About the SA Blog Network



Opinion, arguments & analyses from the editors of Scientific American
Observations HomeAboutContact

Researchers aim to prevent identity theft from medical records

The views expressed are those of the author and are not necessarily those of Scientific American.

Email   PrintPrint

Vanderbilt, EMR,ICDOver time, patients end up providing a wealth of information to their health care providers, and when all our data are aggregated, they are also a boon to researchers studying trends in diseases and demographics for clues in how to better treat illness. And nowadays, as more patient health care records go digital, patient information becomes more widely shared among researchers—which can be a good thing or a bad thing, depending upon who has access to it.

Electronic medical record (EMR) systems contain detailed, yet anonymous patient-level data represented in codes that correspond to different health conditions, including disease, symptom or injury. Lately, EMRs are increasingly being used to provide data for genome-wide association studies (GWAS) used to identify relationships among specific genomic variants and health-related phenomena, a key to delivering on the promise of personalized medicine. However, patient privacy can be threatened when personal information is linked to genetic information using codes that are available through public databases and electronic medical records, a team of Vanderbilt University researchers in Nashville conclude in a study published Monday in the Proceedings of the National Academy of Sciences.

The researchers claim to have illustrated this problem as part of their research, where they identified 96 percent of a group of 2,762 patients with the help of the diagnosis codes in the patients’ records.

A possible solution, according to Vanderbilt researchers Grigorios Loukides, Aris Gkoulalas-Divanis and Bradley Malin, is to use a method for creating anonymous records that replaces the current system—known as the International Statistical Classification of Diseases and Related Health Problems (ICD)—with a series of related codes. The researchers created an algorithm that generalizes clinical information so that patients remain anonymous, while providing the medical and genetic connections needed by researchers.

Loukides and his colleagues tested the algorithm’s data protection performance against simulated malicious computer hacker attacks using actual information from more than 2,600 patients, assuming a potential hacker knew a patient’s identity, some or all of a patient’s ICD codes, and whether the patient record was included in released data. The technique foiled attempts to uncover a patient’s private information, the researchers wrote, and maintained the data integrity necessary to retain useful information for validating genome-wide studies.

Image © DNY59

Rights & Permissions

Comments 4 Comments

Add Comment
  1. 1. jtdwyer 7:59 pm 04/12/2010

    There is a huge gap in the custodial care of patient data – it (including SSN) is commonly physically shared among subcontractors and billing service companies. Many of these small firms are physically located in small storefront office environments, often unoccupied at night, with plenty of computer equipment to tempt burglars. There is no longer any effective control of personal information or any individual or organization responsible for maintaining control. Pandora’s box has been open for many years, now – good luck with it!

    Link to this
  2. 2. Iahmad 5:28 am 04/13/2010

    It is impossible to do that. If Mossad gang can steal passport details from so many nations and produce them illegally, they can steal it from medical records as well. Specially, US and UK institutions are deeply infested with Mosad agents so one can rarely rely on such fake reaasurance.

    Link to this
  3. 3. jtdwyer 6:07 am 04/13/2010

    Iahmad – It seems unnecessary to infiltrate organizations to steal information when crackheads can be hired to break into a small business office and steal many thousands of personal identification, insurance and billing records.

    Link to this
  4. 4. dess 7:24 pm 05/3/2010

    I can understand that it is extremely important to protect the medical records from fraud or all sort of bad things can happen to us like in the movie THE FUGITIVE. you may also want to have a look at

    Link to this

Add a Comment
You must sign in or register as a member to submit a comment.

More from Scientific American

Email this Article