacy protection was also taken into account. The system is now ready for live use. Conclusion: The project demonstrates a means of achieving worldwide accessibility of medical data, by which the integrity and continuity of patients' health information can be maintained.

Meng Jin,Kai Zhang,Yunhaonan Yang,Shuanglian Xie,Kai Song,Yonghua Hu,Xiaoyuan Bao

DOI: https://doi.org/10.1109/ICBK.2019.00023

2019-01-01

Abstract:The premise of the full use of unstructured electronic medical records is to maintain the fully protection of a patient's information privacy. Presently, in prior of processing the electronic medical record date, identification and removing of relevant information which can be used to identify a patient is a research hotspot nowadays. There are very few methods in de-identification of Chinese electronic medical records and their cross-center performance is poor. Therefore we develop a de-identification method which is a mixture of rule-based methods and machine learning methods. The method was tested on 700 electronic medical records from six hospitals. Five-fold cross test was used to evaluate the results of c5.0, Random Forest, SVM and XGBOOST. Leave-one-out test was used to evaluate CRF. And the F1 Measure of machine learning reached 91.18% in PHI_Names, 98.21% in PHI_MEDICALID, 95.74% in PHI_OTHERNFC, 97.14% in PHI_GEO, 89.19% in PHI_DATES, and 91.49% in PHI_TEL. And the F1 Measure of rule-based methods reached 93.00% in PHI_Names, 97.00% in PHI_MEDICALID, 97.00% in PHI_OTHERNFC, 97.00% in PHI_GEO, 96.00% in PHI_DATES, and 89.00% in PHI_TEL.

Zhe Jian,Xusheng Guo,Shijian Liu,Handong Ma,Shaodian Zhang,Rui Zhang,Jianbo Lei

DOI: https://doi.org/10.1016/j.jbi.2017.07.017

IF: 8

2017-01-01

Journal of Biomedical Informatics

Abstract:With rapid adoption of Electronic Health Records (EHR) in China, an increasing amount of clinical data has been available to support clinical research. Clinical data secondary use usually requires de-identification of personal information to protect patient privacy. Since manually de-identification of free clinical text requires significant amount of human work, developing an automated de-identification system is necessary. While there are many de-identification systems available for English clinical text, designing a de-identification system for Chinese clinical text faces many challenges such as unavailability of necessary lexical resources and sparsity of patient health information (PHI) in Chinese clinical text. In this paper, we designed a de-identification pipeline taking advantage of both rule-based and machine learning techniques. Our method, in particular, can effectively construct a data set with dense PHI information, which saves annotation time significantly for subsequent supervised learning. We experiment on a dataset of 3000 heterogeneous clinical documents to evaluate the annotation cost and the de-identification performance. Our approach can increase the efficiency of the annotation effort by over 60% while reaching performance as high as over 90% measured by F score. We demonstrate that combing rule-based and machine learning is an effective way to reduce the annotation cost and achieve high performance in Chinese clinical text de-identification task.

Zengjian Liu,Yangxin Chen,Buzhou Tang,Xiaolong Wang,Qingcai Chen,Haodi Li,Jingfeng Wang,Qiwen Deng,Suisong Zhu

DOI: https://doi.org/10.1016/j.jbi.2015.06.009

IF: 8

2015-01-01

Journal of Biomedical Informatics

Abstract:De-identification, identifying and removing all protected health information (PHI) present in clinical data including electronic medical records (EMRs), is a critical step in making clinical data publicly available. The 2014 i2b2 (Center of Informatics for Integrating Biology and Bedside) clinical natural language processing (NLP) challenge sets up a track for de-identification (track 1). In this study, we propose a hybrid system based on both machine learning and rule approaches for the de-identification track. In our system, PHI instances are first identified by two (token-level and character-level) conditional random fields (CRFs) and a rule-based classifier, and then are merged by some rules. Experiments conducted on the i2b2 corpus show that our system submitted for the challenge achieves the highest micro F-scores of 94.64%, 91.24% and 91.63% under the "token", "strict" and "relaxed" criteria respectively, which is among top-ranked systems of the 2014 i2b2 challenge. After integrating some refined localization dictionaries, our system is further improved with F-scores of 94.83%, 91.57% and 91.95% under the "token", "strict" and "relaxed" criteria respectively.

Peng Wang,Yong Li,Liang Yang,Simin Li,Linfeng Li,Zehan Zhao,Shaopei Long,Fei Wang,Hongqian Wang,Ying Li,Chengliang Wang

DOI: https://doi.org/10.2196/38154

IF: 3.2

2022-08-31

JMIR Medical Informatics

Abstract:Background: With the popularization of electronic health records in China, the utilization of digitalized data has great potential for the development of real-world medical research. However, the data usually contains a great deal of protected health information and the direct usage of this data may cause privacy issues. The task of deidentifying protected health information in electronic health records can be regarded as a named entity recognition problem. Existing rule-based, machine learning–based, or deep learning–based methods have been proposed to solve this problem. However, these methods still face the difficulties of insufficient Chinese electronic health record data and the complex features of the Chinese language. Objective: This paper proposes a method to overcome the difficulties of overfitting and a lack of training data for deep neural networks to enable Chinese protected health information deidentification. Methods: We propose a new model that merges TinyBERT (bidirectional encoder representations from transformers) as a text feature extraction module and the conditional random field method as a prediction module for deidentifying protected health information in Chinese medical electronic health records. In addition, a hybrid data augmentation method that integrates a sentence generation strategy and a mention-replacement strategy is proposed for overcoming insufficient Chinese electronic health records. Results: We compare our method with 5 baseline methods that utilize different BERT models as their feature extraction modules. Experimental results on the Chinese electronic health records that we collected demonstrate that our method had better performance (microprecision: 98.7%, microrecall: 99.13%, and micro-F1 score: 98.91%) and higher efficiency (40% faster) than all the BERT-based baseline methods. Conclusions: Compared to baseline methods, the efficiency advantage of TinyBERT on our proposed augmented data set was kept while the performance improved for the task of Chinese protected health information deidentification.

medical informatics

Nafees Qamar,Yilong Yang,Andras Nadas,Zhiming Liu

DOI: https://doi.org/10.1016/j.procs.2016.09.049

2016-01-01

Procedia Computer Science

Abstract:This paper addresses the challenge of identifying clinically-relevant patterns in medical datasets without endangering patient privacy. To this end, we treat medical datasets as black box for both internal and external users of the data enabling a remote query mechanism to construct and execute database queries. The novelty of the approach lies in avoiding the complex data de-identification process which is often used to preserve patient privacy. The implemented toolkit combines software engineering technologies such as Java EE and RESTful web services, to allow exchanging medical data in an unidentifiable XML format along with restricting users to the need-to-know privacy principle. Consequently, the technique inhibits retrospective processing of data, such as attacks by an adversary on a medical dataset using advanced computational methods to reveal Protected Health Information (PHI). The approach is validated on an endoscopic reporting application based on openEHR and MST standards. The proposed approach is largely motivated by the issues related to querying datasets by clinical researchers, governmental or non-governmental organizations in monitoring health care services to improve quality of care.

Jiaxing Liu,Shalini Gupta,Aipeng Chen,Chen-Kai Wang,Pratik Mishra,Hong-Jie Dai,Zoie Shui-Yee Wong,Jitendra Jonnagaddala

DOI: https://doi.org/10.2196/48145

IF: 7.076

2023-12-07

Journal of Medical Internet Research

Abstract:Background: Electronic health records (EHRs) in unstructured formats are valuable sources of information for research in both the clinical and biomedical domains. However, before such records can be used for research purposes, sensitive health information (SHI) must be removed in several cases to protect patient privacy. Rule-based and machine learning–based methods have been shown to be effective in deidentification. However, very few studies investigated the combination of transformer-based language models and rules. Objective: The objective of this study is to develop a hybrid deidentification pipeline for Australian EHR text notes using rules and transformers. The study also aims to investigate the impact of pretrained word embedding and transformer-based language models. Methods: In this study, we present a hybrid deidentification pipeline called OpenDeID, which is developed using an Australian multicenter EHR-based corpus called OpenDeID Corpus. The OpenDeID corpus consists of 2100 pathology reports with 38,414 SHI entities from 1833 patients. The OpenDeID pipeline incorporates a hybrid approach of associative rules, supervised deep learning, and pretrained language models. Results: The OpenDeID achieved a best F 1 -score of 0.9659 by fine-tuning the Discharge Summary BioBERT model and incorporating various preprocessing and postprocessing rules. The OpenDeID pipeline has been deployed at a large tertiary teaching hospital and has processed over 8000 unstructured EHR text notes in real time. Conclusions: The OpenDeID pipeline is a hybrid deidentification pipeline to deidentify SHI entities in unstructured EHR text notes. The pipeline has been evaluated on a large multicenter corpus. External validation will be undertaken as part of our future work to evaluate the effectiveness of the OpenDeID pipeline.

health care sciences & services,medical informatics

Moon-Ho Joo,Sang-Pil Yoon,Hun-Yeong Kwon,Jong-In Lim

DOI: https://doi.org/10.3233/ip-170057

2018-06-29

Information Polity

Abstract:In the age of big data, many countries are implementing and establishing de-identification policies quite actively. There are many efforts to institutionalize de-identification of personal information to protect privacy and utilize the use of personal information. But even with such efforts, de-identification policy always has a potential risk that de-identified information can be re-identified by being combined with other information. Therefore, it is necessary to consider the management mechanism that manages these risks as well as a mechanism for distributing the responsibilities and liabilities in the event of incidents involving the invasion of privacy. So far, most countries implementing the de-identification policies are focusing on defining what de-identification is and the exemption requirements to allow free use of de-identified personal information. On the other hand, there is a lack of discussion and consideration on how to distribute the responsibility of the risks and liabilities involved in the process of de-identification of personal information. The purpose of this study is to compare the de-identification policies of the European Union, the United States, Japan, and Korea, all of which are now actively pursuing de-identification policies. Additionally, this study proposes to take a look at the various de-identification policies worldwide and contemplate on these policies in the perspective of risk society and risk-liability theory. The constituencies of the de-identification policies are identified in order to analyze the roles and responsibilities of each of these constituencies thereby providing the theoretical basis on which to initiate the discussions on the distribution of burden and responsibilities arising from the de-identification policies.

Yu Niu,Ji-Jiang Yang,Qing Wang

DOI: https://doi.org/10.4018/ijehmc.2013100104

2013-01-01

Abstract:With the pervasive using of Electronic Medical Records EMR and telemedicine technologies, more and more digital healthcare data are accumulated from multiple sources. As healthcare data is valuable for both commercial and scientific research, the demand of sharing healthcare data has been growing rapidly. Nevertheless, health care data normally contains a large amount of personal information, and sharing them directly would bring huge threaten to the patient privacy. This paper proposes a privacy preserving framework for medical data sharing with the view of practical application. The framework focuses on three key issues of privacy protection during the data sharing, which are privacy definition/detection, privacy policy management, and privacy preserving data publishing. A case study for Chinese Electronic Medical Record ERM publishing with privacy preserving is implemented based on the proposed framework. Specific Chinese free text EMR segmentation, Protected Health Information PHI extraction, and K-anonymity PHI anonymous algorithms are proposed in each component. The real-life data from hospitals are used to evaluate the performance of the proposed framework and system.