LISTSERV at the University of Georgia
Menubar Imagemap
Home Browse Manage Request Manuals Register
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (November 2007, week 2)Back to main SAS-L pageJoin or leave SAS-L (or change settings)ReplyPost a new messageSearchProportional fontNon-proportional font
Date:   Wed, 14 Nov 2007 18:26:40 -0800
Reply-To:   George Joseph <gjman@HOTMAIL.COM>
Sender:   "SAS(r) Discussion" <SAS-L@LISTSERV.UGA.EDU>
From:   George Joseph <gjman@HOTMAIL.COM>
Subject:   Re: Strong Variable Level Encryption
Comments:   To: Arthur Tabachneck <art297@netscape.net>
In-Reply-To:   <200711150142.lAF0sa8f019621@mailgw.cc.uga.edu>
Content-Type:   text/plain; charset="iso-8859-1"

Art, The SSN itself has to be encrypted. And if needed the same encryption must work on other HIPAA defined PHI variables like date and ZIP/FIPS codes. We prefer to encrypt the SSN as that is the only link across files, across sites and especially across projects. -G

> Date: Wed, 14 Nov 2007 20:42:49 -0500 > From: art297@NETSCAPE.NET > Subject: Re: Strong Variable Level Encryption > To: SAS-L@LISTSERV.UGA.EDU > > George, > > I may be totally off-base, but I recently confronted a situation where a > data provider indicated that they couldn't provide me with the needed data > because they weren't satisfied with any of the existing methods for > encrypting id information. > > We resolved the matter when I indicated that I didn't need the id > information, thus agreed on a data set organized with records like the > following: > > *unique ID > var1 var2 .. etc > *unique ID > var1 var2 .. > var300 .. etc > *unique ID > var1 var2 .. etc > > Where "*unique ID" was simply text indicating that the following records > were related to the same id. > > As such, I could easily parse the file to obtain unique records for each > ID, without ever knowing what the ID was and without having any way to > trace it back to any source. > > If you are facing a similar task, possibly the same methodology might get > around the need for any encryption. > > HTH, > Art > --------- > On Wed, 14 Nov 2007 18:29:23 -0500, George Joseph <gjman@HOTMAIL.COM> > wrote: > > >I need help with Variable level encryption of SSN. SAS help desk sent me > >references to two papers. > >1) Annette Landan-Effective Data Encryption Algorithm. > >2) Sheng Luo-Using Bitwise Function to Scramble Data fields with Key. > > > >The second paper (Luo) does have some interesting method to encrypt credit > >card # but when I ran it on a test dataset I found that if the record > >repeated itself it was encrypted differently. And that just wont fly with > >medical records where the same SSN will have multiple observations. > > > >I did see some Macros on the UGA list serve archives but I was wondering > if > >someone has any updated version of the same or perhaps newer algorithms. > If > >they are FIPS 140 compliant that would be even better. > > > >Thank!!!

Back to: Top of message | Previous page | Main SAS-L page
listserv.uga.edu
Enterprise Information Technology Services
The University of Georgia
listhelp@uga.edu