International Journal of Population Data Science (Nov 2022)

Validating a novel deterministic privacy-preserving record linkage between administrative & clinical data: applications in stroke research

  • Alisia Southwell,
  • Susan Bronskill,
  • Tom Gee,
  • Brendan Behan,
  • Susan Evans,
  • Tom Mikkelsen,
  • Elizabeth Theriault,
  • Kirk Nylen,
  • Shannon Lefaivre,
  • Nelson Chong,
  • Mahmoud Azimaee,
  • Natasa Tusevljak,
  • Douglas Lee,
  • Richard Swartz

DOI
https://doi.org/10.23889/ijpds.v7i4.1755
Journal volume & issue
Vol. 7, no. 4

Abstract

Read online

Introduction Research data combined with administrative data provides a robust resource capable of answering unique research questions. However, in cases where personal health data are encrypted, due to ethics requirements or institutional restrictions, traditional methods of deterministic and probabilistic record linkages are not feasible. Instead, privacy-preserving record linkages must be used to protect patients' personal data during data linkage. Objectives To determine the feasibility and validity of a deterministic privacy preserving data linkage protocol using homomorphically encrypted data. Methods Feasibility was measured by the number of records that successfully matched via direct identifiers. Validity was measured by the number of records that matched with multiple indirect identifiers. The threshold for feasibility and validity were both set at 95%. The datasets shared a single, direct identifier (health card number) and multiple indirect identifiers (sex and date of birth). Direct identifiers were encrypted in both datasets and then transferred to a third-party server capable of linking the encrypted identifiers without decrypting individual records. Once linked, the study team used indirect identifiers to verify the accuracy of the linkage in the final dataset. Results With a combination of manual and automated data transfer in a sample of 8,128 individuals, the privacy-preserving data linkage took 36 days to match to a population sample of over 3.2 million records. 99.9% of the records were successfully matched with direct identifiers, and 99.8% successfully matched with multiple indirect identifiers. We deemed the linkage both feasible and valid. Conclusions As combining administrative and research data becomes increasingly common, it is imperative to understand options for linking data when direct linkage is not feasible. The current linkage process ensured the privacy and security of patient data and improved data quality. While the initial implementations required significant computational and human resources, increased automation keeps the requirements within feasible bounds.

Keywords