HIDE: Privacy Preserving Medical Data Publishing. James Gardner Department of Mathematics and Computer Science Emory University

Transcription

1 HIDE: Privacy Preserving Medical Data Publishing James Gardner Department of Mathematics and Computer Science Emory University

2 Motivation De-identification is critical in any health informatics system Research Sharing Need an easy-to-use interface and framework for data custodians and publishers Understanding data is necessary to de-identify data

3 HIPAA 1. Names; 2. All geographical subdivisions smaller than a State, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a zip code, if according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a zip code for all such geographic units containing 20,000 or fewer people is changed to All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older; 4. Phone numbers; 5. Fax numbers; 6. Electronic mail addresses; 7. Social Security numbers; 8. Medical record numbers; 9. Health plan beneficiary numbers; 10. Account numbers; 11. Certificate/license numbers; 12. Vehicle identifiers and serial numbers, including license plate numbers; 13. Device identifiers and serial numbers; 14. Web Universal Resource Locators (URLs); 15. Internet Protocol (IP) address numbers; 16. Biometric identifiers, including finger and voice prints; 17. Full face photographic images and any comparable images; and 18. Any other unique identifying number, characteristic, or code (note this does not mean the unique code assigned by the investigator to code the data)

4 PHI Summary Protected Health Information (PHI) is defined by HIPAA as individually identifiable health information Direct identifiers include name, SSN, etc. Indirect identifiers include gender, age, address information, etc.

5 Research Challenges Detect PHI in heterogeneous medical data Apply structured anonymization principles on heterogeneous medical data (micro-privacy) Release differentially private aggregated statistics (macro-privacy)

6 HIDE Health Information DE-identification Uses techniques from Information Extraction Data linking Structured Anonymization Differential Privacy Data Mining

7 HIDE

8 Outline Background and related work Named entity recognition Proposed Work HIDE framework Micro-data publishing Macro-data publishing Existing de-identification approaches Privacy preserving data publishing Identifying and sensitive information extraction Software

9 Alternative Systems Scrub System - rules and dictionaries are used to detect PHI Semantic Lexicon System - rules and dictionaries are used to detect PHI DE-ID - rules and dictionaries, developed at Pittsburgh and approved by IRB Concept-Match Scrubber - removes every word not in an approved list of non-identifying terms Carafe - uses a CRF to detect PHI

10 Limitations of Most Systems Lack portability Donʼt give formal privacy guarantees Donʼt utilize the latest work from structured data anonymization Focus only on removing PHI

11 Named Entity Recognition Locate and classify atomic elements in text into predefined categories such as person, organization, location, expressions of time, quantities, etc. NER systems can be classified into either: Rule-based Machine Learning-based

12 NER Examples Part-of-speech (POS) Tagging I/PRP think/vbp it/prp s/bes a/dt pretty/ RB good/jj idea/nn./. Personal Health Identifier Detection <age>77</age> year old <gender>female</ gender> with history of <disease>b-cell lymphoma</disease> (Marginal zone, <mrn>sh </mrn>)

13 NER Metrics Precision TP / (TP + FP) Recall TP / (TP + FN)

14 Rule-based Rely on hand-coded rules and dictionaries Dictionaries can be used for terms in a closed class with an exhaustive list, e.g. geographic locations Regular expressions are used to detect terms that follow certain syntactic patterns, e.g. phone numbers

15 Machine learning-based Model the NER as a sequence labeling task where each token is assigned a label Train classifiers to label each token Classifiers use a list of features (or attributes) for training and classification of the sequence Frequently applied classifiers are HMM, MEMM, SVM, and CRF

16 Conditional Random Field A Conditional Random Field (CRF) provides a probabilistic framework for labeling and segmenting sequential data A CRF defines a conditional probability of a label sequence given an observation sequence

17 Comparison Rule-based Accurate Require experts to modify Not portable Machine learning-based Accurate Modification of models is done through training rather than coding Portable

18 Privacy Preserving Data Publishing Weak privacy (Micro) release a modified version of each record according to a given anonymization principle assumes level of background knowledge Differential privacy (Macro) release perturbed statistics that satisfy the differential privacy principle no assumptions of background knowledge

19 Micro-data publishing Prevent linking of records in separate databases k-anonymization l-diversity Prevent discovery of sensitive values Prevent discovery of presence or absence in a database delta-presence

20 Micro-data publishing Name Age Gender Zipcode Diagnosis Henry 25 Male Influenza Irene 28 Female Lymphoma Dan 28 Male Bronchitis Erica 26 Female Influenza Table 1: Illustration of Anonymization Name Age Gender Zipcode Diagnosis Henry 25 Male Influenza Irene 28 Female Lymphoma Dan 28 Male Bronchitis Erica 26 Female Influenza Original Data Data Name Age Gender Zipcode Disease [25 28] Male [ ] Influenza [25 28] Female Lymphoma [25 28] Male [ ] Bronchitis [25 28] Female Influenza Anonymized Data Name Age Gender Zipcode Disease [25 28] Male [ ] Influenza [25 28] Female Lymphoma [25 28] Male [ ] Bronchitis [25 28] Female Influenza Anonymized Data

21 k-anonymization Quasi identifier set Sensitive attributes Table is k-anonymous if every record has k-1 other records with the same quasiidentifier set The probability of linking a victim to a specific record through QID is at most 1/k

22 l-diversity Extension of k-anonymization Also ensures that each group has at least l distinct sensitive values Prevents disclosure of sensitive values

23 Macro-data publishing Differential Privacy is a strong privacy notion Requires that a randomized computation yields nearly identical output when performed on nearly identical input Interactive model limited to a specific number of queries Non-interactive model need query strategies to build noisy data cubes that maximize utility for a random query workload

24 Differentially Private Interface Query Strategy Workload Pre-designed Queries Original Data Differentially Private Interface Diff. Private Answers Diff. Private Histogram Queries Answers User

25 HIDE Framework Identifying and Sensitive Information Extraction uses state-of-the-art CRF model to extract PHI and sensitive information Data linking provides structured patient-centric view of the data De-identification and Anonymization Micro-data publication - uses data suppression and generalization to provide a k-anonymized view of the data Macro-data publication - release perturbed aggregated statistics from the patient-centric view

26 HIDE

27 Identifying and sensitive information extraction Use CRF classifier to extract information Studied impact of features including: regular expressions affixes dictionaries context Sampling techniques to adjust classifier for higher precision or recall

28 Example Token Label Token Label 77 B-age of O year O B B-disease old O - I-disease female B-gender cell I-disease with O lymphoma I-disease history O ( O

29 Regular Expressions Regular Expression Name ^[A-Za-z]$ ALPHA ^[A-Z].*$ INITCAPS ^[A-Z][a-z].*$ UPPER-LOWER ^[A-Z]+$ ALLCAPS ^[A-Z][a-z]+[A-Z][A-Za-z]*$ MIXEDCAPS ^[A-Za-z]$ SINGLECHAR ^[0-9]$ SINGLEDIGIT ^[0-9][0-9]$ DOUBLEDIGIT ^[0-9][0-9][0-9]$ TRIPLEDIGIT ^[0-9][0-9][0-9][0-9]$ QUADDIGIT ^[0-9,]+$ NUMBER [0-9] HASDIGIT ^.*[0-9].*[A-Za-z].*$ ALPHANUMERIC ^.*[A-Za-z].*[0-9].*$ ALPHANUMERIC ^[0-9]+[A-Za-z]$ NUMBERS LETTERS ^[A-Za-z]+[0-9]+$ LETTERS NUMBERS - HASDASH HASQUOTE / HASSLASH ~!@#$%\^&*()\-=_+\[\]{} ; :\",./<>?]+$ ISPUNCT (- \+)?[0-9,]+(\.[0-9]*)?%?$ REALNUMBER ^-.* STARTMINUS ^\+.*$ STARTPLUS ^.*%$ ENDPERCENT ^[IVXDLCM]+$ ROMAN ^\s+$ ISSPACE Table 1: List of regular expression features used in HIDE

30 Affixes Prefixes Suffixes All affixes up to size 3

31 Dictionaries Company Names Last Names State Names Hospital Names Male First Names Female First Names State Abbreviations

32 Context Previous 4 words Next 4 words Occurrence counts

33 Feature Vectors Token CAPS? SPECIAL? PREVIOUS NEXT LABEL 77 N Y? year B-age year N N 77 old O old N N year female O female N N old with B-gender with N N female history O history N N with of O of N N history B O B Y N of - B-disease - N Y B cell I-disease cell N N - lymphoma I-disease lymphoma N N cell ( I-disease

34 Features Set Results 220 re-identified pathology reports for i2b2 task 10-fold cross-validation

35 Features Set Results d r rd a ad ra rad c cd ac acd rc rac racd rcd Precision Recall F-Score

36 Sampling Honest brokers are concerned more about recall than precision Cost proportionate rejection sampling is often used for boosting Training examples are selected based on the associated cost of missing that label

37 Random O-Sampling Keep all non- O labels Select O labels with given probability Biases the classifier to select a label other than O

38 Random O-Sampling i2b2 PhysioNet Sample Probability Sample Probability prec recall f-score prec recall f-score

39 Window Sampling Select all non- O labels Select all terms within given window of any non- O label

40 Window Sampling i2b2 PhysioNet History Size Precision F-Score Recall History Size Precision Recall F-Score

41 Information Extraction Conclusion HIDE has a fast and accurate CRF for detecting PHI Feature engineering has been explored in great detail Window Sampling can be used to adjust recall with minimal impact on precision Impact of training data size

42 Micro-data publishing Release patient-centric view or original data with suppressed or generalized values Apply k-anonymization and l-diversity principles to unstructured data Evaluate query accuracy on real medical data

43 Micro-data publishing Full de-identification Remove all identifiers Partial de-identification Remove direct identifiers Statistical de-identification Statistical anonymization

44 Statistical Anonymization Partition the original data points into groups that will all share the same values with respect to QID Use multi-dimensional mondrian algorithm for releasing k-anonymized and l-diverse version of structured patient-centric view

45 Partitioning (a) Patients (b) Single-Dimensional (c) Strict Multidimensional e 4. Spatial representation of Patients and partitionings (quasi-identifiers Zipcode an

46 Mondrian algorithm Greedy top-down partitioning approach Choose dimension with maximum range Split at median if each newly created partition still satisfies k-anonymization and l-diversity

47 Example 50 (k = 50) (k = 25) (k = 10) (b) Greedy strict multidimensional partitioning More precision partitions are possible with smaller k

48 Query Accuracy 100 pathology reports age > n age < n 10,000 random queries

49 Query Accuracy Query Precision (%) Statistical De-identification Partial De-identification Full De-identification k

50 Macro-data publishing Differentially private data publishing (DPDP) module in HIDE Create differentially private data cube where each dimension represents a statistic over the patient-centric view Partitioning algorithm based on information gain to maximize level of utility of differentially private data cube Consistency algorithm to enhance utility

51 Differentially Private Interface Query Strategy Workload Pre-designed Queries Original Data Differentially Private Interface Diff. Private Answers Diff. Private Histogram Queries Answers User

52 DPDP considers: DPDP Access to original data Partitioning of the original database that best satisfies the workload of queries Level of differential privacy of data cube Level of utility (or noise) in the released data cube

53 Access to original database Every time the original database is accessed we use some of the privacy budget Access the original database in a differentially private manner Minimize the amount of times the original data is queried to minimize the amount of noise we must add to the results

54 Query Strategy Develop a query strategy that will allow the most utility given random queries from the user This query strategy is accomplished by partitioning the data according to information gain

55 Partitioning of the original database Release two data cubes One using cell-based algorithm that partitions database into itʼs individual cells and release a perturbed count for each cell One using top-down multi-dimensional partitioning strategy, where each split value selection maximizes the information gain and ensures the uniformity of the data points in the partition A consistency algorithm will be applied to the two datacubes that will increase the accuracy of the released datacubes

56 Cell partitioning Age Income 40K 50K Q1: count() where Age = 20, Income = 40K Q2: count() where Age = 20, Income = 50K alpha Age Income 40K 50K Q Select count where age > 20 and age < 30 alpha is the differential privacy parameter

57 Multi-dimensional partitioning Age Income 40K 50K Multi-dimensioning partitioning Age Income 40K 50K Select count where age > 20 and age < 30 Noise is divided

58 Goals of partitioning strategy Large partitions to minimize aggregated perturbation error Uniform partitions to minimize approximation error Minimize the number of times we access the original data

59 Proposed Approach Age Income 40K 50K Cell partitioning queries (alpha/2) 3. Multi-dim partitioning queries (alpha/2) K 50K Multi-dim 40K 50KPartitioning K 50K

60 Utility of release The level of utility is measured by comparing the value a query workload on the released differentially private data cubes and a non-perturbed data cube generated from the original data We empirically evaluate the level of error that is function of the given privacy budget

61 Software Web application Python, Django, and CouchDB Interface Iterative labeling of documents and training underlying classifier Analyze accuracy of classifier on validation sets Classifier is super-fast CRF provided by CRFSuite

62 Publications Y. Xiao, J. Gardner, L. Xiong. DPCube: Releasing Differentially Private Data Cubes for Health Information (demo paper). In 28th IEEE International Conference on Data Engineering (ICDE), 2012 James Gardner, Li Xiong, Fusheng Wang, Andrew Post and Joel Saltz. An evaluation of feature sets and sampling techniques for statistical de-identification of medical records. In 1st ACM International Health Informatics Symposium, 2010 (to appear). Li Xiong, James Gardner, Pawel Jurczyk and James J. Lu. Privacy Preserving Information Discovery on EHRs. In Information Discovery on Electronic Health Records, Ed. Vagelis Hristidis. Chapman and Hall/CRC, pp , James Gardner and Li Xiong. An integrated framework for de-identifying unstructured medical data. Data and Knowledge Engineering, 68(12), pp , 2009, doi: /j.datak James Gardner, Kanwei Li, Li Xiong and James J. Lu. HIDE: Heterogeneous Information DEidentification (demo track). 12th International Conference on Extending Database Technology (EDBT), March, James Gardner and Li Xiong. HIDE: A Health Information DE-identification System. In 21st IEEE International Symposium on Computer-Based Medical Systems (CBMS), June, 2008