ORPP logo
Image from Google Jackets

Medical Data Privacy Handbook.

By: Contributor(s): Material type: TextTextPublisher: Cham : Springer International Publishing AG, 2015Copyright date: ©2015Edition: 1st edDescription: 1 online resource (854 pages)Content type:
  • text
Media type:
  • computer
Carrier type:
  • online resource
ISBN:
  • 9783319236339
Subject(s): Genre/Form: Additional physical formats: Print version:: Medical Data Privacy HandbookDDC classification:
  • 651.504261
LOC classification:
  • QA76.9.D3
Online resources:
Contents:
Intro -- Preface -- Acknowledgements -- Contents -- List of Figures -- List of Tables -- 1 Introduction to Medical Data Privacy -- 1.1 Introduction -- 1.1.1 Privacy in Data Sharing -- 1.1.2 Privacy in Distributed and Dynamic Settings -- 1.1.3 Privacy for Emerging Applications -- 1.1.4 Privacy Through Policy, Data De-identification, and Data Governance -- 1.2 Part I: Privacy in Data Sharing -- 1.3 Part II: Privacy in Distributed and Dynamic Settings -- 1.4 Part III: Privacy for Emerging Applications -- 1.5 Part IV: Privacy Through Policy, Data De-identification, and Data Governance -- 1.6 Conclusion -- References -- Part I Privacy in Data Sharing -- 2 A Survey of Anonymization Algorithms for Electronic Health Records -- 2.1 Introduction -- 2.2 Privacy Threats and Models -- 2.2.1 Privacy Threats -- 2.2.2 Privacy Models -- 2.2.2.1 Models Against Identity Disclosure -- 2.2.2.2 Models Against Attribute Disclosure -- 2.3 Anonymization Algorithms -- 2.3.1 Algorithms Against Identity Disclosure -- 2.3.1.1 Data Transformation -- 2.3.1.2 Utility Objectives -- 2.3.1.3 Heuristic Strategies -- 2.3.1.4 Classification of Algorithms -- 2.3.1.5 Algorithms Against Attribute Disclosure -- 2.4 Directions for Future Research -- 2.5 Conclusion -- References -- 3 Differentially Private Histogram and Synthetic Data Publication -- 3.1 Introduction -- 3.2 Differential Privacy -- 3.2.1 Concept of Differential Privacy -- 3.2.2 Mechanisms of Achieving Differential Privacy -- 3.2.3 Composition Theorems -- 3.3 Relational Data -- 3.3.1 Problem Setting -- 3.3.2 Parametric Algorithms -- 3.3.3 Semi-parametric Algorithms -- 3.3.4 Non-parametric Algorithms -- 3.4 Transaction Data -- 3.4.1 Problem Setting -- 3.4.2 DiffPart -- 3.4.3 Private FIM Algorithms -- 3.4.4 PrivBasis -- 3.5 Stream Data -- 3.5.1 Problem Setting -- 3.5.2 Discrete Fourier Transform -- 3.5.3 FAST.
3.5.4 w-Event Privacy -- 3.6 Challenges and Future Directions -- 3.6.1 Variety of Data Types -- 3.6.2 High Dimensionality -- 3.6.3 Correlated Constraints Among Attributes -- 3.6.4 Limitations of Differential Privacy -- 3.7 Conclusion -- References -- 4 Evaluating the Utility of Differential Privacy: A Use Case Study of a Behavioral Science Dataset -- 4.1 Introduction -- 4.2 Background -- 4.2.1 Syntactic Models: k-Anonymity -- 4.2.2 Differential Privacy: Definition -- 4.2.3 Applications -- 4.3 Methodology -- 4.3.1 Utility Measures -- 4.4 Results -- 4.4.1 Variable Distributions -- 4.4.1.1 Full Set -- 4.4.1.2 Reduced Sets -- 4.4.2 Multivariate Logistic Regression -- 4.4.2.1 Noisy Results -- 4.5 Discussion -- 4.6 Conclusion -- References -- 5 SECRETA: A Tool for Anonymizing Relational, Transaction and RT-Datasets -- 5.1 Introduction -- 5.2 Related Work -- 5.3 Overview of SECRETA -- 5.3.1 Frontend of SECRETA -- 5.3.2 Backend of SECRETA -- 5.3.2.1 Key Definitions -- 5.3.3 Components -- 5.4 Using SECRETA -- 5.4.1 Preparing the Dataset -- 5.4.2 Using the Dataset Editor -- 5.4.3 The Hierarchy Editor -- 5.4.4 The Queries Workload Editor -- 5.4.5 Evaluating the Desired Method -- 5.4.6 Comparing Different Methods -- 5.5 Conclusion and Future Work -- References -- 6 Putting Statistical Disclosure Control into Practice:The ARX Data Anonymization Tool -- 6.1 Introduction -- 6.1.1 Background -- 6.1.2 Objectives and Outline -- 6.2 The ARX Data Anonymization Tool -- 6.2.1 Background -- 6.2.2 Overview -- 6.2.2.1 Privacy Models -- 6.2.2.2 Risk Analysis and Risk-Based Anonymization -- 6.2.2.3 Utility Evaluation -- 6.2.2.4 Additional Features -- 6.2.3 System Architecture -- 6.2.4 Application Programming Interface -- 6.2.5 Graphical User Interface -- 6.2.5.1 Anonymization Process -- 6.2.5.2 Overview -- 6.2.5.3 Configuring the Anonymization Process.
6.2.5.4 Exploring the Solution Space -- 6.2.5.5 Evaluating Data Utility -- 6.2.5.6 Analyzing Re-identification Risks -- 6.3 Implementation Details -- 6.3.1 Data Management -- 6.3.2 Pruning Strategies -- 6.3.3 Risk Analysis and Risk-Based Anonymization -- 6.4 Experimental Evaluation -- 6.5 Discussion -- 6.5.1 Comparison with Prior Work -- 6.5.2 Limitations and Future Work -- 6.5.3 Concluding Remarks -- References -- 7 Utility-Constrained Electronic Health Record Data Publishing Through Generalization and Disassociation -- 7.1 Introduction -- 7.1.1 Identity Disclosure -- 7.1.2 Utility-Constrained Approach -- 7.1.3 Chapter Organization -- 7.2 Preliminaries -- 7.3 Generalization and Disassociation -- 7.4 Specification of Utility Constraints -- 7.4.1 Defining and Satisfying Utility Constraints -- 7.4.2 Types of Utility Constraints for ICD Codes -- 7.5 Utility-Constrained Anonymization Algorithms -- 7.5.1 Clustering-Based Anonymizer (CBA) -- 7.5.2 DISassociation Algorithm (DIS) -- 7.5.3 Comparing the CBA and DIS Algorithms -- 7.6 Future Directions -- 7.6.1 Different Forms of Utility Constraints -- 7.6.2 Different Approaches to Guaranteeing Data Utility -- 7.7 Conclusion -- References -- 8 Methods to Mitigate Risk of Composition Attack in Independent Data Publications -- 8.1 Introduction -- 8.2 Composition Attack and Multiple Data Publications -- 8.2.1 Composition Attack -- 8.2.2 Multiple Coordinated Data Publications -- 8.2.3 Multiple Independent Data Publications -- 8.3 Risk Mitigation Through Randomization -- 8.4 Risk Mitigation Through Generalization -- 8.5 An Experimental Comparison -- 8.5.1 Data and Setting -- 8.5.2 Reduction of Risk of Composition Attacks -- 8.5.3 Comparison of Utility of the Two Methods -- 8.6 Risk Mitigation Through Mixed Publications -- 8.7 Conclusion -- Appendix -- A. Metrics -- B. Differential Privacy -- References.
9 Statistical Disclosure Limitation for Health Data:A Statistical Agency Perspective -- 9.1 Introduction -- 9.2 Statistical Disclosure Limitation for Microdata from Social Surveys -- 9.2.1 Disclosure Risk Assessment -- 9.2.2 Statistical Disclosure Limitation Methods -- 9.2.2.1 PRAM for Categorical Key Variables -- 9.2.2.2 Additive Noise for Continuous Variables -- 9.2.3 Information Loss Measures -- 9.2.3.1 Distance Metrics -- 9.2.3.2 Impact on Measures of Association -- 9.2.3.3 Impact on Regression Analysis -- 9.3 Statistical Disclosure Limitation for Frequency Tables -- 9.3.1 Disclosure Risk in Whole Population Tabular Outputs -- 9.3.2 Disclosure Risk and Information Loss Measures Based on Information Theory -- 9.3.3 Statistical Disclosure Limitation Methods -- 9.3.3.1 Record Swapping -- 9.3.3.2 Semi-Controlled Random Rounding -- 9.3.3.3 Stochastic Perturbation -- 9.4 Differential Privacy in Survey Sampling and Perturbation -- 9.5 Future Outlook for Releasing Statistical Data -- 9.5.1 Safe Data Enclaves and Remote Access -- 9.5.2 Web-Based Applications -- 9.5.2.1 Flexible Table Generating Servers -- 9.5.2.2 Remote Analysis Servers -- 9.5.3 Synthetic Data -- 9.6 Conclusion -- References -- Part II Privacy in Distributed and Dynamic Settings -- 10 A Review of Privacy Preserving Mechanisms for Record Linkage -- 10.1 Introduction -- 10.2 Overview of Privacy Preserving Record Linkage -- 10.2.1 The PPRL Model -- 10.2.2 Taxonomy of Presented Techniques -- 10.2.2.1 Privacy Guarantee -- 10.2.2.2 Scalability -- 10.2.2.3 Linkage Quality -- 10.3 Secure Transformations -- 10.3.1 Attribute Suppression and Generalization Methods -- 10.3.2 N-Grams Methods -- 10.3.3 Embedding Methods -- 10.3.4 Phonetic Encoding Methods -- 10.4 Secure Multi-Party Computation -- 10.4.1 Commutative Encryption Based Protocols -- 10.4.2 Homomorphic Encryption Based Protocols.
10.4.3 Secure Scalar Product Protocols -- 10.5 Hybrid Approaches -- 10.5.1 Standard Blocking -- 10.5.2 Sorted Neighborhood Approach -- 10.5.3 Mapping -- 10.5.4 Clustering -- 10.6 Challenges and Future Research Directions -- 10.7 Conclusion -- References -- 11 Application of Privacy-Preserving Techniques in Operational Record Linkage Centres -- 11.1 Introduction -- 11.1.1 Record Linkage Research Infrastructure -- 11.1.2 Privacy Challenges in Health Record Linkage -- 11.2 Data Governance -- 11.2.1 Legal Obligations -- 11.2.2 Information Governance -- 11.2.3 Separation of Data and Functions -- 11.2.4 Application and Approval Process -- 11.2.5 Information Security -- 11.3 Operational Models and Data Flows -- 11.3.1 Centralized Model -- 11.3.2 Separated Models -- 11.3.2.1 Separated Model, with Centralized Clinical Data Repository -- 11.3.2.2 Separated Model, with No Centralized Data Repository -- 11.3.3 A Technique to Avoid Data Collusion -- 11.4 Privacy Preserving Methods -- 11.4.1 Privacy Preserving Models -- 11.4.2 Techniques for Privacy Preserving Linkage -- 11.4.2.1 Minimum Linkage Information (MLI) -- 11.4.3 Requirements of a Privacy Preserving Linkage Technique for Operational Linkage Centres -- 11.4.3.1 Measuring and Maintaining Linkage Quality -- 11.4.3.2 Efficiency -- 11.4.3.3 Simplicity for Data Providers -- 11.4.3.4 Security -- 11.5 Conclusion -- References -- 12 Privacy Considerations for Health Information Exchanges -- 12.1 Introduction -- 12.2 Health Information Exchanges -- 12.2.1 HIE Actors and Systems -- 12.2.2 HIE Models -- 12.2.3 HIPAA, HITECH and HIE Privacy Governance -- 12.3 Privacy Issues with HIEs -- 12.3.1 Patient Expectations and Concerns -- 12.3.2 Tension Between Functionality, Security and Privacy -- 12.3.3 Data Stewardship and Ownership -- 12.4 Principles and Practice of Privacy for HIEs -- 12.4.1 Guiding Principles.
12.4.2 HIE Privacy in Practice.
Tags from this library: No tags from this library for this title. Log in to add tags.
Star ratings
    Average rating: 0.0 (0 votes)
No physical items for this record

Intro -- Preface -- Acknowledgements -- Contents -- List of Figures -- List of Tables -- 1 Introduction to Medical Data Privacy -- 1.1 Introduction -- 1.1.1 Privacy in Data Sharing -- 1.1.2 Privacy in Distributed and Dynamic Settings -- 1.1.3 Privacy for Emerging Applications -- 1.1.4 Privacy Through Policy, Data De-identification, and Data Governance -- 1.2 Part I: Privacy in Data Sharing -- 1.3 Part II: Privacy in Distributed and Dynamic Settings -- 1.4 Part III: Privacy for Emerging Applications -- 1.5 Part IV: Privacy Through Policy, Data De-identification, and Data Governance -- 1.6 Conclusion -- References -- Part I Privacy in Data Sharing -- 2 A Survey of Anonymization Algorithms for Electronic Health Records -- 2.1 Introduction -- 2.2 Privacy Threats and Models -- 2.2.1 Privacy Threats -- 2.2.2 Privacy Models -- 2.2.2.1 Models Against Identity Disclosure -- 2.2.2.2 Models Against Attribute Disclosure -- 2.3 Anonymization Algorithms -- 2.3.1 Algorithms Against Identity Disclosure -- 2.3.1.1 Data Transformation -- 2.3.1.2 Utility Objectives -- 2.3.1.3 Heuristic Strategies -- 2.3.1.4 Classification of Algorithms -- 2.3.1.5 Algorithms Against Attribute Disclosure -- 2.4 Directions for Future Research -- 2.5 Conclusion -- References -- 3 Differentially Private Histogram and Synthetic Data Publication -- 3.1 Introduction -- 3.2 Differential Privacy -- 3.2.1 Concept of Differential Privacy -- 3.2.2 Mechanisms of Achieving Differential Privacy -- 3.2.3 Composition Theorems -- 3.3 Relational Data -- 3.3.1 Problem Setting -- 3.3.2 Parametric Algorithms -- 3.3.3 Semi-parametric Algorithms -- 3.3.4 Non-parametric Algorithms -- 3.4 Transaction Data -- 3.4.1 Problem Setting -- 3.4.2 DiffPart -- 3.4.3 Private FIM Algorithms -- 3.4.4 PrivBasis -- 3.5 Stream Data -- 3.5.1 Problem Setting -- 3.5.2 Discrete Fourier Transform -- 3.5.3 FAST.

3.5.4 w-Event Privacy -- 3.6 Challenges and Future Directions -- 3.6.1 Variety of Data Types -- 3.6.2 High Dimensionality -- 3.6.3 Correlated Constraints Among Attributes -- 3.6.4 Limitations of Differential Privacy -- 3.7 Conclusion -- References -- 4 Evaluating the Utility of Differential Privacy: A Use Case Study of a Behavioral Science Dataset -- 4.1 Introduction -- 4.2 Background -- 4.2.1 Syntactic Models: k-Anonymity -- 4.2.2 Differential Privacy: Definition -- 4.2.3 Applications -- 4.3 Methodology -- 4.3.1 Utility Measures -- 4.4 Results -- 4.4.1 Variable Distributions -- 4.4.1.1 Full Set -- 4.4.1.2 Reduced Sets -- 4.4.2 Multivariate Logistic Regression -- 4.4.2.1 Noisy Results -- 4.5 Discussion -- 4.6 Conclusion -- References -- 5 SECRETA: A Tool for Anonymizing Relational, Transaction and RT-Datasets -- 5.1 Introduction -- 5.2 Related Work -- 5.3 Overview of SECRETA -- 5.3.1 Frontend of SECRETA -- 5.3.2 Backend of SECRETA -- 5.3.2.1 Key Definitions -- 5.3.3 Components -- 5.4 Using SECRETA -- 5.4.1 Preparing the Dataset -- 5.4.2 Using the Dataset Editor -- 5.4.3 The Hierarchy Editor -- 5.4.4 The Queries Workload Editor -- 5.4.5 Evaluating the Desired Method -- 5.4.6 Comparing Different Methods -- 5.5 Conclusion and Future Work -- References -- 6 Putting Statistical Disclosure Control into Practice:The ARX Data Anonymization Tool -- 6.1 Introduction -- 6.1.1 Background -- 6.1.2 Objectives and Outline -- 6.2 The ARX Data Anonymization Tool -- 6.2.1 Background -- 6.2.2 Overview -- 6.2.2.1 Privacy Models -- 6.2.2.2 Risk Analysis and Risk-Based Anonymization -- 6.2.2.3 Utility Evaluation -- 6.2.2.4 Additional Features -- 6.2.3 System Architecture -- 6.2.4 Application Programming Interface -- 6.2.5 Graphical User Interface -- 6.2.5.1 Anonymization Process -- 6.2.5.2 Overview -- 6.2.5.3 Configuring the Anonymization Process.

6.2.5.4 Exploring the Solution Space -- 6.2.5.5 Evaluating Data Utility -- 6.2.5.6 Analyzing Re-identification Risks -- 6.3 Implementation Details -- 6.3.1 Data Management -- 6.3.2 Pruning Strategies -- 6.3.3 Risk Analysis and Risk-Based Anonymization -- 6.4 Experimental Evaluation -- 6.5 Discussion -- 6.5.1 Comparison with Prior Work -- 6.5.2 Limitations and Future Work -- 6.5.3 Concluding Remarks -- References -- 7 Utility-Constrained Electronic Health Record Data Publishing Through Generalization and Disassociation -- 7.1 Introduction -- 7.1.1 Identity Disclosure -- 7.1.2 Utility-Constrained Approach -- 7.1.3 Chapter Organization -- 7.2 Preliminaries -- 7.3 Generalization and Disassociation -- 7.4 Specification of Utility Constraints -- 7.4.1 Defining and Satisfying Utility Constraints -- 7.4.2 Types of Utility Constraints for ICD Codes -- 7.5 Utility-Constrained Anonymization Algorithms -- 7.5.1 Clustering-Based Anonymizer (CBA) -- 7.5.2 DISassociation Algorithm (DIS) -- 7.5.3 Comparing the CBA and DIS Algorithms -- 7.6 Future Directions -- 7.6.1 Different Forms of Utility Constraints -- 7.6.2 Different Approaches to Guaranteeing Data Utility -- 7.7 Conclusion -- References -- 8 Methods to Mitigate Risk of Composition Attack in Independent Data Publications -- 8.1 Introduction -- 8.2 Composition Attack and Multiple Data Publications -- 8.2.1 Composition Attack -- 8.2.2 Multiple Coordinated Data Publications -- 8.2.3 Multiple Independent Data Publications -- 8.3 Risk Mitigation Through Randomization -- 8.4 Risk Mitigation Through Generalization -- 8.5 An Experimental Comparison -- 8.5.1 Data and Setting -- 8.5.2 Reduction of Risk of Composition Attacks -- 8.5.3 Comparison of Utility of the Two Methods -- 8.6 Risk Mitigation Through Mixed Publications -- 8.7 Conclusion -- Appendix -- A. Metrics -- B. Differential Privacy -- References.

9 Statistical Disclosure Limitation for Health Data:A Statistical Agency Perspective -- 9.1 Introduction -- 9.2 Statistical Disclosure Limitation for Microdata from Social Surveys -- 9.2.1 Disclosure Risk Assessment -- 9.2.2 Statistical Disclosure Limitation Methods -- 9.2.2.1 PRAM for Categorical Key Variables -- 9.2.2.2 Additive Noise for Continuous Variables -- 9.2.3 Information Loss Measures -- 9.2.3.1 Distance Metrics -- 9.2.3.2 Impact on Measures of Association -- 9.2.3.3 Impact on Regression Analysis -- 9.3 Statistical Disclosure Limitation for Frequency Tables -- 9.3.1 Disclosure Risk in Whole Population Tabular Outputs -- 9.3.2 Disclosure Risk and Information Loss Measures Based on Information Theory -- 9.3.3 Statistical Disclosure Limitation Methods -- 9.3.3.1 Record Swapping -- 9.3.3.2 Semi-Controlled Random Rounding -- 9.3.3.3 Stochastic Perturbation -- 9.4 Differential Privacy in Survey Sampling and Perturbation -- 9.5 Future Outlook for Releasing Statistical Data -- 9.5.1 Safe Data Enclaves and Remote Access -- 9.5.2 Web-Based Applications -- 9.5.2.1 Flexible Table Generating Servers -- 9.5.2.2 Remote Analysis Servers -- 9.5.3 Synthetic Data -- 9.6 Conclusion -- References -- Part II Privacy in Distributed and Dynamic Settings -- 10 A Review of Privacy Preserving Mechanisms for Record Linkage -- 10.1 Introduction -- 10.2 Overview of Privacy Preserving Record Linkage -- 10.2.1 The PPRL Model -- 10.2.2 Taxonomy of Presented Techniques -- 10.2.2.1 Privacy Guarantee -- 10.2.2.2 Scalability -- 10.2.2.3 Linkage Quality -- 10.3 Secure Transformations -- 10.3.1 Attribute Suppression and Generalization Methods -- 10.3.2 N-Grams Methods -- 10.3.3 Embedding Methods -- 10.3.4 Phonetic Encoding Methods -- 10.4 Secure Multi-Party Computation -- 10.4.1 Commutative Encryption Based Protocols -- 10.4.2 Homomorphic Encryption Based Protocols.

10.4.3 Secure Scalar Product Protocols -- 10.5 Hybrid Approaches -- 10.5.1 Standard Blocking -- 10.5.2 Sorted Neighborhood Approach -- 10.5.3 Mapping -- 10.5.4 Clustering -- 10.6 Challenges and Future Research Directions -- 10.7 Conclusion -- References -- 11 Application of Privacy-Preserving Techniques in Operational Record Linkage Centres -- 11.1 Introduction -- 11.1.1 Record Linkage Research Infrastructure -- 11.1.2 Privacy Challenges in Health Record Linkage -- 11.2 Data Governance -- 11.2.1 Legal Obligations -- 11.2.2 Information Governance -- 11.2.3 Separation of Data and Functions -- 11.2.4 Application and Approval Process -- 11.2.5 Information Security -- 11.3 Operational Models and Data Flows -- 11.3.1 Centralized Model -- 11.3.2 Separated Models -- 11.3.2.1 Separated Model, with Centralized Clinical Data Repository -- 11.3.2.2 Separated Model, with No Centralized Data Repository -- 11.3.3 A Technique to Avoid Data Collusion -- 11.4 Privacy Preserving Methods -- 11.4.1 Privacy Preserving Models -- 11.4.2 Techniques for Privacy Preserving Linkage -- 11.4.2.1 Minimum Linkage Information (MLI) -- 11.4.3 Requirements of a Privacy Preserving Linkage Technique for Operational Linkage Centres -- 11.4.3.1 Measuring and Maintaining Linkage Quality -- 11.4.3.2 Efficiency -- 11.4.3.3 Simplicity for Data Providers -- 11.4.3.4 Security -- 11.5 Conclusion -- References -- 12 Privacy Considerations for Health Information Exchanges -- 12.1 Introduction -- 12.2 Health Information Exchanges -- 12.2.1 HIE Actors and Systems -- 12.2.2 HIE Models -- 12.2.3 HIPAA, HITECH and HIE Privacy Governance -- 12.3 Privacy Issues with HIEs -- 12.3.1 Patient Expectations and Concerns -- 12.3.2 Tension Between Functionality, Security and Privacy -- 12.3.3 Data Stewardship and Ownership -- 12.4 Principles and Practice of Privacy for HIEs -- 12.4.1 Guiding Principles.

12.4.2 HIE Privacy in Practice.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

to post a comment.

© 2024 Resource Centre. All rights reserved.