LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (January 2007, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:         Sun, 14 Jan 2007 11:13:13 -0500
Reply-To:     Don Henderson <donaldjhenderson@HOTMAIL.COM>
Sender:       "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
Comments:     RFC822 error: <W> MESSAGE-ID field duplicated. Last occurrence
              was retained.
From:         Don Henderson <donaldjhenderson@HOTMAIL.COM>
Subject:      Re: how to replace SSNs with fake
In-Reply-To:  <BAY123-F249854E30F86BB8DAC30ACDEB60@phx.gbl>
Content-Type: text/plain; charset="us-ascii"

Given the HIPPA issues that Rob raised, and the need for guaranteed uniqueness (which none of the random number schemes can do without a lot of extra processing), it seems to me that the use of the UUIDGEN function along with a translation table (needed, if for no other reason so one can know when assigning the UUID whether a new one is needed) is the way to go.

Just my $0.02.

-don

> -----Original Message----- > From: SAS(r) Discussion [mailto:SAS-L@LISTSERV.UGA.EDU] On Behalf Of toby > dunn > Sent: Saturday, January 13, 2007 11:50 PM > To: SAS-L@LISTSERV.UGA.EDU > Subject: Re: how to replace SSNs with fake > > Rob , > > I did mention I use to use an encyrption macro, which worked suprisingly > beter than I could have imagined once it was brought up to 256 bit > encryption. Truth be told everything except a encryption made by one > person, that refers to something that that one person only knows and never > leaves that person is crackable. PGP wasnt allowed to leave the US > because > the US Military with super computers could barely handle if at all. So it > all comes down to what you shop and the lawyers say is proper for your > data. > > > > Toby Dunn > > To sensible men, every day is a day of reckoning. ~John W. Gardner > > The important thing is this: To be able at any moment to sacrifice that > which we are for what we could become. ~Charles DuBois > > Don't get your knickers in a knot. Nothing is solved and it just makes you > walk funny. ~Kathryn Carpenter > > > > > > > From: Rob Rohrbough <Rob@ROHRBOUGH-SYSTEMS.COM> > Reply-To: Rob Rohrbough <Rob@ROHRBOUGH-SYSTEMS.COM> > To: SAS-L@LISTSERV.UGA.EDU > Subject: Re: how to replace SSNs with fake > Date: Sat, 13 Jan 2007 21:59:58 -0600 > > FWIW, I am not sure encryptions or even one-way hashes satisfy HIPAA. I > believe those are specifically prohibited. So, all the transformation > suggestions may not be useful (or legal in HIPAA-ese). I am not an > expert, > but the suggestions that advocate some kind of a crosswalk probably are > closer to satisfying HIPAA requirements for a "meaningless" number. Such > a > number cannot be a derivation of the original personal health identifier. > The advantage is that, no matter how good encryption cracking gets, a > meaningless number is not derived from anything that can identify the > patient. > > A randomly-assigned number is what my clients use for visitation analysis. > Note that you do not even need to use a SAS random number generation > function. Just assigning numbers sequentially may be good enough if there > is no pattern to their assignment in relation to the identifiers. If you > do > need to an are authorized to identify the individual, you do need to keep > the crosswalk table (which you will need to guarantee proper assignment of > the meaningless number anyway), of course in a secure location. > > I could be wrong about all of this since a number of well-respected > posters, > including Toby, clearly are not worrying about encryption or a hash > approach. I probably am overly cautious based on client input and > direction, out here in the boonies of Nebraska. > > My $0.02, or so, > > Rob > > Rob Rohrbough > Omaha, NE, USA > > > > > -----Original Message----- > > From: toby dunn [mailto:tobydunn@HOTMAIL.COM] > > Sent: Friday, January 12, 2007 2:30 PM > > Subject: Re: how to replace SSNs with fake > > > > > > Sig my fellow Texan lost some where up north, how is it going? > > > > The best way I found to do this on a large scale was to > > create a encyrption > > macro that can encrypt and decrypt based off a randomly > > generated key where > > on ekey gets assigned to a project. > > > > > > Toby Dunn > > > > To sensible men, every day is a day of reckoning. ~John W. Gardner > > > > The important thing is this: To be able at any moment to > > sacrifice that > > which we are for what we could become. ~Charles DuBois > > > > Don't get your knickers in a knot. Nothing is solved and it > > just makes you > > walk funny. ~Kathryn Carpenter > > > > > > > > > > > > > > From: Sigurd Hermansen <HERMANS1@WESTAT.COM> > > Reply-To: Sigurd Hermansen <HERMANS1@WESTAT.COM> > > To: SAS-L@LISTSERV.UGA.EDU > > Subject: Re: how to replace SSNs with fake > > Date: Fri, 12 Jan 2007 15:21:52 -0500 > > > > Jen: > > Best to do this very carefully.... What you call a fake ID will likely > > become a surrogate ID for each person's SSN. Someone needs to take > > responsibility for maintaining a 'key ring' or crosswalk dataset that > > has a surrogate ID and its corresponding SSN in each row. > > > > I'd construct the key ring in two steps. First, create a column of > > distinct instances of SSN. In SAS SQL, > > > > create table key as select distinct SSN from <dataset>; > > > > Second, create a non-informative surrogate ID for each distinct SSN: > > > > create table keyRing as select put(ranuni(1773)*100000000,z9.) as > > ID,SSN from key; > > > > One can then join the keyring to a dataset on SSN and > > substitute the ID > > for the SSN in a new dataset. Reversing the process restores the SSN > > when required for identification of subjects. For the ID I have used a > > purely random number that will duplicate if applied to large > > numbers of > > SSN. (Cehck for duplicated ID's.) In the event of duplicates, it will > > take a somewhat more complicated process to guarantee distinct ID's. > > > > I've mentioned a Data Privacy By Design paper that a colleague of mine > > and I wrote some time back for a CDC conference. It > > illustrates some of > > the uses of surrogate key ID's. > > Sig > > > > -----Original Message----- > > From: owner-sas-l@listserv.uga.edu > > [mailto:owner-sas-l@listserv.uga.edu] > > On Behalf Of Jen > > Sent: Friday, January 12, 2007 12:39 PM > > To: SAS-L@LISTSERV.UGA.EDU > > Cc: Jennifer Sabatier > > Subject: how to replace SSNs with fake > > > > > > Hello, > > > > I have a file of information about people and I want to create an id > > variable to replace SSN. In this file people have multiple rows, ie, > > some SSNs have multiple rows, others don't. > > > > I know this probably a simple request but I couldn't find something > > similar in a search. > > > > Thanks, > > > > Jen > > > > _________________________________________________________________ > > Get live scores and news about your team: Add the Live.com > > Football Page > > www.live.com/?addtemplate=football&icid=T001MSN30A0701 > > > > _________________________________________________________________ > Communicate instantly! Use your Hotmail address to sign into Windows Live > Messenger now. http://get.live.com/messenger/overview


Back to: Top of message | Previous page | Main SAS-L page