Gonymizer

随着1996年《健康保险可移植性和责任法案》(HIPAA)的颁布,法律要求处理健康信息的所有实体保护所有包含个人识别信息(PII)和私人健康信息(PHI)的数据。每泄露一条记录,泄露这些数据的罚款可能从100美元到50000美元不等。数据泄露或泄露对患者和受委托使用phi的公司都是极其昂贵的。在我们的演示中,我们介绍了Gonymizer,这是一个用Go-at-Smithrx编写的工具,用于处理来自生产数据库实例的phi和pii数据的匿名化。
这些数据是匿名的,并加载到非生产环境中,以允许我们使用具有代表性的数据进行开发和测试。这使得使用一个简单的列映射(在单个JSON文件中为数据集定义)快速简单地匿名敏感信息。我们已经构建了一系列自定义处理器来处理基本任务,例如名字和姓氏匿名、将数据更改为假地址(如街道地址、城市、邮政编码和州)等。构建处理器的接口也是完全可扩展的,任何具有基本Go经验的人都应该能够构建能够有效匿名您的数据的处理器。我们还将展示该工具如何减少新功能的开发时间,以及如何在具有非敏感数据集(HIPAA、PCI等)的兼容环境中简化测试。
在演示结束时,我们将讨论如何使用Docker构建我们的基础设施,以将Gonymizer装箱,并使用Kubernetes安排匿名化和加载我们的测试环境。本次讨论针对在医疗保健领域工作的任何人,该领域收集的数据包含phi和/或pii,并由hipaa进行管理。

展开查看详情

1.Gonymizer A Tool to Anonymize Sensitive PostgreSQL Data Tables for Use in QA and Testing Levi Junkert

2.Agenda ● Introductions ● HIPAA Regulations ● SmithRx Solution: Gonymizer ● Gonymizing multiple environments using Kubernetes ● Demo ● Wrap-up

3.Who am I? ● Database systems 18 years ○ MySQL ○ PostgreSQL ● Software Engineering 11 years ○ Product, Infrastructure, and Automation ● DB and SE Experience ○ Facebook ○ RightNow ( Oracle) ○ OpenDNS (Cisco) ○ Get Better

4. Services Agreement Formulary Agreement Self-Insured Manufacturer Employer Wholesaler Payment for Product Formulary Rebates Service and Data Pass through Fees (specialty ) of rebate Product Shipment PBMs sit in the Drug Wholesaler Pharmacy Benefit Manager Serv. Contract middle of a large and Product Shipment Payer Reimbursement complex ecosystem Pharmacy Payment for Product Prescription Reimbursement to PBM Pharmacy Vendor Agreement Network Participation Dispense Prescription Copayment or Coinsurance Patient Financial Flow Contract Relationship Fein, Adam. J., The 2016 Economic Report on Retail, Mail and Specialty Pharmacies, Drug Channels Institute, January 2016 . Product Movement

5.

6. HIPAA Regulations Health Insurance Portability and Accountability Act of 1996 United States Legislation

7.HIPAA Regulations Examples Importance Solutions © All Rights Reserved - Chris Slane

8.HIPAA Regulations Examples Importance Solutions

9.HIPAA Regulations Examples Importance Solutions

10.HIPAA Regulations Examples Importance Solutions

11.HIPAA Safe Harbor Method (164 somethin b2?) Regulations ● Name ● URL addresses ● Street ● Social Security Number Examples ● All elements of dates ● Account numbers but year ○ CC/Debit Importance ● Telephone Number ● Passwords Solutions ● Fax Number ● Email Address ● Driver Licenses and IDS ● Vehicle IDs ● Biometric IDs ● Full face photos ○ Other comparable images

12.HIPAA Safe Harbour Method (164 somethin b2?) Regulations ● Name ● URL addresses ● Street ● Social Security Number Examples ● All elements of dates ● Account numbers but year ○ CC/Debit Importance ● Telephone Number ● Passwords Solutions ● Fax Number ● Email Address ● Driver Licenses and IDS ● Vehicle IDs ● Biometric IDs ● Full face photos ○ Other comparable images

13.SmithRx Solution: Gonymizer

14.Gonymizer Requirements Design Mapping

15.Gonymizer Requirements Design Mapping

16.Gonymizer Requirements Design Mapping

17.Gonymizer ● Dump of the original PHI dataset Requirements ● Load the data set into a PSQL host Design ● Assignable scrambler function(s) Mapping ● A map to know which columns to anonymize ● Must keep relationships intact ● Must be able to be automated

18.Gonymizer Separated Commands ● Dump Requirements ○ Downloads SQL dump file ● Map Design ○ Build and maintain an anonymization map Mapping for ■ Schemas ■ Tables ■ Columns ● Process ○ Anonymizes columns according to map ● Load ○ Loads the anonymized file

19.Gonymizer DUMP Requirements Design Mapping LOAD

20.Gonymizer PROCESS Requirements Design Mapping MAP

21.Gonymizer Requirements Design Mapping

22.Gonymizer Requirements ? Design Mapping

23.Gonymizer Requirements Design Mapping

24.Gonymizer Requirements Design Mapping

25.Gonymizer Requirements Design Mapping

26.Gonymizer Requirements Design Person Mapping

27.Gonymizer Requirements Design Mapping

28.Gonymizer Requirements Design Mapping

29.Gonymizer Requirements Design Mapping