EHR Anonymising System Based on the ISO/EN 13606 Norm

This paper presents a service for the anonymisation of electronic health care record (EHR) extracts for secondary use based on the ISO/EN 13606 norm. The sending of clinical data for secondary use, in accordance with current legislation, must be carried out using anonymised data. The ISO/EN 13606 standard has characteristics which favour the development of an anonymisation service, thanks to a design that separates clinical information from demographic information and allows a semantic interoperability to be achieved in the exchange of information. The developed system, based on ISO/EN 13606, consists of two modules: demographic server and an anonymising module. El demographic server is able to work independently, while the anonymising module must always work with an associated demographic server. The anonymisation is the process through which it is no longer possible to establish the link between the data and the subject to whom it refers. The demographic server is responsible for the permanent storage of the demographic entities. The anonymising module is responsible for eliminating everything linked to the demographic data of a given extract. The anonymisation process consists of four phases: storage of the demographic information included in the extract, substitution of identifiers, elimination of the demographic information of the extract and final validation. The anonymising system has been integrated into Telemedicine projects with favourable results. The sending of anonymised data for a secondary use allows the generation of large clinical databases from which knowledge can be deduced using data-mining techniques.