October 15, 2007 at 11:53 am
I have this situation where I need to retrieve information for a particular, date or a range of dates. My problem is I cannot display the dates in the extracted information, in a sense need to encrypt the date but get the information pertaining to that date/dates. Is there a way to do it ?
October 15, 2007 at 12:17 pm
I think what you are saying is you have a table with some fields including a date field. You want to return records based on the date, but do not want to display the actual date information. If that is the case, just don't return the date:
SELECT MyField1, MyField2
FROM MyTable
WHERE MyDate BETWEEN '1/1/2007' AND '2/1/2007'
October 15, 2007 at 12:48 pm
They need the date but in a de-identifiable format. For example if I need how many people born between 01/01/07 to 03/01/07 , then it has to be displayed with the actual date format.Has to be unique but not identifiable.Hope it makes sense.
October 15, 2007 at 12:58 pm
I guess I do not understand. You need the date, but you need it returned in a way that nobody can figure out what the date actually is.
I do not think I can help you with this.
October 15, 2007 at 12:59 pm
i'd go with Michaels suggestion. don't display the date at all. either print something like 'xx/xx/xxxx', or don't display it. munging it into the number of seconds, or turning it into a hex string are all options, but what for? if you don't want them to be able to see/deduce the date, don't display it.
Lowell
October 17, 2007 at 8:34 am
Ok here is my situation. I work in a hospital where patient information like dob, date of admission, etc cannot be revealed due to HIPAA regulations. I work in the research dept. So my situation is suppose a doctor wants to know that a patient X has had treatments done from 01/01/07 to 03/01/07 , then I should not display in the date format. So I have to mask it in such a way like maybe janoneoseven .But this can easily identified by a lay man walking in the hospital , if someone takes a print out and leaves it on the table. So I have to mask or de-identify the date in such a way where the developer or the reasearcher can identify but a lay man cannot. Hope this makes sense and hope someone can help me.
October 17, 2007 at 8:47 am
Put an episode number on the form, and throw all of the other identifiable info away. You have access to the episode number lookup table, but no one else does.
And....break anyone's hands who leaves clinical data on the table. PHI or no. There's no reason you should have clinical data in any area that a lay person can get to it unless you have a procedural lapse.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 17, 2007 at 9:09 am
Thanks but I am not sure if it work if I need multiple procedures for the same patient . For example a patient with the same DOB could have had multiple occurances or procedures on different dates. How do I uniquely identify that ?
Thanks
October 17, 2007 at 9:18 am
At the hospital I worked at episode number = a serial number assigned by patient stay. Each time they left, or if they got transferred from outpatient to inpat - it changed. the beautiful thing was - since it's serial in nature - there's no way (short of hacking the DB) to find out who that was based on what you have on the piece of paper.
The purpose here was to hide the patient info, not necessarily to uniquely identify each procedure. If you need a unique procedure ID - that would be another serial ID.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 17, 2007 at 9:31 am
Thanks. Any input as to how you did that ? Do you have a function/procedure ? The other concern is to scramble the date fields and then descramble it back. Any thoughts hugely appreciated.
Thanks
October 17, 2007 at 9:51 am
No function - it came directly from a table we maintained. Each time one of those situations occurred, the previous episode was "closed" and the the new one opened. The backend table had foreign keys to the person table (with name, MRN, etc...)
We just provided a secure "lookup" interface for the Healthcare professionals to go "look up an episode".
Once you remove the patient info (name, SSN, DOB) - why would you care to encrypt anything? The date of service itself isn't PHI.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 17, 2007 at 10:21 am
Ok the problem is that the research dept wants date information to do some kind of analysis work but without the actual date being shown in their analysis. So I want to descramble the date fields not necessarily just the DOB.
Thanks for all the help
October 17, 2007 at 10:57 am
Then use the procedure ID concept. Make a serial number uniquely identifying all procedures, and put THAT on the form. Anything "decryptable" without some machine process isn't worth encrypting.
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 17, 2007 at 11:33 am
Thanks for your input but I still believe we need the date but in a de-identifiable format
October 17, 2007 at 11:55 am
Julian!!!!
Viewing 15 posts - 1 through 15 (of 22 total)
You must be logged in to reply to this topic. Login to reply