A proposed architecture and method of operation for improving the protection of privacy and confidentiality in disease registers
Open Access
- 6 January 2003
- journal article
- research article
- Published by Springer Nature in BMC Medical Research Methodology
- Vol. 3 (1), 1-13
- https://doi.org/10.1186/1471-2288-3-1
Abstract
Disease registers aim to collect information about all instances of a disease or condition in a defined population of individuals. Traditionally methods of operating disease registers have required that notifications of cases be identified by unique identifiers such as social security number or national identification number, or by ensembles of non-unique identifying data items, such as name, sex and date of birth. However, growing concern over the privacy and confidentiality aspects of disease registers may hinder their future operation. Technical solutions to these legitimate concerns are needed. An alternative method of operation is proposed which involves splitting the personal identifiers from the medical details at the source of notification, and separately encrypting each part using asymmetrical (public key) cryptographic methods. The identifying information is sent to a single Population Register, and the medical details to the relevant disease register. The Population Register uses probabilistic record linkage to assign a unique personal identification (UPI) number to each person notified to it, although not necessarily everyone in the entire population. This UPI is shared only with a single trusted third party whose sole function is to translate between this UPI and separate series of personal identification numbers which are specific to each disease register. The system proposed would significantly improve the protection of privacy and confidentiality, while still allowing the efficient linkage of records between disease registers, under the control and supervision of the trusted third party and independent ethics committees. The proposed architecture could accommodate genetic databases and tissue banks as well as a wide range of other health and social data collections. It is important that proposals such as this are subject to widespread scrutiny by information security experts, researchers and interested members of the general public, alike.Keywords
This publication has 26 references indexed in Scilit:
- Research use of linked health data — a best practice protocolAustralian and New Zealand Journal of Public Health, 2002
- Education and debate: Consent, confidentiality, and the threat to public health surveillance * Commentary: Don't waive consent lightly---involve the publicBMJ, 2002
- Infopoints: Improving the use of clinical databasesBMJ, 2002
- Registries will have to apply for right to collect patients' data without consentBMJ, 2001
- Rights involve responsibilities for patientsBMJ, 2001
- The Swiss solution for anonymously chaining patient files.2001
- Anonymous statistical methods versus cryptographic methods in epidemiologyInternational Journal of Medical Informatics, 2000
- The Icelandic Healthcare Database and Informed ConsentNew England Journal of Medicine, 2000
- Clinical Record Systems in Oncology. Experiences and Developments on Cancer Registers in Eastern GermanyPublished by Springer Nature ,1997
- Against Simple Universal Health-care IdentifiersJournal of the American Medical Informatics Association, 1994