Privacy-enhancing ETL-processes for biomedical data

Fabian Prasser; Helmut Spengler; Raffael Bild; Johanna Eicher; Klaus A Kuhn

doi:10.1016/j.ijmedinf.2019.03.006

Privacy-enhancing ETL-processes for biomedical data

Int J Med Inform. 2019 Jun:126:72-81. doi: 10.1016/j.ijmedinf.2019.03.006. Epub 2019 Mar 23.

Authors

Fabian Prasser¹, Helmut Spengler², Raffael Bild², Johanna Eicher², Klaus A Kuhn²

Affiliations

¹ Institute of Medical Informatics, Statistics and Epidemiology, University Hospital rechts der Isar, Technical University of Munich, Ismaninger Str. 22, 81675 Munich, Germany. Electronic address: fabian.prasser@tum.de.
² Institute of Medical Informatics, Statistics and Epidemiology, University Hospital rechts der Isar, Technical University of Munich, Ismaninger Str. 22, 81675 Munich, Germany.

PMID: 31029266
DOI: 10.1016/j.ijmedinf.2019.03.006

Abstract

Background: Modern data-driven approaches to medical research require patient-level information at comprehensive depth and breadth. To create the required big datasets, information from disparate sources can be integrated into clinical and translational warehouses. This is typically implemented with Extract, Transform, Load (ETL) processes, which access, harmonize and upload data into the analytics platform.

Objective: Privacy-protection needs careful consideration when data is pooled or re-used for secondary purposes, and data anonymization is an important protection mechanism. However, common ETL environments do not support anonymization, and common anonymization tools cannot easily be integrated into ETL workflows. The objective of the work described in this article was to bridge this gap.

Methods: Our main design goals were (1) to base the anonymization process on expert-level risk assessment methodologies, (2) to use transformation methods which preserve both the truthfulness of data and its schematic properties (e.g. data types), (3) to implement a method which is easy to understand and intuitive to configure, and (4) to provide high scalability.

Results: We designed a novel and efficient anonymization process and implemented a plugin for the Pentaho Data Integration (PDI) platform, which enables integrating data anonymization and re-identification risk analyses directly into ETL workflows. By combining different instances into a single ETL process, data can be protected from multiple threats. The plugin supports very large datasets by leveraging the streaming-based processing model of the underlying platform. We present results of an extensive experimental evaluation and discuss successful applications.

Conclusions: Our work shows that expert-level anonymization methodologies can be integrated into ETL workflows. Our implementation is available under a non-restrictive open source license and it overcomes several limitations of other data anonymization tools.

Keywords: Anonymization; Clinical data warehousing; Extract Transform Load; Privacy.

Publication types

Research Support, Non-U.S. Gov't

MeSH terms

Algorithms
Biomedical Research*
Datasets as Topic
Humans
Privacy*