Risk Based De-identification for Sharing Health Data
Upcoming SlideShare
Loading in...5
×
 

Risk Based De-identification for Sharing Health Data

on

  • 1,287 views

This presentation describes a methodology, tools, and experiences for the de-identification of health information. The objective is to support data sharing for the purpose of research and public ...

This presentation describes a methodology, tools, and experiences for the de-identification of health information. The objective is to support data sharing for the purpose of research and public health.

Statistics

Views

Total Views
1,287
Views on SlideShare
1,183
Embed Views
104

Actions

Likes
0
Downloads
15
Comments
0

4 Embeds 104

http://www.ehealthinformation.ca 93
https://www.ehealthinformation.ca 5
http://ww.ehealthinformation.ca 5
http://127.0.0.1 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Risk Based De-identification for Sharing Health Data Risk Based De-identification for Sharing Health Data Presentation Transcript

  • Risk-based De-identification Khaled El Emam, CHEO RI & uOttawa
    • Re-identification risk assessment, re-identification attacks, de-identification:
      • Birth registry / newborn screening program
      • Tumor bank
      • Hospital data (discharge abstracts and pharmacy databases) – local, provincial/state, national
      • EMR data
    Background
    • De-identification works well in practice if you adopt a risk-based approach
    • Re-identification attacks are hard
    • It is possible to de-identify data sets and still retain sufficient utility
    • De-identification can be made simple
    Issues
  • Re-identification Risk Spectrum
  •  
  • Managing Re-identification Risk
  • Determining Pr Re-identification Attempts
  • Determining Risk Threshold to Use
    • Adjust threshold
    • Adjust amount of suppression that is acceptable
    • Adjust precision of variables
    • Sub-sample
    • Adjust variable weights
    Tradeoffs Made
    • Passage through research ethics is significantly faster for “secondary use” protocols that are certified as low risk
    • Provides an incentive for data recipients to improve their security and privacy practices
    • Provides an incentive for funders to cover the costs of infrastructure for handling data
    • Amount of de-identification is proportionate to the actual risk
    Advantages
  • Risk Assessment
  • De-identification
  • Risk Assessment for REB
  • Risk Assessment for REB
  • Risk Assessment for REB
    • ‘ Rogue researcher’ adversary
    • Search queries considered high risk
    • Combination of sub-sampling and generalization for each tumor site data
    • Moving towards researcher self-assessments to decide appropriate level of de-identification
    Example – Tumor Bank
    • ‘ Nosey neighbor’ adversary
    • Creation of a public data file
    • Diagnosis and intervention codes presented difficulties
    • High level of suppression for a public file, but acceptable utility with stronger access controls (higher threshold)
    Example – Discharge Abstracts
    • An audit program is required to ensure compliance with ‘mitigating controls’
    • What if a breach happens ?
      • A risk management approach ensures that the data is highly de-identified in situations where breaches are most likely
      • Can demonstrate due diligence
    Practical Considerations
    • Geospatial data and longitudinal data always represent challenges because they increase the risk of re-identification
    • Thus far we’ve never had to decline a data request because of identifiability or were unable to provide data with sufficient utility for a study
    Lessons Learned
  • www.ehealthinformation.ca www.ehealthinformation.ca/knowledgebase kelemam@uottawa.ca