Classifying Cyber-Risky Clinical Notes by Employing Natural Language Processing

TL;DR

This paper develops NLP-based models to classify the cyber risk level of clinical notes, aiming to enhance patient data privacy and security in electronic health records.

Contribution

It introduces novel NLP classification methods specifically targeting sensitive information risk in clinical notes, addressing a gap in existing de-identification techniques.

Findings

SVM with word2vec features achieved an F1-score of 0.792

Models can identify risk areas within clinical notes

Supports improved privacy protection in health data sharing

Abstract

Clinical notes, which can be embedded into electronic medical records, document patient care delivery and summarize interactions between healthcare providers and patients. These clinical notes directly inform patient care and can also indirectly inform research and quality/safety metrics, among other indirect metrics. Recently, some states within the United States of America require patients to have open access to their clinical notes to improve the exchange of patient information for patient care. Thus, developing methods to assess the cyber risks of clinical notes before sharing and exchanging data is critical. While existing natural language processing techniques are geared to de-identify clinical notes, to the best of our knowledge, few have focused on classifying sensitive-information risk, which is a fundamental step toward developing effective, widespread protection of patient health information. To bridge this gap, this research investigates methods for identifying security/privacy risks within clinical notes. The classification either can be used upstream to identify areas within notes that likely contain sensitive information or downstream to improve the identification of clinical notes that have not been entirely de-identified. We develop several models using unigram and word2vec features with different classifiers to categorize sentence risk. Experiments on i2b2 de-identification dataset show that the SVM classifier using word2vec features obtained a maximum F1-score of 0.792. Future research involves articulation and differentiation of risk in terms of different global regulatory requirements.