<p>Under GDPR, protecting patient privacy is paramount. Yet, radiology departments routinely collect vast amounts of patient data to advance patient care and support medical research. The majority of this collected data are stored in DICOM format and contain a mix of PII (Personally Identifiable Information) and non-PII attributes, both of which require careful privacy assessment. The traditional risk assignment process involves a privacy expert who classifies attributes as direct, indirect, or non-identifiers based on their domain knowledge. Although expert insight remains valuable, the lack of systematic, data-driven methods results in inconsistencies and limited reproducibility. To bridge this gap, we present a Bayesian-driven pipeline that integrates topic modeling, synthetic data generation, and hierarchical Bayesian inference to quantify privacy risk scores for individual DICOM attributes. Our approach not only identifies high-risk direct attributes but also identifies several quasi-identifiers that are not privacy-friendly. The proposed method will provide organizations with a structured, evidence-based strategy for assessing and mitigating privacy concerns, thereby promoting more consistent data protection practices.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Advancing Data Privacy Under GDPR: A Bayesian Approach to Structured Risk Quantification in Medical DICOM Data

  • Santhosh Sankar

摘要

Under GDPR, protecting patient privacy is paramount. Yet, radiology departments routinely collect vast amounts of patient data to advance patient care and support medical research. The majority of this collected data are stored in DICOM format and contain a mix of PII (Personally Identifiable Information) and non-PII attributes, both of which require careful privacy assessment. The traditional risk assignment process involves a privacy expert who classifies attributes as direct, indirect, or non-identifiers based on their domain knowledge. Although expert insight remains valuable, the lack of systematic, data-driven methods results in inconsistencies and limited reproducibility. To bridge this gap, we present a Bayesian-driven pipeline that integrates topic modeling, synthetic data generation, and hierarchical Bayesian inference to quantify privacy risk scores for individual DICOM attributes. Our approach not only identifies high-risk direct attributes but also identifies several quasi-identifiers that are not privacy-friendly. The proposed method will provide organizations with a structured, evidence-based strategy for assessing and mitigating privacy concerns, thereby promoting more consistent data protection practices.