APH 2000, 58, 281-294:
Evaluation of the encryption procedure and record linkage in the Belgian national cancer registry.
E. Van Eycken, K. Haustermans, F.
Buntinx, A. Ceuppens, J. Weyler, E. Wauters, H. Van Oyen,
M. De Schaever, D. Van den Berge and M. Haelterman
Keywords: cancer registration, encryption, record linkage
Aim: The purpose of this study is to evaluate the encryption
and record linkage procedure implemented by the Belgian National Cancer
Methods: In order to conform to the privacy legislation, an encryption procedure has been developed for the exchange of cancer notifications between data sources and the NCR. This procedure consists of two steps. 1) A hashing algorithm irreversibly transforms identification data at source into a unique pseudonym. 2) A reversible DES-encryption of the pseudonym is performed at the NCR.
Record linkage according to the pseudonym has been evaluated with 43.990 records from 16 sources. False negative and false positive matches were estimated using a deterministic linkage with a concatenation variable (month and year of birth, sex, zipcode, initial or first name).
Results: Linkage based on the pseudonym resulted in 8.936 duplicate registrations. Concatenation variable linkage detected 580 more matches. Additional use of the day of birth in the variable with visual inspection of these 580 probable matches lead to 398 false negative matches (4,3 %) due to spelling mistakes in the identification data. Only 4 linked pairs of tumour records were false positive matches (0,01 %) due to very common last names.
Conclusions: The encryption procedure is feasible. Due to errors in personal data, record linkage based on the pseudonym leads to missed duplicates and an overestimation of cancer incidence. Additional linkage with a concatenation variable including the full date of birth reduces this error, but can only be used as a temporary solution. These results should be taken into account by the authorities to consider a specific law on cancer registration.