New Technology to Preserve Patient Privacy and Data Quality in Health Research

在健康研究中保护患者隐私和数据质量的新技术

• 批准号: 8026105
• 负责人: Xiaobai Li
• 金额: $ 23.75万
• 依托单位: UNIVERSITY OF MASSACHUSETTS LOWELL
• 依托单位国家: 美国
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2014-08-31
• 项目状态: 已结题
• 来源: https://reporter.nih.gov/project-details/8026105
• 关键词: Accountability; Address; Area; Behavioral; Categories; Clinical; Clinical Data; Collection; Community Healthcare; Complement; Confidentiality; Data; Data Compromising; Data Protection; Data Quality; Data Set; Databases; Disclosure; Economic Policy; Effectiveness; Evaluation; Experimental Designs; Funding; Goals; Guidelines; Health; Health Information System; Health Insurance Portability and Accountability Act; Health Services Research; Healthcare; Hospitals; Human Resources; Individual; Information Theory; Link; Masks; Medical; Medical Research; Medicare claim; Medicine; Methods; Metric; Mission; Participant; Patients; Performance; Pilot Projects; Policy Analysis; Policy Maker; Population Surveillance; Privacy; Property; Qualifying; Randomized Clinical Trials; Reporting; Research; Research Project Grants; Risk; Science; Secondary to; Small Business Innovation Research Grant; Social Responsibility; Solutions; Source; Staging; Structure; System; Techniques; Technology; Testing; Translating; United States National Institutes of Health; base; comparative effectiveness; computerized data processing; data registry; data sharing; design; detector; encryption; flexibility; health information technology; improved; innovation; insight; knowledge base; meetings; member; multidisciplinary; new technology; novel; patient privacy; prevent; programs; research study; response; statistics; tool

DESCRIPTION (provided by applicant): Health information technology has enabled healthcare community to store and share a large amount of health and healthcare data electronically. While secondary use of this data has significantly enhanced the quality and efficiency of medical and healthcare research, there is a growing concern about privacy due to such use of personal data. The goal of this research, as a response to this challenge, is to develop and test a novel data- masking technology that can be used by healthcare organizations to prevent or limit privacy disclosure when sharing patient data for research. To protect patient privacy, the Health Insurance Portability and Accountability Act (HIPAA) has established a set of rules concerning what information cannot be released to a third party. However, studies have shown that the HIPAA rules lack the flexibility to adequately meet the diverse needs of data users; they can be under- protective in some cases and over-protective in others. Recognizing this limitation, HIPAA also provides guidelines that enable a scientific assessment of privacy disclosure risk to determine if the data is appropriate for release. This research focuses on this aspect of HIPAA and its related topics. The specific aims of this research are: (1) to identify weakness in the HIPAA rule-based privacy protection mechanism and demonstrate this problem using data available to users with different access levels; (2) to propose metrics for assessing and quantifying privacy disclosure risk and data utility; (3) to develop methods and techniques for privacy protection when sharing and disseminating data; and (4) to conduct experiments to evaluate the afore-mentioned risk and utility metrics, and data-masking techniques. The proposing team has identified an effective technique to systematically compromise data privacy. This provides a basis for a more thorough study to achieve specific aim 1. Methods grounded on statistics and information theory will be employed to construct the metrics for specific aim 2. The data-masking approach for specific aim 3 employs an innovative divide-and-counter strategy, which first partitions data into subsets and then masks the data within each subset. Experimental design for specific aim 4 involves performance evaluations in terms of disclosure risk, data utility, and computational scalability, using three categories of data: clinical data, Medicare claims, and publicly available personal data. This research is highly relevant to the mission of NIH. By adequately protecting privacy, the proposed technology will alleviate concerns about loss of participant confidentiality and enable improved quality and efficiency for research based on secondary use of data. This will greatly help design and develop "programs for the collection, dissemination, and exchange of information in medicine and health," thereby achieving NIH's goal to "expand the knowledge base in medical and associated sciences." This research will also offer valuable insights for policy makers to assess the tradeoff between privacy protection and data sharing and analysis.

描述（由申请人提供）：健康信息技术使医疗保健社区能够以电子方式存储和共享大量健康和医疗保健数据。虽然这些数据的二次使用显着提高了医疗和保健研究的质量和效率，但由于这种个人数据的使用，人们越来越担心隐私问题。作为对这一挑战的回应，本研究的目标是开发和测试一种新颖的数据屏蔽技术，医疗保健组织可以使用该技术在共享患者数据进行研究时防止或限制隐私泄露。 为了保护患者隐私，《健康保险流通与责任法案》(HIPAA) 制定了一套关于哪些信息不能透露给第三方的规则。但研究表明，HIPAA规则缺乏灵活性，无法充分满足数据用户的多样化需求；他们在某些情况下可能保护不足，而在另一些情况下保护过度。认识到这一限制，HIPAA 还提供了指导方针，可以对隐私泄露风险进行科学评估，以确定数据是否适合发布。本研究重点关注 HIPAA 的这一方面及其相关主题。 本研究的具体目的是：（1）找出基于 HIPAA 规则的隐私保护机制中的弱点，并使用不同访问级别的用户可用的数据来证明该问题； (2) 提出评估和量化隐私泄露风险和数据效用的指标； （三）开发数据共享和传播时隐私保护的方法和技术； (4) 进行实验来评估上述风险和效用指​​标以及数据屏蔽技术。 提案团队已经找到了一种系统地损害数据隐私的有效技术。这为实现特定目标 1 的更深入研究提供了基础。将采用基于统计学和信息论的方法来构建特定目标的指标 2。特定目标 3 的数据屏蔽方法采用创新的分而治之方法。计数器策略，首先将数据划分为子集，然后屏蔽每个子集中的数据。具体目标 4 的实验设计涉及披露风险、数据效用和计算可扩展性方面的绩效评估，使用三类数据：临床数据、医疗保险索赔和公开的个人数据。 这项研究与 NIH 的使命高度相关。通过充分保护隐私，所提出的技术将减轻对参与者机密性丢失的担忧，并提高基于数据二次使用的研究的质量和效率。这将极大地帮助设计和开发“医学和健康信息收集、传播和交换项目”，从而实现 NIH 的“扩大医学和相关科学知识库”的目标。这项研究还将为政策制定者评估隐私保护与数据共享和分析之间的权衡提供宝贵的见解。