Statistical disclosure control architectures for patient records in biomedical information systems

Abstract

Patient record data are potentially highly sensitive and their secondary use raises both ethical and data protection issues. Disclosure of patient data could cause serious difficulties for the medical profession and be potentially damaging for individual patients and clinicians. Yet at the same time patient records are a hugely valuable resource in terms of clinical research and patient treatment. A secure, remote access system for such data would therefore provide numerous benefits. In this paper we outline the statistical disclosure risks posed by patient record data in the context of establishing a grid based medical data repository. We review good practice in existing patient databases, outline a scenario model for assessing risk and suggest a new model for statistical disclosure control of patient data. The architecture and the research method we have described have general relevance for any remote data access system where maximizing both data utility and security is a priority, and has specific relevance to medical data and bioinformatics. It can straightforwardly be integrated into data access and analysis tools.