Application of Privacy-Preserving Techniques in Operational Record Linkage Centres

  • James H. BoydEmail author
  • Sean M. Randall
  • Anna M. Ferrante


Record linkage is the process of bringing together data relating to the same individual within and between different datasets. These integrated datasets provide diverse and rich resources for researchers without the cost associated with additional data collection. By their nature, record linkage systems deal with large volumes of data and require complex organizational and technical infrastructure. Bringing together information from different sources often requires many different organizations to collaborate and share data, which presents challenges around data privacy and confidentiality. Various processes and protocols have been developed to protect the privacy of individuals during the record linkage process. These include data governance procedures covering people, processes and information technology, role separation and restricted data flows. Combinations of these are used to mitigate risks to privacy by limiting access to certain information. In addition, privacy-preserving record linkage techniques can be utilized to further reduce the risk to privacy, by removing all personal identifying information from linkage protocols. This chapter reviews current practices, processes and developments for maintaining security and privacy as applied in existing record linkage centres. Models for role separation and data flows are outlined and evaluated, and requirements for an effective privacy-preserving record linkage protocol are described.


Linkage Quality Record Linkage Data Provider Privacy Risk Disclosure Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Acheson, E., Evans, J.: The Oxford record linkage study: a review of the method with some preliminary results. Proc. R. Soc. Med. 57(4), 269 (1964)Google Scholar
  2. 2.
    Bachteler, T., Reiher, J., Schnell, R.: Similarity filtering with multibit trees for record linkage. Technical Report Working Paper WP-GRLC-2013-02, German Record Linkage Center, Nuremberg (2013)Google Scholar
  3. 3.
    Bass, A., Garfield, C.: Statistical linkage keys: how effective are they? In: Symposium on Health Data Linkage, pp. 40–45, Sydney (2002). Available online at:
  4. 4.
    Borst, F., Allaert, F., Quantin, C.: The Swiss solution for anonymously chaining patient files. Stud. Health Technol. Inform. 84(2), 1239–1241 (2001)Google Scholar
  5. 5.
    Boyd, J., Ferrante, A., O’Keefe, C., Bass, A., Randall, S., Semmens, J.: Data linkage infrastructure for cross-jurisdictional health-related research in Australia. BMC Health Serv. Res. 12(1), 480 (2012)CrossRefGoogle Scholar
  6. 6.
    Boyle, D., Rafael, N.: BioGrid Australia and GRHANITE TM: privacy-protecting subject matching. Stud. Health Technol. Inform. 168, 24–34 (2011)Google Scholar
  7. 7.
    Brook, E., Rosman, D., Holman, C.: Public good through data linkage: measuring research outputs from the Western Australian data linkage system. Aust. N. Z. J. Public Health 32(1), 19–23 (2008)CrossRefGoogle Scholar
  8. 8.
    Brownell, M., Jutte, D.: Administrative data linkage as a tool for child maltreatment research. Child Abuse Negl. 37(1), 120–124 (2013)CrossRefGoogle Scholar
  9. 9.
    Chamberlayne, R., Green, B., Barer, M., Hertzman, C., Lawrence, W., Sheps, S.: Creating a population-based linked health database: a new resource for health services research. Can. J. Public Health 89(4), 270–3 (1997)Google Scholar
  10. 10.
    Christen, P.: Data matching. In: Data-Centric Systems and Applications. Springer, Berlin (2012)CrossRefGoogle Scholar
  11. 11.
    Clark, D.: The Scottish medical record linkage system: past, present and future. In: Scottish Health Information Programme Conference. St. Andrews (2009)Google Scholar
  12. 12.
    Ferrante, A.: Developing an offender-based tracking system: the Western Australia INOIS project. Aust. N. Z. J. Criminol. 26, 232–250 (1993)CrossRefGoogle Scholar
  13. 13.
    Ferrante, A.: The use of data-linkage methods in criminal justice research: a commentary on progress, problems and future possibilities. Curr. Issues Crim. Justice 20(3), 1–15 (2009)MathSciNetGoogle Scholar
  14. 14.
    Ferrante, A., Boyd, J.: A transparent and transportable methodology for evaluating data linkage software. J. Biomed. Inform. 45(1), 165–172 (2012)CrossRefGoogle Scholar
  15. 15.
    Fleming, M., Kirby, B., Penny, K.: Record linkage in Scotland and its applications to health research. J. Clin. Nurs. 21(19–20), 2711–2721 (2012)CrossRefGoogle Scholar
  16. 16.
    Ford, D., Jones, K., Verplancke, J., Lyons, R., John, G., Brown, G., Brooks, C., Thompson, S., Bodger, O., Couch, T., Leake, K.: The SAIL databank: building a national architecture for e-health research and evaluation. BMC Health Serv. Res. 9(1), 157 (2009)CrossRefGoogle Scholar
  17. 17.
    Gill, L., Goldacre, M.: English national record linkage of hospital episode statistics and death registration records. Technical Report, Unit of Health-Care Epidemiology, Oxford University, Oxford (2003)Google Scholar
  18. 18.
    Gomatam, S., Carter, R., Ariet, M., Mitchell, G.: An empirical comparison of record linkage procedures. Stat. Med. 21(10), 1485–1496 (2002)CrossRefGoogle Scholar
  19. 19.
    Harris, J.: Next generation linkage management system. In: Gray, K., Koronios, A. (eds.) Sixth Australasian Workshop on Health Informations and Knowledge Management, vol. 142, pp. 7–12. Australian Computer Society, Sydney (2013)Google Scholar
  20. 20.
    Holman, C., Bass, A., Rouse, I., Hobbs, M.: Population-based linkage of health records in Western Australia: development of a health services research linked database. Aust. N. Z. J. Public Health 23(5), 453–459 (1999)CrossRefGoogle Scholar
  21. 21.
    Holman, C., Bass, A., Rosman, D., Smith, M., Semmens, J., Glasson, E., Brook, E., Trutwein, B., Rouse, I., Watson, C., de Klerk, N., Stanley, F.: A decade of data linkage in Western Australia: strategic design, applications and benefits of the WA data linkage system. Aust. Health Rev. 32(4), 766–777 (2008)CrossRefGoogle Scholar
  22. 22.
    Holman, C., Meslin, E., Stanley, F.: Privacy protectionism and health information: is there any redress for harms to health? J. Law Med. 21(2), 473–485 (2013)Google Scholar
  23. 23.
    Jones, K., Ford, D., Jones, C., Dsilva, R., Thompson, S., Brooks, C., Heaven, M., Thayer, D., McNerney, C., Lyons, R.: A case study of the secure anonymous information linkage (SAIL) gateway: a privacy-protecting remote access system for health-related research and evaluation. J. Biomed. Inform. 50, 196–204 (2014)CrossRefGoogle Scholar
  24. 24.
    Jutte, D., Roos, L., Brownell, M.: Administrative record linkage as a tool for public health research. Annu. Rev. Public Health 32, 91–108 (2011)CrossRefGoogle Scholar
  25. 25.
    Karmel, R.: Linking hospital morbidity and residential aged care data. Examining matching due to chance. Technical Report AIHW Cat. No. AGE 40, Australian Institute of Health and Welfare (2004)Google Scholar
  26. 26.
    Karmel, R.: Data linkage protocols using a statistical linkage key. Technical Report Data Linkage Series Number 1, Australian Institute of Health and Welfare (2005)Google Scholar
  27. 27.
    Karmel, R., Anderson, P., Gibson, D., Peut, A., Duckett, S., Wells, Y.: Empirical aspects of record linkage across multiple data sets using statistical linkage keys: the experience of the PIAC cohort study. BMC Health Serv. Res. 10(1), 41 (2010)CrossRefGoogle Scholar
  28. 28.
    Kelman, C., Bass, A., Holman, C.: Research use of linked health data - a best practice protocol. Aust. N. Z. J. Public Health 26(3), 251–255 (2002)CrossRefGoogle Scholar
  29. 29.
    Kendrick, S., Clarke, J.: The Scottish record linkage system. Health Bull. 51(2), 72 (1993)Google Scholar
  30. 30.
    Laurie, G., Sethi, N.: Towards principles-based approaches to governance of health-related research using personal data. Eur. J. Risk Regul. 4(1), 43 (2013)Google Scholar
  31. 31.
    Lawrence, G., Dinh, I., Taylor, L.: The Centre for Health Record Linkage: a new resource for health services research and evaluation. Health Inf. Manag. J. 37(2), 60–62 (2008)Google Scholar
  32. 32.
    Lyons, R., Hutchings, H., Rodgers, S., Hyatt, M., Demmler, J., Gabbe, B., Brooks, C., Brophy, S., Jones, K., Ford, D., Paranjothy, S., Fone, D., Dunstan, F., Evans, A., Kelly, M., Watkins, W., Maddocks, A., Barnes, P., James-Ellison, M., John, G., Lowe, S.: Development and use of a privacy-protecting total population record linkage system to support observational, interventional, and policy relevant research. Lancet 380(Suppl 3), S6 (2012)CrossRefGoogle Scholar
  33. 33.
  34. 34.
    Mitchell, R., Cameron, C., Rambach, M.: Data linkage for injury surveillance and research in Australia: perils, pitfalls and potential. Aust. N. Z. J. Public Health 38(3), 275–280 (2014)CrossRefGoogle Scholar
  35. 35.
    Quantin, C., Bouzelat, H., Allaert, F., Benhamiche, A., Faivre, J., Dusserre, L.: How to ensure data security of an epidemiological follow-up: quality assessment of an anonymous record linkage procedure. Int. J. Med. Inform. 49(1), 117–122 (1998)CrossRefGoogle Scholar
  36. 36.
    Randall, S., Ferrante, A., Boyd, J., Bauer, J., Semmens, J.: Privacy-preserving record linkage on large real world datasets. J. Biomed. Inform. 50, 205–212 (2014)CrossRefGoogle Scholar
  37. 37.
    Roos, L., Nicol, J.: A research registry: uses, development, and accuracy. J. Clin. Epidemiol. 52(1), 39–47 (1999)CrossRefGoogle Scholar
  38. 38.
    Roos, L., Brownell, M., Lix, L., Roos, N., Walld, R., MacWilliam, L.: From health research to social research: privacy, methods, approaches. Soc. Sci. Med. 66(1), 117–129 (2008)CrossRefGoogle Scholar
  39. 39.
    Schnell, R., Bachteler, T., Reiher, J.: Privacy-preserving record linkage using Bloom filters. BMC Med. Inform. Decis. Mak. 9(41), 1–11 (2009)Google Scholar
  40. 40.
    Steorts, R., Ventura, S., Sadinle, M., Fienberg, S.: A comparison of blocking methods for record linkage. In: Domingo-Ferrer, J. (ed.) Privacy in Statistical Databases: UNESCO Chair in Data Privacy. Lecture Notes in Computer Science, vol. 8744, pp. 283–298. Springer, Berlin (2014)Google Scholar
  41. 41.
    Trutwein, B., Holman, C., Rosman, D.: Health data linkage conserves privacy in a research-rich environment. Ann. Epidemiol. 16(4), 279–280 (2006)CrossRefGoogle Scholar
  42. 42.
    Vatsalan, D., Christen, P., Verykios, V.: A taxonomy of privacy-preserving record linkage techniques. Inf. Syst. 38(6), 946–969 (2013)CrossRefGoogle Scholar
  43. 43.
    Weber, S., Lowe, H., Das, A., Ferris, T.: A simple heuristic for blindfolded record linkage. J. Am. Med. Inform. Assoc. 19(e1), e157–e161 (2012)CrossRefGoogle Scholar
  44. 44.
    Weisbaum, K., Slaughter, P., Collins, P.: A voluntary privacy standard for health services and policy research: legal, ethical and social policy issues in the Canadian context. Health Law Rev. 14(1), 42–46 (2005)Google Scholar
  45. 45.
    Williams, T., Staa, T.V., Puri, S., Eaton, S.: Recent advances in the utility and use of the General Practice Research Database as an example of a UK Primary Care Data resource. Ther. Adv. Drug Saf. 3(2), 89–99 (2012)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • James H. Boyd
    • 1
    Email author
  • Sean M. Randall
    • 1
  • Anna M. Ferrante
    • 1
  1. 1.Centre for Data Linkage (CDL)Curtin University of TechnologyPerthAustralia

Personalised recommendations