Security, Confidentiality and Privacy Discussion Points

1
Security, Confidentiality and Privacy Discussion
Points
Author Phil Jennings Information Resource
Management, Manager Knowledge Management
Technology Division Ministry of Health
Services 1515 Blanshard Street Victoria BC V8W
3C8 Phone (250) 952-1161 Fax (250)
952-0979 E-mail phil.jennings_at_gems6.gov.bc.ca ISA
CA Luncheon February 18, 2004
2
Ethical Considerations

• Client Centered Information Model
• Ethical Perspectives
• Ethics of Data Sharing
• Health Knowledge Models
• Health Wisdom Model

3
Client Centered Information Model
Information Management Level
Jennings ITCH 1994 Presentation
4
3 Common Ethical Perspectives in Client
Management Systems
Potential Conflicting Paradigms
Autonomy Consent Competency
Utility Justice Public Duty
Care Provider
Case Manager
System (task) Centered
Love/Service Centered
Case Manager
Family
Independence Centered
Client
Client
Jennings 2nd International Conference on Case
Management 1994
5
Ethics Of Data Sharing
Clinical Data Individual Relationships in a
Clinical Practice
Care Management Caseload Relationship within a
Scope of Practice
Key Principles Utility
Competency Security
Privacy Confidentiality Beneficence Nonmalefic
ence
Key Principles Autonomy Informed
Consent Security Privacy
Confidentiality Beneficence Nonmaleficence
Population Monitoring and Program
Planning Population Relationship within Funded
Services/Programs
Practice Standards Code of Ethics Best Practices
Legislation Policies Guidelines Standards
Key Principles Utility Public
Duty Justice Security Privacy
Confidentiality Beneficence Nonmaleficence
Jennings ASA 2001 Presentation
6
Health Knowledge Models
7
Health Wisdom Model
Truth
Truth
CONTEXT
Data Give (e.g. data sets or data reports with
no metadata) Information Share (data or data
reports with business and technical
metadata) Knowledge Collaborate (plan, discuss,
analyze, evolve and improve data and
information) Wisdom Learn (apply knowledge,
make the right decisions and feedback to data
sources)
8
Person Based Data

• BI Graph
• Personal Profiling
• Population Profiling
• Data Management Approaches
• Health Information Systems

9
Business Intelligence Graph
Web Reports
Custom Applications/Dash Boards
OLAP/ROLAP Web Applications
OLAP/ROLAP Desk Top
Ad Hoc Queries
Data Mining, Statistical Analysis
10
Data Warehousing

• Personal Profile (SMI)

11
Data Warehousing

• Population Profile (SMI)

12
Data Management
13
Health Information Systems
Jennings ASA 2001 Presentation
14
Decision Making

• Locus of Control/Power
• Key Information Decisions

15
Locus of Control/Power
Practitioner
Client
Organization
Jennings ASA 2001 Presentation
16
Key Information Decisions
Practitioner
Client
Organization
Jennings ASA 2001 Presentation
17
Confidentiality, Privacy, Security

• Business Models
• Business Controls
• Data Warehouse Security Model
• Data Warehouse Access Matrix
• Data Warehouse Access Control
• Data Warehouse Technical Approach
• Data Warehouse Data Management Approach

18
Business Approaches
19
Business Controls

• consider the data contained below be included in
  each
• users profile
• data custodian or access authorizing agent,
• anonymity requirements,
• access limitations or restrictions by users,
• required levels of analyses by users,
• sensitivity of data or a specific datum,
• population size or geographic breakdown
  restrictions,
• management protocols for unique or unusual data
  or outliers,

• publication or report specific limitations,
• data element limitations,
• small cell size value thresholds,
• report limitations,
• business rules, and
• authorized business end users.

20
Data Warehouse Security Model
21
Data Warehouse Access/Authentication Matrix
Security, Confidentiality and Privacy -
Technology and Business Working Together
22
Data Warehouse Access Control
23
Data Warehouse Technical Approach
Depersonalization Techniques
1. Table Segmentation
2. Surrogate Keys
PHN Number Surrogate Key PHN 999999 A12345 PHN
999998 A12344 PHN 999997 A12343
1.
3. Security Views
4. Restricted Columns
2.
24
Data Management Approach

• 2. Data protection concepts
• Anonymity
• Aggregation
• Global Recoding
• Value Thresholds
• Replacement Values
• Cell Suppression
• Table Design
• Sensitive Cells
• User Profile Access

• 1. Important data management concepts
• need to know access
• data integrity
• access and data availability
• disclosure, including level of openness
• direct and indirect attacks
• data usefulness
• audit and monitoring
• supportive business processes

• 4. Depersonalization of Microdata
• Name
• Address
• Telephone Number
• Race or Ethnicity
• Age
• Sex
• Familial Status
• PHN
• Practitioner Number

• 3. Small Cell Size Criteria
• for summary data
• Row Count Limit (5 or 10)
• Forward Sortation Restriction
• Aggregate Age Group (5 year)
• Code Restrictions (ICD to 3 digits)
• Financial Limitation (gt100K)

25
Special Cases

• Small Cell Size
• Data Mining/Discovery Analyses

26
Data Warehouse Small Cell Size
Small cell size relates to values returned for a
specific population that are so small that the
real or perceived risk of re-identification of
individuals exists even with confidentiality and
depersonalization measures employed.
27
Small cell size rules

• values of five or less than five, except valid
  zeros, seen as a narrative code of this cell
  contains five or less,
• valid zeros will be seen as zeros,
• valid blanks will be seen as no data
  available,
• all users within a group see the same
  depersonalized data that has
• been aggregated or summarized and approved for
  release
• data will be stated at the LHA level with need
  to know access to FSA,
• data will be stated in age groups (5 yr) with
  need to know access to 1 year increments,
• diagnostic and similar service coding taxonomies
  will be grouped
• (defined for each project)

28
Data Mining With Health Data

• Data Considerations
• Highly sensitive nature of health data
• Personal nature of the data in some electronic
  systems
• Linkage analyses of the data
• Ethical Problems and Paradigms
• Fiduciary and Public Duty
• Personal nature of the data
• High volume may associate data with no true
  relationship
• Legislated restrictions and safeguards

29
Draft Mining Project Model
BUSINESS AREA Steward or Custodian
Technical support area Analyst, DBA or FOI
Expertise
Business support area Business
expert/analyst FOI Expertise
30
The End!