Federal laws regulating health-care records aim to protect patients’ privacy and keep personal information secure. But those restrictions can limit the utility of the data for research purposes. Two Manning School of Business professors are working to develop cutting-edge technology that improves patient confidentiality protection while making high-quality data available to health-care researchers.
Professor Xiaobai Li is leading a team that received a $700,000 grant from the National Institutes of Health (NIH) to develop data-masking technology that will protect patient confidentiality while providing researchers access to useful heath-care data. Also involved in the three-year project are Manning School Prof. Luvai Motiwalla as well as Prof. Patricia Franklin and Assoc. Prof. Wenjun Li, both of UMass Medical School.
“It is difficult to strike a balance between privacy protections and providing the best data quality possible,” says UMass Lowell’s Li. “By developing a data-masking system, we can better protect privacy and at the same time we can make the data more useful.”
The availability of quality information contained in medical records has broad implications for policy, treatments and health-care finance, says Motiwalla. The data can be used by physicians who are searching for new treatments as well as health-care economists who are seeking to control the costs of care.
In a first phase of the project, the professors are collecting and testing data that is currently available under the Health Insurance Portability and Accountability Act (HIPAA), which defines the rules about what patient information can be released to outside parties. The professors have been looking for vulnerabilities in the existing privacy protections. A significant weakness in the system’s privacy mechanism has already been uncovered, Li says.
The data-masking techniques developed under the grant will complement existing encryption technologies that are used to shield patient identities in medical records. The researchers are taking what they describe as a “divide-and-counter” approach that consists of two main components: Partitioning the data into subsets to preserve the statistical properties and masking the data to protect personal information from being disclosed. The final stage of the project will involve testing the data-masking technology using hospital, clinical trial, Medicare claims and other patient data.