Privacy preservation, sharing and collection of patient records using cryptographic techniques for cross-clinical secondary analytics

Abstract

The growing interest in research on Clinical Medical Records (CMRs) presents opportunities in finding meaningful patterns of symptoms, treatments and patient outcomes. The typically distributed collection of CMRs across various clinical centres suggests the need to integrate the records in a centralized data repository. This is necessary to explore many data analytic algorithms which are not supported on distributed databases. As highly private patient records are being dealt with, it is important to consider how privacy will be preserved. This is especially important since the patient records are to be shared and used for reasons other than the primary reasons they were collected, i.e., for secondary use of healthcare data. In addition, the need for securing data transmission becomes necessary to ensure privacy and confidentiality. We advance the literature on privacy-enhancing data minining in the healthcare setting by (1) presenting strategies of using de-identification as well as cryptographic techniques to facilitate patient identity protection and securely transmit the records to a centralized data repository for secondary data analytics; (2) addressing key management issues related to the use of cryptography constructs; and (3) establishing the security requirements as well as carrying out vulnerability assessment with respect to the tranmission process, data repository, and direct attacks to the encrypted patient ID.