An Effective Way to Achieve Privacy Protection and User Accountability While Manipulating Identifiable Patient Data

An effective way to achieve privacy protection and user accountability while manipulating identifiable patient data

Background

For flexibility in making reports, staffs in Taiwan CDC are familiar with Microsoft Excel for data analyzing. For this purpose, information including identifiable patient data are downloaded from database server and saved in individuals' computers. This user behavior reveals a serious security risk. We develop an effective way to mitigate the risk by data classification.

Methods

Data are classified into two categories, sensitive and partial sensitive. In partial sensitive data group, all cells containing identifiable patient data fields, such as names, dates of birth, and addresses, are partially marked with asterisks 陞*'. In sensitive data group, user's partial ID number and current system date are attached to identifiable patient data. This user's partial ID number is unique and is identifiable only by system administrator and the user himself. Using partial sensitive data for analysis is encouraged. When sensitive data are required, the attended user partial ID enhances user accountability.

Results

In the beginning, users were shocked and angry when finding their "private" information was within the downloaded data. Many complaint telephone calls were received by IT department. From a different perspective, users are paying more attention to these downloaded data. What we answered to users' anger was"We just want you to know, to respect the patients' privacies as yours!"

Conclusion

Although the office work area is heavily secured in Taiwan CDC, users are often the weakest link within information security. With data classification, minimal disclosure principle of confidential information is applicable. By mixing user's ID information with identifiable patient data, users will appreciate these data as well as patient's privacy.