Real-time De-identification of Healthcare Data Using Ephemeral Pseudonyms

Abstract: Information explosion is radically changing our perception of the surroundings and healthcare data is at the core of it. The nature of healthcare data being extremely sensitive poses a threat of invasion of privacy of individuals if stored or exported without taking proper security measures. Deidentification involves pseudonymization or anonymization of data which are methods to disassociate an individual's identity temporarily or permanently respectively. These methods can be used to provide secrecy to user's healthcare data. A commonly overlooked weakness of Pseudonymization technique is Inference attacks. This paper discusses an approach to deidentify Enterprise Healthcare Records (EHR) using chained hashing for generating short-lived pseudonyms to minimize the effect of inference attacks and also outlines a re-identification mechanism focusing on information self-determination. Keywords:De-identification, Electronic Healthcare Records, Pseudonymization, Inference Attack.