Big data and artificial intelligence (AI) are opening up unprecedented opportunities in healthcare. But these new technologies also pose a wide array of challenges, including around privacy and liability. Great care is needed when handling personal data, especially health-related information, which is particularly sensitive.
Two techniques that can help you respond to this concern and make data accessible to external parties in a responsible manner, are anonymisation and pseudonymisation.
Data for research
Anonymous healthcare data is an important source for medical research, and also provides statistical input for the development of healthcare policy. A typical example of this is the anonymised data that healthcare institutions provide to Sciensano/Healthdata in Belgium, for epidemiological monitoring.
When you anonymise data, it can no longer be traced to the person who is the source of the data. However, there is still some risk of identification. For example, it would not be difficult to use the date of birth of a 100-year-old patient to uncover their identity. Combining two (or more) data sets may create some risk of identification as well. It is always good practice to carefully consider, in advance, which and how much data you will exchange, even if it is anonymised.
In certain situations, you may need to make data available to a third party, but with the possibility to re-identify the patient afterwards under strict conditions. One example could be radiology images that you have analysed in the cloud using an AI algorithm. Or an external algorithm that uses patient data to calculate which components are needed to perform a knee replacement. Or text and unstructured reports that you make available to a software application that processes and analyses the data in order to optimise care paths.
To share medical data safely and responsibly in such situations, you can pseudonymise it. This security measure involves deleting any personal data that can be traced back to the patient (name, date of birth, patient number, etc.) and/or replacing it (for example, replacing date of birth with age, and municipality with region). The data is then linked to a code that can only be used in the hospital to identify the patient.
The pseudonymised data is given to the AI provider, and when the findings come back, you can restore them to the correct patient context using the code (or conversion key).
Let us handle it
Anonymising and/or pseudonymising data places a lot of demands on your facility, both technically and administratively. Time-consuming and complex processes require a variety of approaches, depending on the type of document or specialty (such as the discharge report that a patient receives when leaving the hospital versus the report following a surgical procedure). That is why care organisations are increasingly choosing not to do everything themselves and to be assisted by specialists.
For the many hospitals that use Amaron’s data integration platform (EAI) to exchange data between various information systems, Amaron is well placed to take on such a role. Together with the hospital, we can ensure that the data ends up where it is needed, correctly and securely.
And our assistance goes beyond the technical aspects. We can also guide you on governance and provide workflow support and automation—all in line with your hospital’s security protocols.
What can Amaron do for you?
- Our robust algorithms allow you to anonymise or pseudonymise data with minimal effort, regardless of whether the data is structured or non-structured.
- We support you to manage the data exchange process—from the request to the completion of the project—entirely in accordance with HIPAA recommendations.