Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?

Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?

BackgroundMedical data are gold mines for deriving the knowledge that could change the course of a single patient’s life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confid...

Full description

Bibliographic Details
Main Authors: Brumen, Bostjan, Heričko, Marjan, Sevčnikar, Andrej, Završnik, Jernej, Hölbl, Marko
Format: Article
Language:English
Published: JMIR Publications 2013-12-01
Series:Journal of Medical Internet Research
Online Access:http://www.jmir.org/2013/12/e283/
id doaj-7f2b88e502a242499fb588172ca59937
record_format Article
spelling doaj-7f2b88e502a242499fb588172ca599372021-04-02T19:00:41ZengJMIR PublicationsJournal of Medical Internet Research1438-88712013-12-011512e28310.2196/jmir.2471Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?Brumen, BostjanHeričko, MarjanSevčnikar, AndrejZavršnik, JernejHölbl, Marko BackgroundMedical data are gold mines for deriving the knowledge that could change the course of a single patient’s life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confidentiality of medical data legal regulations, especially when the data analyst is not affiliated with the data owner. ObjectiveOur first objective was to analyze the privacy and confidentiality issues and the associated regulations pertaining to medical data, and to identify technologies to properly address these issues. Our second objective was to develop a procedure to protect medical data in such a way that the outsourced analyst would be capable of doing analyses on protected data and the results would be comparable, if not the same, as if they had been done on the original data. Specifically, our hypothesis was there would not be a difference between the outsourced decision trees built on encrypted data and the ones built on original data. MethodsUsing formal definitions, we developed an algorithm to protect medical data for outsourced analyses. The algorithm was applied to publicly available datasets (N=30) from the medical and life sciences fields. The analyses were performed on the original and the protected datasets and the results of the analyses were compared. Bootstrapped paired t tests for 2 dependent samples were used to test whether the mean differences in size, number of leaves, and the accuracy of the original and the encrypted decision trees were significantly different. ResultsThe decision trees built on encrypted data were virtually the same as those built on original data. Out of 30 datasets, 100% of the trees had identical accuracy. The size of a tree and the number of leaves was different only once (1/30, 3%, P=.19). ConclusionsThe proposed algorithm encrypts a file with plain text medical data into an encrypted file with the data protected in such a way that external data analyses are still possible. The results show that the results of analyses on original and on protected data are identical or comparably similar. The approach addresses the privacy and confidentiality issues that arise with medical data and is adherent to strict legal rules in the United States and Europe regarding the processing of the medical data.http://www.jmir.org/2013/12/e283/
collection DOAJ
language English
format Article
sources DOAJ
author Brumen, Bostjan
Heričko, Marjan
Sevčnikar, Andrej
Završnik, Jernej
Hölbl, Marko
spellingShingle Brumen, Bostjan
Heričko, Marjan
Sevčnikar, Andrej
Završnik, Jernej
Hölbl, Marko
Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
Journal of Medical Internet Research
author_facet Brumen, Bostjan
Heričko, Marjan
Sevčnikar, Andrej
Završnik, Jernej
Hölbl, Marko
author_sort Brumen, Bostjan
title Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
title_short Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
title_full Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
title_fullStr Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
title_full_unstemmed Outsourcing Medical Data Analyses: Can Technology Overcome Legal, Privacy, and Confidentiality Issues?
title_sort outsourcing medical data analyses: can technology overcome legal, privacy, and confidentiality issues?
publisher JMIR Publications
series Journal of Medical Internet Research
issn 1438-8871
publishDate 2013-12-01
description BackgroundMedical data are gold mines for deriving the knowledge that could change the course of a single patient’s life or even the health of the entire population. A data analyst needs to have full access to relevant data, but full access may be denied by privacy and confidentiality of medical data legal regulations, especially when the data analyst is not affiliated with the data owner. ObjectiveOur first objective was to analyze the privacy and confidentiality issues and the associated regulations pertaining to medical data, and to identify technologies to properly address these issues. Our second objective was to develop a procedure to protect medical data in such a way that the outsourced analyst would be capable of doing analyses on protected data and the results would be comparable, if not the same, as if they had been done on the original data. Specifically, our hypothesis was there would not be a difference between the outsourced decision trees built on encrypted data and the ones built on original data. MethodsUsing formal definitions, we developed an algorithm to protect medical data for outsourced analyses. The algorithm was applied to publicly available datasets (N=30) from the medical and life sciences fields. The analyses were performed on the original and the protected datasets and the results of the analyses were compared. Bootstrapped paired t tests for 2 dependent samples were used to test whether the mean differences in size, number of leaves, and the accuracy of the original and the encrypted decision trees were significantly different. ResultsThe decision trees built on encrypted data were virtually the same as those built on original data. Out of 30 datasets, 100% of the trees had identical accuracy. The size of a tree and the number of leaves was different only once (1/30, 3%, P=.19). ConclusionsThe proposed algorithm encrypts a file with plain text medical data into an encrypted file with the data protected in such a way that external data analyses are still possible. The results show that the results of analyses on original and on protected data are identical or comparably similar. The approach addresses the privacy and confidentiality issues that arise with medical data and is adherent to strict legal rules in the United States and Europe regarding the processing of the medical data.
url http://www.jmir.org/2013/12/e283/
work_keys_str_mv AT brumenbostjan outsourcingmedicaldataanalysescantechnologyovercomelegalprivacyandconfidentialityissues
AT herickomarjan outsourcingmedicaldataanalysescantechnologyovercomelegalprivacyandconfidentialityissues
AT sevcnikarandrej outsourcingmedicaldataanalysescantechnologyovercomelegalprivacyandconfidentialityissues
AT zavrsnikjernej outsourcingmedicaldataanalysescantechnologyovercomelegalprivacyandconfidentialityissues
AT holblmarko outsourcingmedicaldataanalysescantechnologyovercomelegalprivacyandconfidentialityissues
_version_ 1721549974731227136

Similar Items