TY - JOUR
T1 - The risks to patient privacy from publishing data from clinical anesthesia studies
AU - O'Neill, Liam
AU - Dexter, Franklin
AU - Zhang, Nan
N1 - Funding Information:
National Science Foundation, grant no. 1064628 and 1343976.
Publisher Copyright:
© 2016 International Anesthesia Research Society.
PY - 2016/6/1
Y1 - 2016/6/1
N2 - In this article, we consider the privacy implications of posting data from small, randomized trials, observational studies, or case series in anesthesia from a few (e.g., 1-3) hospitals. Prior to publishing such data as supplemental digital content, the authors remove attributes that could be used to re-identify individuals, a process known as "anonymization." Posting health information that has been properly "de-identified" is assumed to pose no risks to patient privacy. Yet, computer scientists have demonstrated that this assumption is flawed. We consider various realistic scenarios of how the publication of such data could lead to breaches of patient privacy. Several examples of successful privacy attacks are reviewed, as well as the methods used. We survey the latest models and methods from computer science for protecting health information and their application to posting data from small anesthesia studies. To illustrate the vulnerability of such published data, we calculate the "population uniqueness" for patients undergoing one or more surgical procedures using data from the State of Texas. For a patient selected uniformly at random, the probability that an adversary could match this patient's record to a unique record in the state external database was 42.8% (SE < 0.1%). Despite the 42.8% being an unacceptably high level of risk, it underestimates the risk for patients from smaller states or provinces. We propose an editorial policy that greatly reduces the likelihood of a privacy breach, while supporting the goal of transparency of the research process.
AB - In this article, we consider the privacy implications of posting data from small, randomized trials, observational studies, or case series in anesthesia from a few (e.g., 1-3) hospitals. Prior to publishing such data as supplemental digital content, the authors remove attributes that could be used to re-identify individuals, a process known as "anonymization." Posting health information that has been properly "de-identified" is assumed to pose no risks to patient privacy. Yet, computer scientists have demonstrated that this assumption is flawed. We consider various realistic scenarios of how the publication of such data could lead to breaches of patient privacy. Several examples of successful privacy attacks are reviewed, as well as the methods used. We survey the latest models and methods from computer science for protecting health information and their application to posting data from small anesthesia studies. To illustrate the vulnerability of such published data, we calculate the "population uniqueness" for patients undergoing one or more surgical procedures using data from the State of Texas. For a patient selected uniformly at random, the probability that an adversary could match this patient's record to a unique record in the state external database was 42.8% (SE < 0.1%). Despite the 42.8% being an unacceptably high level of risk, it underestimates the risk for patients from smaller states or provinces. We propose an editorial policy that greatly reduces the likelihood of a privacy breach, while supporting the goal of transparency of the research process.
UR - http://www.scopus.com/inward/record.url?scp=84966702150&partnerID=8YFLogxK
U2 - 10.1213/ANE.0000000000001331
DO - 10.1213/ANE.0000000000001331
M3 - Article
C2 - 27172145
AN - SCOPUS:84966702150
SN - 0003-2999
VL - 122
SP - 2017
EP - 2027
JO - Anesthesia and Analgesia
JF - Anesthesia and Analgesia
IS - 6
ER -