Patient Privacy in the Era of Big Data

Privacy was defined as a fundamental human right inthe Universal Declaration of Human Rights at the 1948United Nations General Assembly. However, there is stillno consensus on what constitutes privacy. In this review,we look at the evolution of privacy as a concept from theera of Hippocrates to the era of social media and big data.To appreciate the modern measures of patient privacyprotection and correctly interpret the current regulatoryframework in the United States, we need to analyze andunderstand the concepts of individually identifiableinformation, individually identifiable health information,protected health information, and de-identification. ThePrivacy Rule of the Health Insurance Portability andAccountability Act defines the regulatory framework andcasts a balance between protective measures and accessto health information for secondary (scientific) use. Therule defines the conditions when health information isprotected by law and how protected health informationcan be de-identified for secondary use. With the adventsof artificial intelligence and computational linguistics,computational text de-identification algorithms producede-identified results nearly as well as those produced byhuman experts, but much faster, more consistently andbasically for free. Modern clinical text de-identificationsystems now pave the road to big data and enablescientists to access de-identified clinical informationwhile firmly protecting patient privacy. However, clinicaltext de-identification is not a perfect process. In order tomaximize the protection of patient privacy and to freeclinical and scientific information from the confinesof electronic healthcare systems, all stakeholders,including patients, health institutions and institutionalreview boards, scientists and the scientific communities,as well as regulatory and law enforcement agencies mustcollaborate closely. On the one hand, public health lawsand privacy regulations define rules and responsibilitiessuch as requesting and granting only the amount ofhealth information that is necessary for the scientificstudy. On the other hand, developers of de-identificationsystems provide guidelines to use different modes ofoperations to maximize the effectiveness of their toolsand the success of de-identification. Institutions withclinical repositories need to follow these rules andguidelines closely to successfully protect patient privacy.To open the gates of big data to scientific communities,healthcare institutions need to be supported in their deidentificationand data sharing efforts by the public,scientific communities, and local, state, and federallegislators and government agencies.

PDF

___

Hippocrates. Jusjurandum (The Oath). In: Jones WHS, editor. Loeb Classical Library. Reprint: Hippocrates Collected Works I. Hippocrates ed. Cambridge, MA: Harvard University Press; 1868.
Higgins GL. The history of confidentiality in medicine: the physician- patient relationship. Can Fam Physician 1989;35:921-6.
Parent WA. Recent work on the concept of privacy. Am Philos Q 1983;20:341-55.
Heins M. “The Right to Be Let Alone”: Privacy and Anonymity at the U.S. Supreme Court. Revue Française D’études Américaines 2010:54-72.
Coke E. Semayne's case. In: Court of King's Bench, editor. 5 Co Rep 91a, 77 Eng Rep 1941604.
U.S. Constitution Amendment IV-search and seizure (1791).
Warren SD, Brandeis LD. The right to privacy. Harvard Law Review 1890;4:193-220.
Coleman AH. The Patient's Right to Privacy. J Natl Med Assoc 1961;53:207.
Al-Fedaghi SS. The "right to be let alone" and private information. In: Chen CS, Filipe J, Seruca I, Cordeiro J, editors. Enterprise Information Systems VII. Dordrecht: Springer Netherlands; 2006. p. 157-66.
Yamamoto R. [Management system of personal data protection in the health care field]. Rinsho Byori 2014;62:1129-34.
Universal declaration of human rights. United Nations (1948).
Thomson JJ. The right to privacy. Philosophy and Public Affairs 1975;4:295-314.
Feinberg W. Recent developments in the law of privacy. Columbia Law Review 1948;48:713-31.
Veal WR. Torts-right of privacy. Louisiana Law Review 1949;9:17.
Thompson IE. The nature of confidentiality. J Med Ethics 1979;5:57-64.
Scanlon T. Thomson on privacy. Philosophy and Public Affairs 1975;4:315- 22.
Richards NM, Solove DJ. Privacy's Other Path: Recovering the law of confidentiality. Geo L J 2007;96:123-82.
Beardsley EL. Privacy: Autonomy and selective disclosure. In: Pennock JR, Chapman JW, editors. Privacy Vol XIII. Atherton Press; 1971:56- 70.
Code of medical ethics. American Medical Association (2001).
Directorate-General for Research and Innovation. Ethics for researchers, facilitating research excellence in FP7. Luxembourg: European Commission; 2013 (http://ec.europa.eu/research/participants/data/ref/ fp7/89888/ethics-for-researchers_en.pdf).
Bernasek A. Should tax bills be public information? The New York Times. 2010 Feb 13;Sect. Your Taxes.
Basic HHS policy for protection of human research subjects, 45 C.F.R. Sect. 46.102 (2017).
Sebelius K. 45 CFR Parts 160 and 164. Modifications to the HIPAA privacy, security, enforcement, and breach notification rules under the health information technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules; final rule In: Office of the Secretary of the Department of Health and Human Services, editor. Federal Register, Volume 78, No 172013. p. 5566-702.
Administrative simplifications: definitions, 42 U.S. Code Sect. 1320d (1996).
45 CFR §160.103 Definitions. [ 65 FR 82798, Dec. 28, 2000, as amended at 67 FR 38019, May 31, 2002; 67 FR 53266, Aug. 14, 2002; 68 FR 8374, Feb. 20, 2003; 71 FR 8424, Feb. 16, 2006; 76 FR 40495, July 8, 2011; 77 FR 1589, Jan. 10, 2012; 78 FR 5687, Jan. 25, 2013]: Department of Health and Human Services; 2013.
Family educational and privacy rights, 20 U.S. Code Sect. 1232g (2010).
National Institutes of Health. Certificates of confidentiality (CoC) [7/12/2017]. Available from: https://humansubjects.nih.gov/coc/index, https://humansubjects.nih.gov/coc/faqs.
Research and investigations generally, 42 U.S. Code Sect. 241 (2016).
Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-91 (August 21, 1996).
Office of Civil Rights. The HIPAA privacy rule 2015. Available from: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html.
45 CFR §164.502 Uses and disclosures of protected health information: general rules. [65 FR 82802, Dec. 28, 2000, as amended at 67 FR 53267, Aug. 14, 2002; 78 FR 5696, Jan. 25, 2013]: Department of Health and Human Services; 2013.
45 CFR §164.508 Uses and disclosures for which an authorization is required. [67 FR 53268, Aug. 14, 2002, as amended at 78 FR 5699, Jan. 25, 2013]: Department of Health and Human Services; 2013.
45 CFR §164.510 Uses and disclosures requiring an opportunity for the individual to agree or to object. [ 65 FR 82802, Dec. 28, 2000, as amended at 67 FR 53270, Aug. 14, 2002; 78 FR 5699, Jan. 25, 2013]: Department of Health and Human Services; 2013.
45 CFR §164.512 Uses and disclosures for which an authorization or opportunity to agree or object is not required. [ 65 FR 82802, Dec. 28, 2000, as amended at 67 FR 53270, Aug. 14, 2002; 78 FR 5699, Jan. 25, 2013; 78 FR 34266, June 7, 2013; 81 FR 395, Jan. 6, 2016]: Department of Health and Human Services; 2016.
45 CFR §164.514 Other requirements relating to uses and disclosures of protected health information. [ 65 FR 82802, Dec. 28, 2000, as amended at 67 FR 53270, Aug. 14, 2002; 78 FR 5700, Jan. 25, 2013; 78 FR 34266, June 7, 2013]: Department of Health and Human Services; 2013.
45 CFR §46.116. General requirements for informed consent. [ 56 FR 28012, 28022, June 18, 1991, as amended at 70 FR 36328, June 23, 2005]: Department of Health and Human Services; 2005.
21 CFR §50.20 General requirements for informed consent. [ 46 FR 8951, Jan. 27, 1981, as amended at 64 FR 10942, Mar. 8, 1999]: Department of Health and Human Services; 1999.
The European Parliament and the Council of the European Union. General Data Protection Regulation. 2012/0011 (COD). Brussels Council of the European Union; 2016.
Office of Civil Rights. Guidance regarding methods for de-identification of protected health information in accordance with Health Insurance Portability and Accountability Act (HIPAA) privacy rule. In: U.S. Department of Health and Human Services, editor. 2012.
Privacy Analytics. When is it appropriate to use safe harbor? 2015 [7/9/2017]. Available from: https://privacy-analytics.com/de-id-university/ blog/using-safe-harbor-de-identification/.
Shankland S. Google begins blurring faces in Street View. c|net. 5/13/2008. Available from: https://www.cnet.com/news/google-begins-blurring-faces- in-street-view/
Blake H. Google's EU warning over Street View privacy. The Telegraph. 2010 Feb 26.
Miller CC, O'Brien KJ. Germany’s complicated relationship with Google Street View. The New York Times. 2013 Apr 23.
Johnston C. Google Street View's beefed-up privacy blurs cow's face. The Guardian. 2016 Sep 18.
Bischoff-Grethe A, Ozyurt IB, Busa E, Quinn BT, Fennema-Notestine C, Clark CP, et al. A technique for the deidentification of structural brain MR images. Hum Brain Mapp 2007;28:892-903.
González DR, Carpenter T, van Hemert JI, Wardlaw J. An open source toolkit for medical imaging de-identification. Eur Radiol 2010;20:1896- 904.
Homer N, Szelinger S, Redman M, Duggan D, Tembe W, Muehling J, et al. Resolving individuals contributing trace amounts of DNA to highly complex mixtures using high-density SNP genotyping microarrays. PLoS Genet 2008;4:e1000167.
Sweeney L, Abu A, Winn J. Identifying participants in the Personal Genome Project by name. Data Privacy Lab, IQSS, Harvard University. [White paper]. In press 2013.
van 't Hoff E. The data explosion along the care cycle. NVKVV 16de Colloquim ICT en gezondheidszorg; Affligem, Belgium: Dell Healthcare; 2012.
Wu W, Ding H. Big data solutions for healthcare. [Presentation]. In press 2013.
Datamark Inc. Unstructured data in electronic health record (EHR) systems: challenges and solutions. 2013.
Rhinehart C. The impact of cognitive computing on healthcare. IBM Watson Health; 2015.
Johnson SB, Bakken S, Dine D, Hyun S, Mendonça E, Morrison F, et al. An electronic health record based on structured narrative. J Am Med Inform Assoc 2008;15:54-64.
Privacy Analytics. PARAT maintenance and support information [updated 6/25/20147/9/2017]. Available from: http://knowledgebase.privacy- analytics.com/index.php?/article/AA-00335/25/PARAT/General/PARAT- Maintenance-and-Support-Information.html.
Gupta D, Saul M, Gilbertson J. Evaluation of a deidentification (De-Id) software engine to share pathology reports and clinical documents for research. Am J Clin Pathol 2004;121:176-86.
Wellner B, Huyck M, Mardis S, Aberdeen J, Morgan A, Peshkin L, et al. Rapidly retargetable approaches to de-identification in medical records. J Am Med Inform Assoc 2007;14:564-73.
Neamatullah I, Douglass M, Lehman L-w, Reisner A, Villarroel M, Long W, et al. Automated de-identification of free-text medical records. BMC Med Inform Decis Mak 2008;8:32.
Kayaalp M, Browne AC, Callaghan FM, Dodd ZA, Divita G, Ozturk S, et al. The pattern of name tokens in narrative clinical text and a comparison of five systems for redacting them. J Am Med Inform Assoc 2014;21:423-31.
Kayaalp M, Browne AC, Dodd ZA, Sagan P, McDonald CJ. Clinical text de-identification research. A report to the Board of Scientific Counselors. U.S. National Library of Medicine, National Institutes of Health, Communications LHNCfB; 2013. Report No 2013-001.
Kayaalp M, Browne AC, Dodd ZA, Sagan P, McDonald CJ. De- identification of Address, Date, and Alphanumeric Identifiers in Narrative Clinical Reports. AMIA Annu Symp Proc 2014:767-76.
Uzuner O, Luo Y, Szolovits P. Evaluating the state-of-the-art in automatic de-identification. J Am Med Inform Assoc 2007;14:550-63.
Meystre SM, Friedlin FJ, South BR, Shen S, Samore MH. Automatic de- identification of textual documents in the electronic health record: a review of recent research. BMC Med Res Methodol 2010;10:70.
Kushida CA, Nichols DA, Jadrnicek R, Miller R, Walsh JK, Griffin K. Strategies for de-identification and anonymization of electronic health record data for use in multicenter research studies. Med Care 2012;50 Suppl:S82-101.
Stubbs A, Kotfila C, Uzuner Ö. Automated systems for the de-identification of longitudinal clinical narratives: Overview of 2014 i2b2/UTHealth shared task Track 1. J Biomed Inform 2015;58 Supplement:S11-S9.
MITRE. Annotations [7/9/2017]. Available from: http://mist-deid. sourceforge.net/current_docs/html/annotation_intro.html.
Stubbs A, Uzuner O. De-identification of medical records through annotation. In: Ide N, Pustejovsky J, editors. Handbook of Linguistic Annotation. Dordrecht, The Netherlands: Springer; 2017:1433-59.
Browne AC, Kayaalp M, Dodd ZA, Sagan P, McDonald CJ. The Challenges of Creating a Gold Standard for De-identification Research. AMIA Annu Symp Proc 2014:353-8.
Kayaalp M, Browne AC, Sagan P, McGee T, McDonald CJ. Challenges and Insights in Using HIPAA Privacy Rule for Clinical Text Annotation. AMIA Annu Symp Proc 2015:707-16.
Kayaalp M. Modes of de-identification. Proc AMIA Annu Symp; Forthcoming; an advance copy available at https://lhncbc.nlm.nih.gov/ publication/pub9526.
Carrell D, Malin B, Aberdeen J, Bayer S, Clark C, Wellner B, et al. Hiding in plain sight: use of realistic surrogates to reduce exposure of protected health information in clinical text. J Am Med Inform Assoc 2013;20:342- 8.
Kayaalp M, Sagan P, Jones JK, Browne AC, McDonald CJ. Guidelines for annotating personal identifiers in the clinical text repository of the National Institutes of Health. Available at https://scrubber.nlm.nih.gov/ annotation/