Methods of anonymization of medical databases

Author(s) Collection number Pages Download abstract Download full text
Havrysh B. M., Tymchenko O. V., Кустра Н. О. № 1 (66) 68-79 Image Image

The development of electronic forms of storage, processing and transmission of medical data has influenced not only the improvement of the quality of medical care for patients, but also the development of new methods of obtaining knowledge from medical databases by unauthorized persons. To prevent the disclosure of confidential data, medical information systems must be constantly tested for security in all system structures. Technical security measures should be complemented by physical, personal and organizational security measures. The methods described in the work are the main methods of medical data anonymization, on the basis of which other anonymization methods have been developed, such as: l-diversification, (X, Y)-connectivity, (X, Y)-privacy, LKC-privacy closure, bounded trust, and personalized privacy. Thanks to anonymization methods in medical databases, the effectiveness of attacks on patient data can be minimized.

The patient’s medical record is a key element during his treatment, as it contains all the information about the state of health, tests performed, stays in the hospital and procedures performed over the years. A few years ago, medical documentation was mostly in paper form. Currently, it is slowly being replaced by electronic forms. One fact has not changed over the years – most often it is the patient who is responsible for transporting him to another medical institution. Therefore, in emergency cases during treatment in a new institution, the level of knowledge about this patient is zero. This problem is solved by the introduction of the electronic medical record EMR (English Electronic Medical Record - EMR). EMR is a virtual document that consists of all medical records in digital form belonging to one patient. Thanks to this solution, patient information can be created, stored and used in many different medical facilities and made available to the patient in a single document in a web application.

The introduction of an electronic system of medical documentation brings ad­vantages, but also creates new problems. The advantages are improving the quality of medical care for patients, more efficient and much more effective management (the electronic prescription system allows controlling unwanted interactions between drugs prescribed and taken at the same time), supporting the decisions of doctors and reducing medical errors by up to 55%, remote treatment, which is good in big cities, intercity, intercontinental. The most serious consequence of the transfer of resources from hospital databases to the network is problems with control and protection of information contained in medical documents. The integrity of digital objects is also an issue in the case of multi-module EHR systems.

Keywords: anonymization, pseudo-identifier, attack, system protection, security.

doi: 10.32403/1998-6912-2023-1-66-68-79

  • 1. Hassan, N. H., Maarop, N., Ismail, Z., & Abidin, W. Z. (2017). Information security culture in health informatics environment: A qualitative approach. 2017 International Conference on Research and Innovation in Information Systems (ICRIIS), Langkawi, Malaysia, 1–6. DOI: 10.1109/ICRIIS.2017.8002450 (in English).
  • 2. Kester, Q.-A., Nana, L., Pascu, A. C., Gire, S., Eghan, J. M., & Quaynor, N. N. (2015). A Security Technique for Authentication and Security of Medical Images in Health Information Systems, 2015 15th International Conference on Computational Science and Its Applications, Banff, AB, Canada, 8–13. DOI: 10.1109/ICCSA.2015.8 (in English).
  • 3. Wang, Y., Gong, L., & Zhang, M. (2022). Remote Disaster Recovery and Backup of Rehabilitation Medical Archives Information System Construction under the Background of Big Data, 2022 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS), Erode, India, 575–578. DOI: 10.1109/ICSCDS53736.2022.9760774 (in English).
  • 4. Chiuchisan, I., Balan, D.-G., Geman, O., Chiuchisan, I., & Gordin, I. (2017). A security approach for health care information systems, 2017 E-Health and Bioengineering Conference (EHB), Sinaia, Romania, 721–724. DOI: 10.1109/EHB.2017.7995525 (in English).
  • 5. Zhu, J., & Chen, Z. (2022). Exploration of Application Security for Medical Electronic Health Card, 2022 International Conference on Artificial Intelligence in Everything (AIE), Lefkosa, Cyprus, 451–454. DOI: 10.1109/AIE57029.2022.00092 (in English).
  • 6. Özarar, M., Akansu, A., & Hasbay, B. (2021). Impact of Cyber Maturity Level on Health Sector, 2021 International Conference on Information Security and Cryptology (ISCTURKEY), Ankara, Turkey, 127–131. DOI: 10.1109/ISCTURKEY53027.2021.9654395 (in English).
  • 7. Humayed, A., Lin, J., Li, F., & Luo, B. (Dec. 2017). Cyber-Physical Systems Security—A Survey. IEEE Internet of Things Journal, 4, 6, 1802–1831. DOI: 10.1109/JIOT.2017.2703172 (in English).
  • 8. Zhang, M., Chen, Y., & Lin, J. (1 July, 2021). A Privacy-Preserving Optimization of Neigh­borhood-Based Recommendation for Medical-Aided Diagnosis and Treatment. IEEE Internet of Things Journal, 8, 13, 10830–10842. DOI: 10.1109/JIOT.2021.3051060 (in Eng­lish).
  • 9. Mohsen Nia, A., Sur-Kolay, S., Raghunathan, A., & Jha, N. K. (July-Sept. 2016). Physiological Information Leakage: A New Frontier in Health Information Security. IEEE Transactions on Emerging Topics in Computing, 4, 3, 321–334. DOI: 10.1109/TETC.2015.2478003 (in Eng­lish).
  • 10. Indumathi, J. et al. (2020). Block Chain Based Internet of Medical Things for Uninterrupted, Ubiquitous, User-Friendly, Unflappable, Unblemished, Unlimited Health Care Services (BC IoMT U6 HCS). IEEE Access, 8, 216856–216872. DOI: 10.1109/ACCESS.2020.3040240 (in English).