Article Preview
TopIntroduction
Medical registries provide a platform for collecting the outcomes of medical treatments in a systematic way. Recording the initial conditions of the patients, the applied treatments and their results, short- and long-term, permits assessment of the relative quality of various methods and devices and to determine their optimal scope of application. This should lead to better decisions in the future and in effect to an improvement of patient care and to a cost reduction. The value of a registry increases with the quantity and quality of collected data. On the other hand, these data are personally highly sensitive, possibly stigmatizing. When disclosed, they may be used as a basis for discrimination and profiling. Their privacy is strictly regulated. However, when subsequent data records related to a patient are entered, e.g., for a follow-up examination, he/she has to be retrieved, therefore his/her real identity must be stored in the system. For the purpose of medical research these identities are irrelevant but the data set of a patient must still be connected. These requirements are partly contradictory but we have to satisfy them all. In this paper we present a novel architecture based on the physical separation of the identity related data and the anonymized clinical data that greatly limits the risk of a privacy breach while still allowing for valuable medical research. We have discussed these trade-offs with a special stress on the ethical aspects in Sliwa and Benoist (2011).
We work in a multifaceted area concerning the following aspects:
- •
Privacy / security technology,
- •
Utility requirements of medical registries,
- •
Compliance to privacy legislation.
First, we present the rationale for medical registries and their organization as statistical databases. We also discuss the legal environment in which these registries operate. Then we present the architecture of our solution. We give examples of the problems related to the separation of the data categories and show their solutions. Finally we summarize the experience gained from our project and outline the possible future work in this area.