Abstract
As healthcare data is extremely sensitive, it poses a risk of invading individuals' privacy if stored or exported without proper security measures. De-identification entails pseudonymization or anonymization of data, which are methods for temporarily or permanently removing an individual's identity. These methods are most suitable to keep user healthcare data private. Inference attacks are a commonly overlooked weakness of de-identification techniques. In this paper, I discuss a method for de-identifying Electronic Healthcare Records (EHR) using chained hashing to generate short-lived pseudonyms to reduce the impact of inference attacks, as well as a mechanism for re-identification based on information self-determination. It also removes the weaknesses of existing de-identification algorithms and resolve them by using appropriate real-time de-identification algorithm, Ephemeral Pseudonym Generation Algorithm (EPGA).
Similar content being viewed by others
References
Bruland, P., Doods, J., Brix, T., Dugas, M., Storck, M.: Connecting healthcare and clinical research: Workflow optimizations through seamless integration of EHR, pseudonymization services and EDC systems. Int. J. Med. Informatics (2018). https://doi.org/10.1016/j.ijmedinf.2018.09.007
Gordon, W.J., Catalini, C.: Blockchain technology for healthcare: facilitating the transition to patient-driven interoperability. Comput. Struct. Biotechnol. J. (2018). https://doi.org/10.1016/j.csbj.2018.06.003
Hussien, H.M., Yasin, S.M., Udzir, S.N.I., Zaidan, A.A., Zaidan, B.B.: A systematic review for enabling of develop a blockchain technology in healthcare application: taxonomy, substantially analysis, motivations, challenges, recommendations and future direction. J. Med. Syst. (2019). https://doi.org/10.1007/s10916-019-1445-8
Kushida, C.A., Nichols, D.A., Jadrnicek, R., Miller, R., Walsh, J.K., Griffin, K.: Strategies for de-identification and anonymization of electronic health record data for use in multicenter research studies. Med. Care (2012). https://doi.org/10.1097/MLR.0b013e3182585355
A. H. Mayer, C. A. da Costa, and R. da R. Righi, “Electronic health records in a Blockchain: A systematic review,” Health Informatics Journal, 2020, doi: https://doi.org/10.1177/1460458219866350.
Neubauer, T., Kolb, M.: “Technologies for the pseudonymization of medical data: a legal evaluation”, in. Fourth International Conference on Systems 2009, 7–12 (2009)
R. Peterson, “Encryption system for allowing immediate universal access to medical records while maintaining complete patient control over privacy.” Google Patents. 2003.
B. K. Rai and T. Solanki, (2021) Access control mechanism in healthcare information system. In: Gautam Kumar, Om Prakash Singh, Hemraj Saini (eds) Cybersecurity Ambient Technologies IoT and Industry Implications. CRC Press, Boca Raton. p. 149.
B. K. Rai and A. K. Srivastava (2014) Security and Privacy issues in healthcare Information System. International Journal of Emerging Trends & Technology in Computer Science (IJETTCS)(ISSN 2278–6858), 3(6),
B. K. Rai and A. K. Srivastava, “Prototype Implementation of Patient controlled Pseudonym-based mechanism for Electronic Health Record (PcPbEHR),” International Journal of Research in Engineering, IT and Social Sciences, ISSN 2250–0588, Impact Factor: 6.452, Volume 07 Issue 07, July 2017, Page 22–27, vol. 7, no. 7, p. 6, 2017.
B. K. Rai, S. Sharma, A. Kumar, and A. Goyal, “Medical Prescription and Report Analyzer” Thirteenth International Conference on Contemporary Computing (IC3–2021) Association for Computing Machinery, New York, NY, USA, 286–295, 2021 DOI: https://doi.org/10.1145/3474124.3474165
Rai, B.K., Srivastava, A.K.: Pseudonymization techniques for providing privacy and security in EHR. Int J Emer Trends Technol Comp Sci (IJETTCS) 5, 34–38 (2016)
Saha, A., Amin, R., Kunal, S., Vollala, S., Dwivedi, S.K.: Review on ‘Blockchain technology based medical healthcare system with privacy issues.’ Security and Privacy (2019). https://doi.org/10.1002/spy2.83
Shukla, A., Sahni, M.K., Aggarwal, S., Rai, B.K.: Real-time de-identification of healthcare data using ephemeral pseudonyms. Int. J. Emer. Trends. Technol. Comp. Sci. (IJETTCS) 7(2), 21–25 (2018)
Thielscher, C., Gottfried, M., Umbreit, S., Boegner, F., Haack, J., Schroeders, N.: Patent: Data processing system for patient data. Int. Patent, WO 3(034294), A2 (2005)
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendix
Appendix
T Relation containing all patients
D Relation containing all de-identification information of all patients
P Relation containing pseudonyms for all patients
ti Dith patient belonging to relation T
Ui Basic identity information of ti
gi Group ID of ti
gui Unique ID in group for ti
Qti List of Quasi Specifiers for ti
gQti Generalized or suppressed list of Quasi Specifiers for ti
Egui Ephemeral Unique ID in group for ti
Hi Globally Unique ID for ti to map report IDs
RHi Unique Global ID for ith report
Hm Highly collision resistant Hashing algorithm
|| Concatenation Symbol
Ei Ephemeral ID for ith report
HMAC Hash based message authentication coding function
Kgi Key for creating Hi through ith patient
EHR Electronic Health Record
GDPR General Data Protection Regulation
NGS Next Generation Sequencing
PEK Personal Key
GK Global Key
HIPAA Health Insurance Portability and Accountability Act
VRAHAD Vast Re-identifiable Authentication-based Healthcare Associated Data-records
ECDHE Elliptic Curve Diffie-Hellman Ephemeral
EPGA Ephemeral Pseudonym Generation Algorithm
EPGA-D Ephemeral Pseudonym Generation Algorithm De-identification
EPGA-R Ephemeral Pseudonym Generation Algorithm Re-identification
Rights and permissions
About this article
Cite this article
Rai, B.K. Ephemeral pseudonym based de-identification system to reduce impact of inference attacks in healthcare information system. Health Serv Outcomes Res Method 22, 397–415 (2022). https://doi.org/10.1007/s10742-021-00268-2
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10742-021-00268-2