Field
The described embodiments relate to techniques for securing records. In particular, the described embodiments relate to techniques for securing records by elimination context information with substitutions, and/or by adding additional artificial records in order to ensure a uniform distribution of at least some phrases or values.
Related Art
While the large datasets can facilitate a wide variety of value-added services, such datasets are increasingly vulnerable to unauthorized viewing and theft. In addition to significant financial harm, these criminal activities are particularly devastating in the case of sensitive information, such as medical records for patients. Consequently, many countries have passed stringent laws and regulations in attempt to protect medical records. For example, in the United States, Protected Health Information (PHI) in general is covered by the Health Insurance Portability and Accountability Act (HIPAA) while electronic PHI (such as medical records) is covered by the HIPAA Security Rule (SR).
Instead of mandating particular security infrastructure and techniques, the HIPAA SR provides a flexible framework that requires an organization that has access to or that handle electronic PHI to continuously assess and adapt their security procedures based on the maturity of the organization, the security risks, and the approaches used by similar organizations. In principle, this regulatory framework helps organizations dynamically improve their handling of electronic PHI. In general encryption is a widely used security technique in most organizations' HIPAA plans. For example, patient medical records and related sensitive information are often encrypted using symmetric or asymmetric key encryption, and/or using a cryptographic hashing function.
As the power of widely available computing systems has increased, the encryption key length has also been increased to make it more difficult (and, thus, more time consuming) to break the encryption. For example, most organizations use at least 128 or 256-bit encryption keys. While longer encryption keys can increase the security of the electronic PHI, there is usually a cost in the form of increased encryption/decryption times and processing requirements. For small medical records, these costs are usually negligible. However, for very large medical records, such as those that include medical images, the encryption/decryption times and processing requirements can be prohibitive.
More fundamentally, and as embodied in the HIPAA law, the use of encryption does not, per se, ensure the security of electronic PHI. Indeed, there have bees routine breaches of security in datasets that were, in principle, secured using encryption. In the context of healthcare, the perceived lack of security undermines patient trust and, thus, adversely impact patient satisfaction.