Abstract: Systems and processes for assembling de-identified patient healthcare data records in a longitudinal database are provided. The systems and processes may be implemented over multiple data suppliers and common database facilities while ensuring patient privacy. At the data supplier locations, patient-identifying attributes in the data records are placed in standard format and then doubly encrypted using a pair of encryption keys before transmission to a common database facility. The pair of encryption keys includes a key specific to the data supplier and a key specific to the common database facility. At the common database facility, the encryption specific to the data supplier is removed, so that multi-sourced data records have only the common database encryption. Without direct access to patient identifying-information, the encrypted data records are assigned dummy labels or tags by which the data records can be longitudinally linked in the database.

Abstract: A system and method for the assembly of a longitudinally linked database of patient healthcare data records involve a neutral implementation partner to ensure that sensitive patient-identifying information contained in the data records is secure at all times. The implementation partner is deployed to mediate processing of the data records in a secure environment, which is inaccessible to unauthorized parties including data supplier and database facility personnel. At data supplier sites, the implementation partner mediates processing of the data records so that the patient-identifying attributes in the data records are encrypted before they are transmitted to a common longitudinal database facility. At the common longitudinal database facility, the implementation partner mediates processing of the data records so that internal tags are assigned to data records based on the values of the encrypted patient-identifying attributes.

Abstract: A method is provided for assigning longitudinal linking tags to de-identified patient data records by matching the patient data records with reference data records. The de-identified patient data records may include both encrypted and non-encrypted data attributes. Different possible subsets of the data attributes are categorized in a hierarchy of levels. Subsets of data field values are compared with the reference data records one level at a time. Upon successful comparison or matching of a subset of data field values, a longitudinal linking tag associated with a matched reference data record is assigned to de-identified data record is assigned. When a match is not found, a new longitudinal linking tag is created and assigned to the de-identified data record. The new tag and corresponding data record attributes are then added to the reference data for future matching operations.

Abstract: Software applications are provided for integrating individual multi-sourced patient healthcare transaction data records in a longitudinal database. The data records are processed in a manner which preserves patient privacy by encrypting patient-identifying attributes in the data records and thereby rendering sensitive personal information inaccessible. The applications, which may be organized as modules using common frame work components, are designed to process the multi-sourced data records at data supplier sites and at a common database assembly facility. The applications provide the data supplier sites and the database facility with methods for acquiring attributes, standardizing formats, encryption key generation, and encrypting and decrypting attributes in the data records. The encryption application provides methods for double encryption of the data records at data supplier sites using a key specific to a data supplier and a key specific to the database facility.

Abstract: Systems and methods for processing and managing health care data records in a manner, which ensures compliance with privacy regulations governing the presence of personally identifiable information throughout all data management processes of an organization. The systems and methods involve use of a secure preprocessing environment to audit health care data records received from suppliers, to verify compliance and to encode non-compliant data fields in the data records. Encoding parameters that allow longitudinal linkability of the data records by individual are selected to replace personally identifiable information in the non-compliant data fields.