TY - JOUR
T1 - Ensuring a safe(r) harbor
T2 - Excising personally identifiable information from structured electronic health record data
AU - Pfaff, Emily R.
AU - Haendel, Melissa A.
AU - Kostka, Kristin
AU - Lee, Adam
AU - Niehaus, Emily
AU - Palchuk, Matvey B.
AU - Walters, Kellie
AU - Chute, Christopher G.
N1 - Publisher Copyright:
© 2022 Cambridge University Press. All rights reserved.
PY - 2022/12/9
Y1 - 2022/12/9
N2 - Recent findings have shown that the continued expansion of the scope and scale of data collected in electronic health records are making the protection of personally identifiable information (PII) more challenging and may inadvertently put our institutions and patients at risk if not addressed. As clinical terminologies expand to include new terms that may capture PII (e.g., Patient First Name, Patient Phone Number), institutions may start using them in clinical data capture (and in some cases, they already have). Once in use, PII-containing values associated with these terms may find their way into laboratory or observation data tables via extract-transform-load jobs intended to process structured data, putting institutions at risk of unintended disclosure. Here we aim to inform the informatics community of these findings, as well as put out a call to action for remediation by the community.
AB - Recent findings have shown that the continued expansion of the scope and scale of data collected in electronic health records are making the protection of personally identifiable information (PII) more challenging and may inadvertently put our institutions and patients at risk if not addressed. As clinical terminologies expand to include new terms that may capture PII (e.g., Patient First Name, Patient Phone Number), institutions may start using them in clinical data capture (and in some cases, they already have). Once in use, PII-containing values associated with these terms may find their way into laboratory or observation data tables via extract-transform-load jobs intended to process structured data, putting institutions at risk of unintended disclosure. Here we aim to inform the informatics community of these findings, as well as put out a call to action for remediation by the community.
KW - Electronic health records
KW - data privacy
KW - medical terminologies
UR - http://www.scopus.com/inward/record.url?scp=85121206310&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85121206310&partnerID=8YFLogxK
U2 - 10.1017/cts.2021.880
DO - 10.1017/cts.2021.880
M3 - Article
C2 - 35211336
AN - SCOPUS:85121206310
SN - 2059-8661
VL - 6
JO - Journal of Clinical and Translational Science
JF - Journal of Clinical and Translational Science
IS - 1
M1 - A208
ER -