Novel Approach to De-Identify Relational Healthcare Databases at Rest: A De-Identification of Key Data Approach

Yazeed Ayasra; Mohammad Ababneh; Hazem Qattous

doi:10.5220/0013302000003911

Novel Approach to De-Identify Relational Healthcare Databases at Rest: A De-Identification of Key Data Approach

Yazeed Ayasra, Mohammad Ababneh, Hazem Qattous

2025

Abstract

Health information systems are widely used in the healthcare sector, and migration to cloud-based applications continues to be prominent in recent practices. Various legislations were issued by different countries to ensure the confidentiality of personal health information, introducing liabilities, and imposing penalties and fines to organizations in violation. This drives organizations to deploy significant investments in information security to safeguard various health information systems. The healthcare industry has experienced the second highest data breaches compared to other industries at 24.5% of the total data breaches in the United States between 2005 and 2023. Database layer vulnerabilities remain one of the most exploited resulting in attacks causing devastating confidentiality breaches for electronic personal health information (ePHI). The framework suggested in this work relied on de-identification using the health insurance portability and accountability act (HIPAA) safe harbor method of removing 18 identifying attributes from the data in its resting state. To achieve this, the work proposes 7 rules that allow the migration of health information system databases to the suggested framework structure to maintain a de-identified state of the database at rest. This is achieved through the segregation of identifying information in different tables based on their identification power and frequency of use while structuring them in a hierarchical manner where tables refer to the next or previous levels through encrypted foreign keys. The paper extends to successfully transform a typical EHR system database schema into a de-identified version of itself abiding to the 7 rules suggested by this work.

Download

Paper Citation

in Harvard Style

Ayasra Y., Ababneh M. and Qattous H. (2025). Novel Approach to De-Identify Relational Healthcare Databases at Rest: A De-Identification of Key Data Approach. In Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF; ISBN 978-989-758-731-3, SciTePress, pages 207-218. DOI: 10.5220/0013302000003911

in Bibtex Style

@conference{healthinf25,
author={Yazeed Ayasra and Mohammad Ababneh and Hazem Qattous},
title={Novel Approach to De-Identify Relational Healthcare Databases at Rest: A De-Identification of Key Data Approach},
booktitle={Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF},
year={2025},
pages={207-218},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013302000003911},
isbn={978-989-758-731-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies - Volume 2: HEALTHINF
TI - Novel Approach to De-Identify Relational Healthcare Databases at Rest: A De-Identification of Key Data Approach
SN - 978-989-758-731-3
AU - Ayasra Y.
AU - Ababneh M.
AU - Qattous H.
PY - 2025
SP - 207
EP - 218
DO - 10.5220/0013302000003911
PB - SciTePress