Introduction

With this age of big data and advanced analytics, it’s more crucial than ever to maintain patient privacy. With policies like HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) increasingly common, healthcare organizations must implement robust hashing techniques to protect sensitive patient information while supporting research and data sharing.

In this tutorial, we’ll learn to anonymize patient data using R and RStudio, with an eye toward best practices and practical usage. We’ll cover hashing techniques such as MD5, SHA-256 ,SHA-512 and advanced hashing for secure data anonymization and integrity.

Why Hash Patient Data?

Hashing is essential for:

Requirements

install.packages(c("tidyverse", "digest", "anonymizer", "dbplyr"))

Loading and Inspecting Patient Data

# Load sample data
patient_data <- tibble(
  PatientID = 1:10,
  PatientGender = c("Male", "Female", "Female", "Male", "Male", "Female", "Male", "Female", "Male", "Female"),
  PatientAge = c(34, 29, 45, 50, 38, 42, 31, 46, 55, 37),
  Diagnosis = c("Hypertension", "Diabetes", "Asthma", "Cancer", "Hypertension", "Diabetes", "Asthma", "Cancer", "Hypertension", "Diabetes")
)

Using datatable to print the data

# Display the table using datatable
datatable(patient_data)

Hashing Techniques

a) MD5 Hashing

MD5 generates a 128-bit hash value commonly used for data integrity checks.

# Load Libraries

library(digest)
## Warning: package 'digest' was built under R version 4.3.3
# Apply MD5 hashing to PatientID
patient_data_md5 <- patient_data %>%
  mutate(PatientID_Hash = sapply(PatientID, digest, algo = "md5")) %>%
  select(-PatientID)

# Display hashed data
datatable(patient_data_md5, options = list(pageLength = 5))

b) SHA-256 Hashing

SHA-256 produces a 256-bit hash value and is more secure than MD5.

# Apply SHA-256 hashing to PatientID
patient_data_sha256 <- patient_data %>%
  mutate(PatientID_Hash = sapply(PatientID, digest, algo = "sha256")) %>%
  select(-PatientID)

# Display SHA-256 hashed data
datatable(patient_data_sha256, options = list(pageLength = 5))

c) SHA-512 Hashing

SHA-512 generates a 512-bit hash value, providing an even higher level of security.

# Apply SHA-512 hashing to PatientID
patient_data_sha512 <- patient_data %>%
  mutate(PatientID_Hash = sapply(PatientID, digest, algo = "sha512")) %>%
  select(-PatientID)

# Display SHA-512 hashed data
datatable(patient_data_sha512, options = list(pageLength = 5))

d) Salted Hashing

Adding a “salt” (random data) to a hash increases security against precomputed attacks.

# Apply SHA-256 hashing with salt
set.seed(123)
patient_data_salted <- patient_data %>%
  mutate(Salt = sample(10000:99999, n(), replace = TRUE),
         PatientID_Hash = sapply(paste(PatientID, Salt, sep = "|"), digest, algo = "sha256")) %>%
  select(-PatientID)

# Display salted hash data
datatable(patient_data_salted, options = list(pageLength = 5))

e) HMAC (Hash-based Message Authentication Code)

HMAC uses a secret key with a hashing algorithm for additional security.

# Apply HMAC with SHA-256
secret_key <- "my_secret_key"

patient_data_hmac <- patient_data %>%
  mutate(PatientID_Hash = sapply(PatientID, function(id) hmac(secret_key, id, algo = "sha256"))) %>%
  select(-PatientID)

# Display HMAC data
datatable(patient_data_hmac, options = list(pageLength = 5))

Conclusions

Patient data should be hashed for security, integrity, and regulation compliance such as HIPAA and GDPR. In this tutorial, how to employ R and RStudio to make use of MD5, SHA-256, SHA-512, and other sophisticated hashing algorithms has been illustrated.

By integrating these practices into practice, healthcare organizations can protect sensitive patient data and establish a privacy and security culture.

Best regards,

Marios Vardalachakis