Abstract
The utilisation of real medical data in research projects is becoming evermore widespread, and a clear duty of care towards such data is mandatory. To this end, anonymisation is essential. It is well understood that a conflict between functionality and confidentiality exists within this context: while patients’ confidentiality must be preserved, restricting access can reduce the value of the data that is available to researchers. As such, limiting access so that confidentiality is preserved while still ensuring a high degree of functionality should be a key aim of every designer of medical research databases. In this paper, we outline an approach developed within the e-DiaMoND project that combines anonymisation and query modification to manage this conflict.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Armstrong, W.W.: Dependency structures of data base relationships. In: Proc. IFIP Congress, Stockholm, Sweden (1974)
Bethelehem, J.G., Keller, W.J., Pannekoek, J.: Disclosure control of microdata. Journal of the American Statistical Association 85, 38–45 (1990)
Biskip, J., Bonatti, P.A.: Controlled query evaluation for enforcing confidentiality in complete information systems. International Journal of Information Security (Special issue on ESORICS 2002 2(1), 14–27 (2004)
Brady, J.M., Gavaghan, D.J., Simpson, A.C., Parada, M.M., Highnam, R.P.: e-DiaMoND: A Grid-enabled federated database of annotated mammograms. In: Berman, F., Fox, G.C., Hey, A.J.G. (eds.) Grid Computing: Making the Global Infrastructure a Reality. Wiley Series, pp. 923–943 (2003)
The Caldicott Report (December 1997), http://www.publications.doh.gov.uk/ipu/confiden
Chauduri, S.: Generalization and a framework for query modification. In: Proceedings of the IEEE International Conference on Data Engineering (1990)
Chen, G., Keller-McNulty, S.: Estimation of deidentification disclosure risk in microdata. Journal of Official Statistics 14(1), 79–95 (1998)
Dalenius, T., Reiss, S.P.: Data-swapping: a technique for disclosure contol. Journal of Statistical Planning and Inference 6, 73–85 (1982)
Date, C.J.: An Introduction to Database Systems, 7th edn. Addison-Wesley, Reading (2000)
Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19(5), 236–243 (1976)
Denning, D.E., Denning, P.J.: Data security. ACM Conputing Surveys 11(3) (September 1979)
Denning, D.E., Denning, P.J., Schwartz, M.D.: The tracker: a threat to statistical database security. ACM Transactions on Database Systems 4(1), 7–18 (1978)
Data Protection Act 1998. The Stationery Office Limited, London (1998)
Du., K.: On automated query modification techniques for databases. PhD thesis, Case Western Reserve University (May 1993)
Elliot, M.J.: Dis: a new approach to the measurement of statistical disclosure risk. International Journal of Risk Management, 39–48 (2000)
Feinberg, S.E., Markov, U.E.: Confidentiality, uniqueness, and disclosure information for categorical data. Journal of Official Statistics, 385–397 (1998)
Florescu, D., Raschid, L., Valduriez, P.: Query modification in multidatabase systems. International Journal of Intelligent and Cooperative Information Systems (Special Issue on Formal Methods in Cooperative Information Systems: Heterogeneous Databases)Â 5(4) (December 1996)
Fonkam, M.M., Gray, W.A.: Employing integrity constraints for query modification and intensional answer generation in multi-database systems. In: Gray, P.M.D., Lucas, R.J. (eds.) BNCOD 1992. LNCS, vol. 618, pp. 244–260. Springer, Heidelberg (1992)
Greenberg, B., Zayatz, L.: Strategies for measuring risk in public use microdata files. Statistica Neerlandica, 33–48 (1992)
Harman, D.: Relevance feedback and other query modification techniques. In: Frakes, W.B., Baeza-Yates, R. (eds.) Information retrieval: data structures and algorithms. Prentice-Hall, Englewood Cliffs (1992)
Human Rights Act 1998. The Stationery Office Limited, London (1998)
Lambert, D.: Measures of disclosure risk and harm. Journal of Official Statistics 9, 313–331 (1993)
Power, D.J., Politou, E., Slaymaker, M.A., Harris, S., Simpson, A.C.: An approach to the storage of dicom files for grid-enabled medical imaging databases. In: Proceedings of the ACM Symposium on Applied Computing, pp. 272–279 (2004)
Power, D.J., Slaymaker, M.A., Politou, E.A., Simpson, A.C.: Protecting sensitive patient data via query modification. In: ACM Symposium on Applied Computing, pp. 224–230 (2005)
Simpson, A.C., Power, D.J., Slaymaker, M.A., Lloyd, S.L., Politou, E.A.: GIMI: Generic infrastructure for medical informatics. In: IEEE Computer-Based Medical Systems (2005) (to appear)
Skinner, C.J., Marsh, C., Openshaw, S., Wymer, C.: Disclosure control for census microdata. Journal of Official Statistics, 31–51 (1994)
Slaymaker, M.A., Politou, E., Power, D.J., Lloyd, S.L., Simpson, A.C.: Security aspects of grid-enabled digital mammography. Methods of Information in Medicine (2004) (to appear)
Slaymaker, M.A., Power, D.J., Politou, E.A., Simpson, A.C.: A vision for secure grid-enabled healthcare. In: Workshop on Grid Security Practice and Experience. Technical Report YCS-2004-380, University of York (June 2004)
Spivey, J.M.: The Z Notation: A Reference Manual, 2nd edn. Prentice-Hall International, Englewood Cliffs (1992)
Stonebraker, M.: Implementation of integrity constraints and views by query modification. In: Proceedings of ACM SIGMOD International Conference on the Management of Data, pp. 65–78 (1975)
Stonebraker, M., Wong, E.: Access control in a relational data base management system by query modification. In: ACM/CSC-ER Proceedings of the 1974 annual conference (1974)
Tendick, P., Matloff, N.: A modified random pertubation method for database security. ACM Transactions on Database Systems 19(1) (1994)
Walker, A., Salveter, S.C.: Automatic modification of transactions to preserve data base integrity without undoing updates. Technical Report 81/026, State University of New York, Stony Brook, New York (June 1981)
Wang, L., Jajodia, S., Wijesekera, D.: Securing OLAP data cubes against privacy breaches. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 161–175 (2004)
Willemborg, L., Waal, T.: Elements of statistical disclosure control. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Power, D., Slaymaker, M., Simpson, A. (2005). On Deducibility and Anonymisation in Medical Databases. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_12
Download citation
DOI: https://doi.org/10.1007/11552338_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)