Process mining has been successfully applied in the healthcare domain and has helped touncover various insights for improving healthcare processes. While the benefits of process miningare widely acknowledged, many people rightfully have concerns about irresponsible uses of personaldata. Healthcare information systems contain highly sensitive information and healthcare regulationsoften require protection of data privacy. The need to comply with strict privacy requirements mayresult in a decreased data utility for analysis. Until recently, data privacy issues did not get muchattention in the process mining community; however, several privacy-preserving data transformationtechniques have been proposed in the data mining community. Many similarities between datamining and process mining exist, but there are key differences that make privacy-preserving datamining techniques unsuitable to anonymise process data (without adaptations). In this article, weanalyse data privacy and utility requirements for healthcare process data and assess the suitabilityof privacy-preserving data transformation methods to anonymise healthcare data. We demonstratehow some of these anonymisation methods affect various process mining results using three publiclyavailable healthcare event logs. We describe a framework for privacy-preserving process mining thatcan support healthcare process mining analyses. We also advocate the recording of privacy metadatato capture information about privacy-preserving transformations performed on an event log.
Keywords: anonymisation; data privacy; healthcare process data; privacy metadata; process mining.