Preserving Privacy in Medical Data Sets

保护医疗数据集中的隐私

• 批准号: 7143725
• 负责人: STAAL A VINTERBO
• 金额: $ 35万
• 依托单位: BRIGHAM AND WOMEN'S HOSPITAL
• 依托单位国家: 美国
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-15 至 2009-09-14
• 项目状态: 已结题
• 来源: https://reporter.nih.gov/project-details/7143725
• 关键词: Internet; behavioral /social science research tag; computer program /software; computer simulation; computer system design /evaluation; confidentiality; data management; decision making; health care facility information system; health care policy; human data; human rights; information dissemination; information retrieval; mathematical model; medical records; model design /development; patient oriented research; statistics /biometry

DESCRIPTION (provided by applicant): Biomedical research is increasingly relying on information gathered at the point of care in addition to traditional clinical trial data collection. The HIPAA privacy rule requires that reasonable safeguards against unwanted disclosure be taken before dissemination of patient data. Quantification of what constitutes "reasonable safeguards" remains elusive, however. Hence, most de-identification strategies used in practice today rely on simple suppression of identifiers such as name, address, and social security number. Several studies, by our group and others, have shown that these simple strategies are insufficient. As demonstrated by Lin et al.[42], there might be data for which disclosure is not possible without compromising privacy. Ultimately, a quantitative analysis must guide the determination of whether safeguards are reasonable or not. In order to address these issues, we propose to continue our investigation on the quantification of trade-offs between data disclosure and privacy protection, taking into account linkable attributes in the data. In this proposal, we seek to continue our research as follows: (1) Theory. Strengthen the theoretical foundations of disclosure control by further investigation of the problem of minimizing information loss while ensuring a predefined level of ambiguity with respect to patient identity, and developing a theory for linking patient data that has been subjected to disclosure control methods. (2) Tools. We will construct a tool that links data being considered for disclosure with data that are kept in a repository. This tool will supply information that aids in (i) evaluating disclosure control measures empirically, and (ii) enabling sensitivity analyses of vulnerability conditioned on both parameters used by the disclosure control mechanism and assumptions regarding adversarial data possession. Information thus obtained can (a) be used to recommend transformations so that the risk of privacy breaches can be decreased to a desired level, and (b) serve as a quantitative basis for the determination of safeguard reasonableness. (3) Evaluation of disclosure control algorithms. We will evaluate algorithms for disclosure control developed by our group and others using the tool described in (2).

描述（由申请人提供）： 除了传统的临床试验数据收集外，生物医学研究越来越依赖于在护理点收集的信息。《健康保险及责任法案》的隐私规则要求在传播患者数据之前采取合理的保障措施，防止不必要的披露。但是，“合理保障措施”的量化仍然难以确定。因此，当今实践中使用的大多数去识别策略都依赖于简单地抑制姓名、地址和社会安全号码等标识符。我们小组和其他人的几项研究表明，这些简单的策略是不够的。正如Lin et al. [42]，则可能存在在不损害隐私的情况下不可能披露的数据。最后，必须以定量分析为指导，确定保障措施是否合理。为了解决这些问题，我们建议继续调查数据披露和隐私保护之间的权衡，并考虑到数据中的可识别属性。在本提案中，我们力求继续开展以下研究： (1)理论加强披露控制的理论基础，进一步调查的问题，尽量减少信息损失，同时确保一个预定义的模糊程度与病人的身份，并制定一个理论，连接病人的数据，已受到披露控制方法。 (2)工具.我们将构建一个工具，将考虑披露的数据与存储库中保存的数据联系起来。这一工具将提供信息，有助于（一）根据经验评估披露控制措施，以及（二）根据披露控制机制使用的参数和关于对抗性数据拥有的假设，对脆弱性进行敏感性分析。由此获得的信息可以（a）用于推荐转换，使得隐私泄露的风险可以降低到期望的水平，以及（B）用作确定保障合理性的定量基础。 (3)评估披露控制算法。我们将评估我们的小组和其他人使用（2）中描述的工具开发的披露控制算法。