Validating a novel deterministic privacy-preserving record linkage between administrative & clinical data: applications in stroke research

Alisia Southwell; Susan Bronskill; Tom Gee; Brendan Behan; Susan Evans; Tom Mikkelsen; Elizabeth Theriault; Kirk Nylen; Shannon Lefaivre; Nelson Chong; Mahmoud Azimaee; Natasa Tusevljak; Douglas Lee; Richard Swartz

doi:10.23889/ijpds.v7i4.1755

International Journal of Population Data Science (Nov 2022)

Validating a novel deterministic privacy-preserving record linkage between administrative & clinical data: applications in stroke research

Alisia Southwell,
Susan Bronskill,
Tom Gee,
Brendan Behan,
Susan Evans,
Tom Mikkelsen,
Elizabeth Theriault,
Kirk Nylen,
Shannon Lefaivre,
Nelson Chong,
Mahmoud Azimaee,
Natasa Tusevljak,
Douglas Lee,
Richard Swartz

Affiliations

Alisia Southwell: Department of Medicine (Neurology), Sunnybrook Health Sciences Centre, Toronto, M4N 3M5
Susan Bronskill: Life Stage Research Program, ICES, Toronto, M4N 3M5; Institute of Health Policy, Management and Evaluation, Dalla Lana School of Public Health, University of Toronto, Toronto, Ontario, Canada, M5T 3M6; Hurvitz Brain Sciences Research Program, Sunnybrook Research Institute, Toronto, M4N 3M5
Tom Gee: Department of Engineering, Indoc Research, Toronto, M5H 3W4
Brendan Behan: Department of Informatics & Analytics, Ontario Brain Institute, Toronto, M5H 3W4
Susan Evans: Director of Project Management, Indoc Research, Toronto, M5H 3W4
Tom Mikkelsen: President & Scientific Director of Ontario Brain Institute, Toronto, M5H 3W4
Elizabeth Theriault: Department of Integrated Discovery & Informatics, Ontario Brain Institute, Toronto, M5H 3W4
Kirk Nylen: Department of Integrated Discovery & Informatics, Ontario Brain Institute, Toronto, M5H 3W4; Department of Pharmacology, University of Toronto, Toronto, M5S 1A8
Shannon Lefaivre: Department of Informatics & Analytics, Ontario Brain Institute, Toronto, M5H 3W4
Nelson Chong: Department of Information Management, ICES, G1 06, 2075 Bayview Avenue, Toronto, ON M4N 3M5
Mahmoud Azimaee: Department of Data Quality & Information Management, ICES, G1 06, 2075 Bayview Avenue, Toronto, ON M4N 3M5
Natasa Tusevljak: Program Manager, ICES, G1 06, 2075 Bayview Avenue, Toronto, ON M4N 3M5
Douglas Lee: Ted Rogers Chair in Heart Function Outcomes, Peter Munk Cardiac Centre of University Health Network, Toronto, M5G 2N2; ICES, Toronto, M4N 3M5; Institute of Health Policy, Management and Evaluation, Dalla Lana School of Public Health, University of Toronto, Toronto, M5T 3M6
Richard Swartz: Department of Medicine (Neurology), Sunnybrook Health Sciences Centre, Toronto, M4N 3M5; ICES, Toronto, M4N 3M5; Ontario Brain Institute, Toronto, M5H 3W4; Department of Medicine, University of Toronto, Toronto, M5S 1A8; Heart and Stroke Foundation Canadian Partnership for Stroke Recovery, K1G 5Z3

DOI: https://doi.org/10.23889/ijpds.v7i4.1755
Journal volume & issue: Vol. 7, no. 4

Abstract

Read online

Introduction Research data combined with administrative data provides a robust resource capable of answering unique research questions. However, in cases where personal health data are encrypted, due to ethics requirements or institutional restrictions, traditional methods of deterministic and probabilistic record linkages are not feasible. Instead, privacy-preserving record linkages must be used to protect patients' personal data during data linkage. Objectives To determine the feasibility and validity of a deterministic privacy preserving data linkage protocol using homomorphically encrypted data. Methods Feasibility was measured by the number of records that successfully matched via direct identifiers. Validity was measured by the number of records that matched with multiple indirect identifiers. The threshold for feasibility and validity were both set at 95%. The datasets shared a single, direct identifier (health card number) and multiple indirect identifiers (sex and date of birth). Direct identifiers were encrypted in both datasets and then transferred to a third-party server capable of linking the encrypted identifiers without decrypting individual records. Once linked, the study team used indirect identifiers to verify the accuracy of the linkage in the final dataset. Results With a combination of manual and automated data transfer in a sample of 8,128 individuals, the privacy-preserving data linkage took 36 days to match to a population sample of over 3.2 million records. 99.9% of the records were successfully matched with direct identifiers, and 99.8% successfully matched with multiple indirect identifiers. We deemed the linkage both feasible and valid. Conclusions As combining administrative and research data becomes increasingly common, it is imperative to understand options for linking data when direct linkage is not feasible. The current linkage process ensured the privacy and security of patient data and improved data quality. While the initial implementations required significant computational and human resources, increased automation keeps the requirements within feasible bounds.

Published in International Journal of Population Data Science

ISSN: 2399-4908 (Online)
Publisher: Swansea University
Country of publisher: United Kingdom
LCC subjects: Social Sciences: Economic theory. Demography: Demography. Population. Vital events
Website: https://ijpds.org

About the journal

Abstract

Keywords