Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.

Slides:



Advertisements
Similar presentations
Fourth National HIPAA Summit April 26, 2002 Implementation of a HIPAA Data Management Strategy Safeguarding privacy interests while making data available.
Advertisements

Statistical disclosure limitation: Balancing data confidentiality and data access.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
COBB/DOUGLAS COMMUNITY SERVICES BOARD Confidentiality and Privacy of Consumer Information.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
National Cancer Institute Cancer Therapy Evaluation Program (CTEP) presents: How to Obtain Protected Health Information (PHI) from an Outside Healthcare.
NAU HIPAA Awareness Training
Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
 Federal Trade Commission (FTC)  Final Regulations issued November, 2007 › Effective 1/1/08 › Compliance and Enforcement Date 11/1/08  Enforcement.
Christian Vargas. Also known as Data Privacy or Data Protection Is the relationship between collection and spreading or exposing data and information.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
1 HIPAA, Researchers and the IRB: Part Two Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.
Data collection, integration and normalization presented to DIMACS Gil Delgado October 17, 2002.
Public Aggregate Reporting – DHCS Business Reports Overview
HIPAA Health Insurance Portability & Accountability Act of 1996.
Health Insurance Portability and Accountability Act (HIPAA)
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
11 The American Community Survey Steve Murdock, Ph.D. Director, Hobby Center for the Study of Texas Rice University.
2012 VA Human Research Protection Program Patricia L. Christensen, MS, RHIA, CIPP/G, CHPS, CHPC VHA Privacy Office Common Privacy Findings in Research.
Protecting Sensitive Information PA Turnpike Commission.
Protected Health Information (PHI). Privileged Communication An exchange of information between two individuals in a confidential relationship. (Examples:
University of Miami1 Privacy, Confidentiality & Security Marisabel Davalos, M.S.Ed., CIP Associate Director of Educational Initiatives November, 2008.
Paula Peyrani, MD Medical/Project Director, HIV Program at the 550 Clinic Assistant Director, Research Design and Development Clinical and Translational.
HIPAA Business Associates Leadership Group Meeting June 28, 2001.
Example of Medical Record Elements
14 May Privacy Requirements Phoenix Ambulatory Blood Pressure Monitoring System © 2006 Christopher J. Adams Copying and distribution of this document.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
De-identifying Pathology Reports for Pathology Informatics
Standards & Vocabulary
Health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
PwC Tissue Banking and Repositories – Human Subject Protections Privacy Protections Medical Research Summit Tom Puglisi, Ph.D. Friday March 7 – 9:15 am.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Vital Event Data Release Scoring Criteria 5 June, 2005 NAPHSIS Meeting – Cincinnati, OH Mark Flotow Illinois Center for Health Statistics, IDPH.
© 2009 The McGraw-Hill Companies, Inc. All rights reserved. 1 McGraw-Hill Chapter 2 The HIPAA Privacy Standards HIPAA for Allied Health Careers.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA CASE STUDY- BREACHES OF PHI IN HEALTHCARE Amanda Foster Erin Frankenberger.
Tele-Medicine Risk Adjustment. Agenda What is Medicare Risk adjustment? Conclusion Summery of project specification Why Tele-Medicine? Team Workflow Design.
HIPAA Health Insurance Portability and Accountability Act of 1996.
Creating Open Data whilst maintaining confidentiality Philip Lowthian, Caroline Tudor Office for National Statistics 1.
EHR & BIG DATA – RISKS AND ADVANTAGES OF AMASSING MEDICAL DATABASES Sandra Gardiner Technology Law Section October 24, 2014.
The Protection of Personal Information Bill 13 February
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
CH 10. Confidentiality A. Confidentiality about sensitive medical information is necessary to preserve the patient’s dignity. B. In order to receive payment.
Privacy and Personal Information. WHAT YOU WILL LEARN: What personal information is. General guidelines for the collection of personal information. Your.
HIPAA HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT UI EMS Training Dept.
Teaching & POEMs and DOEs in an Online Classroom Jacob Reider, MD David C Ross Albany Medical College.
Final HIPAA Privacy Rule: The Research Provisions Julie Kaneshiro DHHS Office for Human Research Protections Phone: Fax:
Privacy: HIPAA Emerson Murphy-Hill. Rosie Callender, RHIA, web.msm.edu/hipaa/An%20Introduction%20to%20HIPAA.ppt What is HIPAA? A Federal Law Created in.
De-Identified Data: Ethics and Regulation Translational Research Ethics – Applied Topics (TREATs) Bioethics and Subjects Advocacy Program Indiana Clinical.
Understanding and Applying New HIPAA Policy Requirements
HIPAA PRIVACY & SECURITY TRAINING
Protecting our members, our company, and our selves
No No, Yes Yes: Simple Privacy & Information Security Tips Krista Barnes, J.D. Senior Legal Officer and Director, Privacy & Information Security, Institutional.
By (Group 17) Mahesha Yelluru Rao Surabhee Sinha Deep Vakharia
HIPAA Overview.
HIPAA Privacy & Security: Medical Research Context
HIPAA & PHI TRAINING & AWARENESS
TRACE INITIATIVE: Confidentiality, Data Security, and Procedures for Protocol Violation or Adverse Event.
Case Study Template Kerecis Aurora Awards
Office of the Vice President for Research Human Subjects Protection Program IRB Submission Process Module 4 - Health Insurance Portability and Accountability.
The Health Insurance Portability and Accountability Act
Presentation transcript:

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Example of De-identification Simple example to illustrate the key points and terminology The example is for a health care database This is based on a methodology that we have been using and modifying for the last 5 years The objective is risk management – consistent with legislation and regulations across multiple jurisdictions

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Case for De-identification Often, not practical to obtain consent Disadvantages of consent Custodians reluctant to disclose information even if permitted Limiting principles Data breaches are common Unplanned and unexpected disclosures Public trust Alternatives have disadvantages

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Methods of Sharing Remote access On-site access Remote execution Remote queries Remote analysis Tabular data release (aggregate data) Individual-level data release (de- identified data) Secure computation

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Steps Understand adversaries and attacks Select variables that can be used in an attack Set thresholds taking into account the context Measure risk Transform data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Universe of Attacks Known data recipient: –Deliberate re-identification –Inadvertent/spontaneous re-identification –Data breach Public data: –Demonstration attack The probabilities for each of these can be estimated in a defensible way

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Variable Distinctions Directly identifying Variables –Can uniquely identify an individual by itself or in conjunction with other readily available information Quasi-identifiers –Can identify an individual by itself or in conjunction with other information Sensitive variables

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Examples of Direct Identifiers Name, address, telephone number, fax number, MRN, health card number, health plan beneficiary number, license plate number, address, photograph, biometrics, SSN, SIN, implanted device number

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Examples of Quasi-Identifiers sex, date of birth or age, geographic locations (such as postal codes, census geography, information about proximity to known or unique landmarks), language spoken at home, ethnic origin, aboriginal identity, total years of schooling, marital status, criminal history, total income, visible minority status, activity difficulties/reductions, profession, event dates (such as admission, discharge, procedure, death, specimen collection, visit/encounter), codes (such as diagnosis codes, procedure codes, and adverse event codes), country of birth, birth weight, and birth plurality

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Setting Thresholds

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Managing Re-identification Risk

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Risk Metrics There are 8 risk metrics in total characterized along the following dimensions: –Can an adversary know who is in the database or not ? –Would an adversary attempt to re-identify a single individual or everyone in the database (matching records from two databases) ? –Do we need to worry about maximum or average risk ?

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Does De-identification Work ? Existing evidence shows that data sets that have been properly de-identified have a low probability of being re-identified All publicly known examples of serious re- identification attacks were done on data sets that were not properly de-identified (i.e., it is possible to show that their risk of re- identification was quite high and did not meet HIPAA de-identification standards) As far as we know, proper de-identification works effectively in managing risk

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario;

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Hashing Hashing without a salt or key can generally be broken with a dictionary attack With salting, you need to figure out who will hold the salt – may want to consider schemes with public keys Even with a salt one can do a frequency attack – may want to consider schemes that are probabilistic Hash values are not the same size/length as the original data – may want to consider format preserving encryption

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; Efficient & Secure Lookups In cases where lookups in a large database need to be performed without the database knowing the value of the query (but knowing the result) We have used techniques based on homomorphic encryption to implement lookups based on health card insurance numbers (or any equivalent unique identifier) This class of approaches may be of interest for addressing some of the tracking problems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.