Experts get creative in protecting patient IDs in audit trails

A body that advises the state of Massachusetts about health information exchanges has devised an unusual approach to maintaining the privacy of patient information while allowing the use of audit trails.

In a recent blog post, John Halamka, CIO of Beth Israel Deaconess Medical Center in Boston, explained that the technology workgroup of the Massachusetts State HIE Advisory Committee recently grappled with an issue that arises from the use of the Direct secure messaging protocol: When one provider sends a Direct message to another, it is surrounded by an electronic "envelope" that contains key information about senders, receivers and content in the form of metadata. While unauthorized parties cannot access that information, it is also unavailable for audit purposes.

Halamka notes that patient identifiers may be necessary in case an authorized party needs to know, for example, when messages concerning a particular patient were sent from one provider to another. "For medical/legal, data integrity, and service level guarantees, patient identifiers in the audit trail make HIE operations easier," he writes.

The question is how to provide that information without violating a patient's privacy, or raising concerns that HIE staff members might have unauthorized access to the data.

The Massachusetts advisory committee's workgroup came up with an ingenious solution, Halamka reports. "We elected to remove all human readable patient identifiers from the audit trail, instead using hashes of such data elements as name and date of birth for auditing purposes," he says.

In other words, the technical experts decided to use a "hashing algorithm" to anonymize patient identifiers. For example, Halamka says, his first name becomes AY#! and his last name becomes *iUOP. So even if an HIE staffer breached or mined the audit trail, he or she could not identify Halamka.

Beyond the use of hashing algorithms in Direct messaging, Halamka adds, they also could be important for linking together heterogenous databases and using business intelligence applications in accountable care organizations.

HIEs increasingly are utilizing Direct for a variety of purposes, said participants in a seminar at the conference of the Healthcare Information and Management Systems Society (HIMSS) in February. For example, Holly Miller, CIO of MedAllies, a New York exchange, said her organization uses Direct to enable primary care doctors to send an "order" to a specialist for a referral and to receive a "result" in the form of the consultant's report.

To learn more:
- read Halamka's post

Suggested Articles

Nearly 10,000 patients involved in research studies were impacted by a third-party privacy breach that may have exposed their medical diagnoses, test results…

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.