CHAÎNAGE DE BASES DE DONNÉES ANONYMISÉES POUR LES ÉTUDES ÉPIDÉMIOLOGIQUES MULTICENTRIQUES NATIONALES ET INTERNATIONALES : PROPOSITION D'UN ALGORITHME CRYPTOGRAPHIQUE

Abstract Background Compiling individual records which come from different sources remains very important for multicenter epidemiological studies, but at the same time European directives or other national legislations concerning nominal data processing have to be respected. These legal aspects can be satisfied by implementing mechanisms that allow anonymization of patient data (such as hashing techniques). Moreover, for security reasons, official recommendations suggest using different cryptographic keys in combination with a cryptographic hash function for each study. Unfortunately, such an anonymization procedure is in contradiction with the common requirement in public health and biomedical research as it becomes almost impossible to link records from separate data collections where the same entity is not referenced in the same way. Solving this paradox by using methodology based on the combination of hashing and enciphering techniques is the main aim of this article. Methods The method relies on one of the best known hashing functions (the secure hash algorithm) to ensure the anonymity of personal information while providing greater resistance to dictionary attacks, combined with encryption techniques. The originality of the method relies on the way the combination of hashing and enciphering techniques is performed: like in asymmetric encryption, two keys are used but the private key depends on the patient's identity. Results The combination of hashing and enciphering techniques provides a great improvement in the overall security of the proposed scheme. Conclusion This methodology makes the stored data available for use in the field of public health for the benefit of patients, while respecting legal security requirements.

[1]  C. Quantin,et al.  Interoperability issues regarding patient identification in Europe , 2007, 2007 29th Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[2]  Ronald Buyl,et al.  An electronic registry for physiotherapists in Belgium , 2008, MIE.

[3]  Peter Christen,et al.  Some methods for blindfolded record linkage , 2004, BMC Medical Informatics Decis. Mak..

[4]  C Quantin,et al.  Combining Hashing and Enciphering Algorithms for Epidemiological Analysis of Gathered Data , 2008, Methods of Information in Medicine.

[5]  Y Etheridge PKI (public key infrastructure)--how and why it works. , 2001, Health management technology.

[6]  Catherine Quantin,et al.  Building Application-Related Patient Identifiers: What Solution for a European Country? , 2008, International journal of telemedicine and applications.

[7]  R Sambuc,et al.  [Anonymity in epidemiological surveys: study and initiation of a new method]. , 1988, Revue d'epidemiologie et de sante publique.

[8]  Jin-Hai Zhou,et al.  [Research and realization for certification of EHR based on ECC & SHA-1]. , 2008, Zhongguo yi liao qi xie za zhi = Chinese journal of medical instrumentation.

[9]  F A Allaert,et al.  FOIN: a nominative information occultation function. , 1997, Studies in health technology and informatics.

[10]  Catherine Quantin,et al.  Proposal for the Creation of a European Healthcare Identifier , 2005, MIE.

[11]  Marius Fieschi,et al.  Proposal of a French Health Identification Number Interoperable at the European Level , 2007, MedInfo.

[12]  L Dusserre,et al.  Automatic Record Hash Coding and Linkage for Epidemiological Follow-up Data Confidentiality , 1998, Methods of Information in Medicine.

[13]  Catherine Quantin,et al.  How to manage secure direct access of European patients to their computerized medical record and personal medical record. , 2007, Studies in health technology and informatics.

[14]  Catherine Quantin,et al.  Unique Patient Concept: A key choice for European epidemiology , 2007, Int. J. Medical Informatics.

[15]  L Dusserre,et al.  [Security of healthcare data networks used for epidemiological studies]. , 2000, Revue d'epidemiologie et de sante publique.

[16]  François-André Allaert,et al.  Méthodologie pour le chaînage de données sensibles tout en respectant l'anonymat : application au suivi des informations médicales , 2005 .

[17]  T. Blakely,et al.  Anonymous linkage of New Zealand mortality and Census data , 2000, Australian and New Zealand journal of public health.

[18]  Catherine Quantin,et al.  The Swiss Solution for Anonymously Chaining Patient Files , 2001, MedInfo.