Anonymization remains a powerful approach to protecting the privacy of health information

De-identification of health data has been crucial for all types of health research, but recent articles in medical and scientific literature have suggested that de-identification methods do not sufficiently protect the identities of individuals and can be easily reversed. A recent review conducted by researchers at CHEO entitled "A Systematic Review of Re-identification Attacks on Health Data" and published in PLoS ONE, did not uncover evidence to support this. "If re-identification rates were as high as some of these articles suggest, it would be worrisome," says lead author, Dr. Khaled El-Emam. "But our review did not support these claims – there is no broad empirical support for a failure of anonymization."

Such a failure would have significant policy implications. For example, it may become necessary to obtain patient consent before data is released (a time-consuming undertaking), incentive to de-identify would decline, and the likelihood of breaches would increase. For this reason, Dr. El-Emam and his team conducted a review that set out to characterize known re-identification attacks on and compare them to attacks on other types of data, calculate the number of records correctly identified in these attacks, and assess whether the results indicate a weakness in current de-identification methods.

After identifying 14 relevant studies and analyzing them in detail, the group was unable to find convincing evidence that existing de-identification methods are not effective. Few of these attacks involved health data which is naturally protected more strenuously. Secondly, many of the attacks were on small databases with large confidence intervals around their success rates. Most importantly, the majority of re-identified data was not de-identified according to existing standards. "Of the 24 studies we examined, only six were attacks on data and only one of these was de-identified according to standards," Dr. El-Emam points out. "In that particular study, the proportion of correctly re-identified records was very low: about 0.013%."

In certain well-publicized re-identification attacks, adversaries were able to make use of such information as an individual's date of birth, gender, and residential zip code. Since these 3 features were not modified in any way, the database would not meet basic standards for de-identification. If anything, such a breach serves to underscore the importance of implementing existing de-identification standards.

Dr. El-Emam concludes by saying that in order to have a more accurate picture of the extent to which de-identification protects against real attacks, future research on re-identification attacks should focus on large databases that have been de-identified according to existing standards, and that success rates should be correlated with how well de-identification was performed. In the meantime, it is suggested that data custodians continue to de-identify using current best practices.

More information: Link to report: www.plosone.org/article/info%3Adoi%2F10.1371%2Fjournal.pone.0028071

Provided by Children's Hospital of Eastern Ontario Research Institute

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Novel K-anonimity algorithm safeguards access to data

Nov 20, 2009

As electronic health records become more widely deployed, increasing amounts of health information are being collected. This data has many beneficial applications, such as research, public health, and health system planning. ...

Don't stop anonymizing data

Jun 16, 2011

Canadian privacy experts have issued a new report today that strongly backs the practice of de-identification as a key element in the protection of personal information. The joint paper from Ontario's Information and Pri ...

New study looks at re-identification risks

Oct 14, 2009

A recent study led by Dr. Khaled El Emam, the Canada Research Chair in Electronic Health Information at the CHEO Research Institute, found that the information in hospital prescription records can quite easily re-identify ...

Patient privacy assured by electronic censor

Jul 24, 2008

Newly developed software will help to allay patients' fears about who has access to their confidential data. Research published today in the open access journal BMC Medical Informatics and Decision Making describes a comp ...

Recommended for you

What are the chances that your dad isn't your dad?

Apr 16, 2014

How confident are you that the man you call dad is really your biological father? If you believe some of the most commonly-quoted figures, you could be forgiven for not being very confident at all. But how ...

New technology that is revealing the science of chewing

Apr 15, 2014

CSIRO's 3D mastication modelling, demonstrated for the first time in Melbourne today, is starting to provide researchers with new understanding of how to reduce salt, sugar and fat in food products, as well ...

After skin cancer, removable model replaces real ear

Apr 11, 2014

(HealthDay)—During his 10-year struggle with basal cell carcinoma, Henry Fiorentini emerged minus his right ear, and minus the hearing that goes with it. The good news: Today, the 56-year-old IT programmer ...

Italy scraps ban on donor-assisted reproduction

Apr 09, 2014

Italy's Constitutional Court on Wednesday struck down a Catholic Church-backed ban against assisted reproduction with sperm or egg donors that has forced thousands of sterile couples to seek help abroad.

User comments