Christine M. O'Keefe

Mining Unexpected Temporal Associations: Applications in Detecting Adverse Drug Reactions

In various real-world applications, it is very useful mining unanticipated episodes where certain event patterns unexpectedly lead to outcomes, e.g., taking two medicines together sometimes causing an adverse reaction. These unanticipated episodes are usually unexpected and infrequent, which makes existing data mining techniques, mainly designed to find frequent patterns, ineffective. In this paper, we propose unexpected temporal association rules (UTARs) to describe them. To handle the unexpectedness, we introduce a new interestingness measure, residual-leverage, and develop a novel case-based exclusion technique for its calculation. Combining it with an event-oriented data preparation technique to handle the infrequency, we develop a new algorithm MUTARC to find pairwise UTARs. The MUTARC is applied to generate adverse drug reaction (ADR) signals from real-world healthcare administrative databases. It reliably shortlists not only six known ADRs, but also another ADR, flucloxacillin possibly causing hepatitis, which our algorithm designers and experiment runners have not known before the experiments. The MUTARC performs much more effectively than existing techniques. This paper clearly illustrates the great potential along the new direction of ADR signal generation from healthcare administrative databases.

Biomedical data privacy: problems, perspectives, and recent advances

The notion of privacy in the healthcare domain is at least as old as the ancient Greeks. Several decades ago, as electronic medical record (EMR) systems began to take hold, the necessity of patient privacy was recognized as a core principle, or even a right, that must be upheld.1 ,2 This belief was re-enforced as computers and EMRs became more common in clinical environments.3–5 However, the arrival of ultra-cheap data collection and processing technologies is fundamentally changing the face of healthcare. The traditional boundaries of primary and tertiary care environments are breaking down and health information is increasingly collected through mobile devices,6 in personal domains (eg, in ones home7), and from sensors attached on or in the human body (eg, body area networks8–10). At the same time, the detail and diversity of information collected in the context of healthcare and biomedical research is increasing at an unprecedented rate, with clinical and administrative health data being complemented with a range of *omics data, where genomics11 and proteomics12 are currently leading the charge, with other types of molecular data on the horizon.13 Healthcare organizations (HCOs) are adopting and adapting information technologies to support an expanding array of activities designed to derive value from these growing data archives, in terms of enhanced health outcomes.14nnThe ready availability of such large volumes of detailed data has also been accompanied by privacy invasions. Recent breach notification laws at the US federal and state levels have brought to the publics attention the scope and frequency of these invasions. For example, there are cases of healthcare provider snooping on the medical records of famous people, family, and friends, use of personal information for identity fraud, and millions of records disclosed through lost and … nnCorrespondence to Dr Bradley Malin, Department of Biomedical Informatics, Vanderbilt University, 2525 West End Avenue, Suite 600, Nashville, TN 37203, USA; b.malin{at}vanderbilt.edu

Privacy-preserving data linkage protocols

We address the problem of data linkage and data extraction across database tables of sensitive information about individuals, in an environment of constraints on organisations ability to share data and a need to protect individuals privacy and confidentiality.n We propose several privacy-preserving data linkage and data extraction protocols. Our first protocol enables data linkage across separate database tables, without requiring any identifying information to be revealed to any party outside the originating data source. Our second protocol enables the extraction of a cohort of individuals data from a data source, without revealing the membership of any individual in that cohort to the data source. We describe a variation of the first protocol which enables data sources to generate common pseudonyms without revealing any identifying information to any party, and show how the protocols are applicable for any number of data sources.

Remote access methods for exploratory data analysis and statistical modelling: Privacy-Preserving Analytics ®

This paper is concerned with the challenge of enabling the use of confidential or private data for research and policy analysis, while protecting confidentiality and privacy by reducing the risk of disclosure of sensitive information. Traditional solutions to the problem of reducing disclosure risk include releasing de-identified data and modifying data before release. In this paper we discuss the alternative approach of using a remote analysis server which does not enable any data release, but instead is designed to deliver useful results of user-specified statistical analyses with a low risk of disclosure. The techniques described in this paper enable a user to conduct a wide range of methods in exploratory data analysis, regression and survival analysis, while at the same time reducing the risk that the user can read or infer any individual record attribute value. We illustrate our methods with examples from biostatistics using publicly available data. We have implemented our techniques into a software demonstrator called Privacy-Preserving Analytics (PPA), via a web-based interface to the R software. We believe that PPA may provide an effective balance between the competing goals of providing useful information and reducing disclosure risk in some situations.

Signaling Potential Adverse Drug Reactions from Administrative Health Databases

The work is motivated by real-world applications of detecting Adverse Drug Reactions (ADRs) from administrative health databases. ADRs are a leading cause of hospitalization and death worldwide. Almost all current postmarket ADR signaling techniques are based on spontaneous ADR case reports, which suffer from serious underreporting and latency. However, administrative health data are widely and routinely collected. They, especially linked together, would contain evidence of all ADRs. To signal unexpected and infrequent patterns characteristic of ADRs, we propose a domain-driven knowledge representation Unexpected Temporal Association Rule (UTAR), its interestingness measure, unexlev, and a mining algorithm MUTARA (Mining UTARs given the Antecedent). We then establish an improved algorithm, HUNT, for highlighting infrequent and unexpected patterns by comparing their ranks based on unexlev with those based on traditional leverage. Various experimental results on real-world data substantiate that both MUTARA and HUNT can signal suspected ADRs while traditional association mining techniques cannot. HUNT can reliably shortlist statistically significantly more ADRs than MUTARA (p=0.00078). HUNT, e.g., not only shortlists the drug alendronate associated with esophagitis as MUTARA does, but also shortlists alendronate with diarrhoea and vomiting for older (age ¿ 60) females. We also discuss signaling ADRs systematically by using HUNT.

Mining unexpected associations for signalling potential adverse drug reactions from administrative health databases

Adverse reactions to drugs are a leading cause of hospitalisation and death worldwide. Most post-marketing Adverse Drug Reaction (ADR) detection techniques analyse spontaneous ADR reports which underestimate ADRs significantly. This paper aims to signal ADRs from administrative health databases in which data are collected routinely and are readily available. We introduce a new knowledge representation, Unexpected Temporal Association Rules (UTARs), to describe patterns characteristic of ADRs. Due to their unexpectedness and infrequency, existing techniques cannot perform effectively. To handle this unexpectedness we introduce a new interestingness measure, unexpected-leverage, and give a user-based exclusion technique for its calculation. Combining it with an event-oriented data preparation technique to handle infrequency, we develop a new algorithm, MUTARA, for mining simple UTARs. MUTARA effectively short-lists some known ADRs such as the disease esophagitis unexpectedly associated with the drug alendronate. Similarly, MUTARA signals atorvastatin followed by nizatidine or dicloxacillin which may be prescribed to treat its side effects stomach ulcer or urinary tract infection, respectively. Compared with association mining techniques, MUTARA signals potential ADRs more effectively.

Regression output from a remote analysis server

This paper is concerned with the problem of balancing the competing objectives of allowing statistical analysis of confidential data while maintaining standards of privacy and confidentiality. Remote analysis servers have been proposed as a way to address this problem by delivering results of statistical analyses without giving the analyst any direct access to data. Several national statistical agencies operate remote analysis servers [Australian Bureau of Statistics Remote Access Data Laboratory (RADL), ; Luxembourg Income Study, ]. Remote analysis servers are not free from disclosure risk, and current implementations address this risk by confidentialising the underlying data and/or by denying some queries. In this paper we explore the alternative solution of confidentialising the output of a server so that no confidential information is revealed or can be inferred. In this paper we review results on remote analysis servers, and provide a list of measures for confidentialising the output from a single regression query to a remote server as developed by Sparks et al. [R. Sparks, C. Carter, J. Donnelly, J. Duncan, C.M. OKeefe, L. Ryan, A framework for performing statistical analyses of unit record health data without violating either privacy or confidentiality of individuals, in: Proceedings of the 55th Session of the International Statistical Institute, Sydney, 2005; R. Sparks, C. Carter, J. Donnelly, C.M. OKeefe, J. Duncan, T. Keighley, D. McAullay, Remote access methods for exploratory data analysis and statistical modelling: privacy-preserving Analytics^(TM), Comput. Meth. Prog. Biomed. 91 (2008) 208-222.] We provide a fully worked example, and compare the confidentialised output from the query with the output from a traditional statistical package. Finally, we provide a comparison the confidentialised regression diagnostics with the synthetic regression diagnostics generated by the alternative method of Reiter [J.P. Reiter, Model diagnostics for remote-access regression servers, Statistics and Computing 13 (2003) 371-380].

A service oriented architecture for a health research data network

This paper reports on an architecture aimed at providing a technology platform for a new research facility, called the Health Research Data Network (HRDN). The two key features - custodial control over access and use of resources; and confidentiality protection integrated into a secure end-to-end system for data sharing and analysis - distinguish HRDN from other service oriented architectures for distributed data sharing and analysis.

Individual privacy versus public good: protecting confidentiality in health research

Health and medical data are increasingly being generated, collected, and stored in electronic form in healthcare facilities and administrative agencies. Such data hold a wealth of information vital to effective health policy development and evaluation, as well as to enhanced clinical care through evidence-based practice and safety and quality monitoring. These initiatives are aimed at improving individuals health and well-being. Nevertheless, analyses of health data archives must be conducted in such a way that individuals privacy is not compromised. One important aspect of protecting individuals privacy is protecting the confidentiality of their data. It is the purpose of this paper to provide a review of a number of approaches to reducing disclosure risk when making data available for research, and to present a taxonomy for such approaches. Some of these methods are widely used, whereas others are still in development. It is important to have a range of methods available because there is also a range of data-use scenarios, and it is important to be able to choose between methods suited to differing scenarios. In practice, it is necessary to find a balance between allowing the use of health and medical data for research and protecting confidentiality. This balance is often presented as a trade-off between disclosure risk and data utility, because methods that reduce disclosure risk, in general, also reduce data utility.

Some Remarks on Flocks

New proofs are given of the fundamental results of Bader, Lunardon and Thas relating flocks of the quadratic cone in PG (3, q ), q odd, and BLT-sets of Q(4, q ). We also show that there is a unique BLT-set of H(3, 9). The model of Penttila for Q(4, q ), q odd, is extended to Q(2 m , q ) to construct partial flocks of size qm /2+ m /2 – 1 of the cone k in PG(2 m – 1, q ) with vertex a point and base Q(2 m – 2, q ), where q is congruent to 1 or 3 modulo 8 and m is even. These partial flocks are larger than the largest previously known for m > 2. Also, the example of OKeefe and Thas of a partial flock of k in PG(5, 3) of size 6 is generalised to a partial flock of the cone k of PG(2 pn – 1, p ) of size 2 pn , for any prime p congruent to 1 or 3 modulo 8, with the corresponding partial BLT-set of Q(2 pn , p ) admitting the symmetric group of degree 2 pn + 1.