TR-IIS-03-004    PDF format

Abstract

We propose a computer system named Cellsecu that maintains not only the anonymity but also the confidentiality of each cell that contains sensitive information in medical database by automatically removing, generalizing, and expanding information. The system is designed to enhance the data privacy protection for the data warehouse to automatically handle queries. In most of the cases health organizations collect medical data with all explicit identifiers, such as name, address, and phone numbers. Simply removing all the explicit identifiers priori to the release of the data is not enough to preserve the data confidentiality, for the remaining data can be used to re-identify individuals by linking or matching the data to other database or by looking at unique characteristics found in the database.

A formal model based on Modal logic is the theoretical foundation of Cellsecu, a new confidentiality criteria called "non uniqueness" is defined and implemented. We believe modeling this problem formally can clarify the issue as well as clearly identify the boundary of current technology. Base on our preliminary performance evaluation, the confidentiality check module and the confidentiality enhancing module only slightly degrade the system performance.

Key words: data privacy, cellsecu, modal logic, medical database, re-identify