The growing availability of clinical notes presents a significant opportunity for medical AI and research, yet access remains constrained by the need to protect patient privacy. This work introduces a modular de-identification pipeline designed to balance strict privacy requirements with the preservation of clinical utility. The system begins with hybrid Protected Health Information (PHI) detection, combining rule-based filters, dictionary matching, and a fine-tuned BioClinicalBERT model. Its core innovation lies in configurable substitution logic and a multi-dimensional framework for adversarial risk evaluation. Unlike traditional approaches, the pipeline incorporates quantitative assessments of quasi-identifier uniqueness, semantic leakage, and masked language model predictability to simulate realistic privacy threats. A large synthetic corpus of 500,000 annotated clinical notes was used to enable both model training and adversarial testing, ensuring that the system could be stress-tested and evaluated under controlled conditions. The evaluation generated reproducible audit reports that document the effective redaction of sensitive information while quantifying the preservation of clinical meaning, thereby demonstrating the pipeline’s potential to support privacy protection and data utility. This work offers a scalable and transparent mechanism for privacy-preserving data exchange, setting a new standard for de-identification by integrating threat simulation, utility evaluation, and principled risk modeling.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Privacy-Preserving Clinical Data De-Identification and Evaluation Framework Using Synthetic Data

  • Ebenezer Addo-Maclean,
  • Hatem Ahriz,
  • Muhammad Shadi Hajar

摘要

The growing availability of clinical notes presents a significant opportunity for medical AI and research, yet access remains constrained by the need to protect patient privacy. This work introduces a modular de-identification pipeline designed to balance strict privacy requirements with the preservation of clinical utility. The system begins with hybrid Protected Health Information (PHI) detection, combining rule-based filters, dictionary matching, and a fine-tuned BioClinicalBERT model. Its core innovation lies in configurable substitution logic and a multi-dimensional framework for adversarial risk evaluation. Unlike traditional approaches, the pipeline incorporates quantitative assessments of quasi-identifier uniqueness, semantic leakage, and masked language model predictability to simulate realistic privacy threats. A large synthetic corpus of 500,000 annotated clinical notes was used to enable both model training and adversarial testing, ensuring that the system could be stress-tested and evaluated under controlled conditions. The evaluation generated reproducible audit reports that document the effective redaction of sensitive information while quantifying the preservation of clinical meaning, thereby demonstrating the pipeline’s potential to support privacy protection and data utility. This work offers a scalable and transparent mechanism for privacy-preserving data exchange, setting a new standard for de-identification by integrating threat simulation, utility evaluation, and principled risk modeling.