On Deducibility and Anonymisation in Medical Databases

The utilisation of real medical data in research projects is becoming evermore widespread, and a clear duty of care towards such data is mandatory. To this end, anonymisation is essential. It is well understood that a conflict between functionality and confidentiality exists within this context: while patients’ confidentiality must be preserved, restricting access can reduce the value of the data that is available to researchers. As such, limiting access so that confidentiality is preserved while still ensuring a high degree of functionality should be a key aim of every designer of medical research databases. In this paper, we outline an approach developed within the e-DiaMoND project that combines anonymisation and query modification to manage this conflict.

[1]  Mark Elliot DIS: A New Approach to the Measurement of Statistical Disclosure Risk , 2000 .

[2]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[3]  Michael Stonebraker,et al.  Access control in a relational data base management system by query modification , 1974, ACM '74.

[4]  Peter J. Denning,et al.  Data Security , 1979, CSUR.

[5]  Stéphane Bressan,et al.  Introduction to Database Systems , 2005 .

[6]  Andrew C. Simpson,et al.  GIMI: generic infrastructure for medical informatics , 2005, 18th IEEE Symposium on Computer-Based Medical Systems (CBMS'05).

[7]  Andrew C. Simpson,et al.  Protecting sensitive patient data via query modification , 2005, SAC '05.

[8]  W. Keller,et al.  Disclosure control of microdata , 1990 .

[9]  Donna K. Harman,et al.  Relevance Feedback and Other Query Modification Techniques , 1992, Information retrieval (Boston).

[10]  W. W. Armstrong,et al.  Dependency Structures of Data Base Relationships , 1974, IFIP Congress.

[11]  Andrew Simpson,et al.  An Approach to the Storage of DICOM files for Grid−Enabled Medical Imaging Databases , 2004 .

[12]  Kaizheng Du On automated query modification techniques for databases , 1993 .

[13]  Francine Berman,et al.  Grid Computing: Making the Global Infrastructure a Reality , 2003 .

[14]  M A Slaymaker,et al.  Security aspects of Grid-based digital mammography. , 2005, Methods of information in medicine.

[15]  Christos Faloutsos,et al.  Advanced Database Systems , 1997, Lecture Notes in Computer Science.

[16]  Andrew Simpson,et al.  A vision for secure grid−enabled healthcare , 2004 .

[17]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[18]  Peter J. Denning,et al.  The tracker: a threat to statistical database security , 1979, TODS.

[19]  S. Reiss,et al.  Data-swapping: A technique for disclosure control , 1982 .

[20]  Sushil Jajodia,et al.  Securing OLAP data cubes against privacy breaches , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[21]  C. Skinner,et al.  Disclosure control for census microdata , 1994 .

[22]  W. Alex Gray,et al.  Employing Integrity Constraints for Query Modification and Intensional Answer Generation in Multi-database Systems , 1992, BNCOD.

[23]  Andrew C. Simpson,et al.  A relational approach to the capture of DICOM files for Grid-enabled medical imaging databases , 2004, SAC '04.

[24]  R. Priest Data Protection Act , 1988 .

[25]  L. Zayatz,et al.  Strategies for measuring risk in public use microdata files , 1992 .

[26]  Michael Brady,et al.  eDiamond: A Grid‐Enabled Federated Database of Annotated Mammograms , 2003 .

[27]  Ricardo Baeza-Yates,et al.  Information Retrieval: Data Structures and Algorithms , 1992 .

[28]  Norman S. Matloff,et al.  A modified random perturbation method for database security , 1994, TODS.

[29]  C. J. Date An introduction to database systems (7. ed.) , 1999 .

[30]  L. Willenborg,et al.  Elements of Statistical Disclosure Control , 2000 .

[31]  Joachim Biskup,et al.  Controlled query evaluation for enforcing confidentiality in complete information systems , 2004, International Journal of Information Security.

[32]  Michael Stonebraker,et al.  Implementation of integrity constraints and views by query modification , 1975, SIGMOD '75.

[33]  Surajit Chaudhuri Generalization and a framework for query modification , 1990, [1990] Proceedings. Sixth International Conference on Data Engineering.