Malin Bradley A, Sweeney Latanya
Institute for Software Research International, School of Computer Science, Carnegie Mellon University, Pittsburgh, Pennsylvania, USA.
AMIA Annu Symp Proc. 2005;2005:485-9.
Health data that appears anonymous, such as DNA records, can be re-identified to named patients via location visit patterns, or trails. This is a realistic privacy concern which continues to exist because data holders do not collaborate prior to making disclosures. In this paper, we present STRANON, a novel computational protocol that enables data holders to work together to determine records that can be disclosed and satisfy a formal privacy protection model. STRANON incorporates a secure encrypted environment, so no data holder reveals information until the trails of disclosed records are provably unlinkable. We evaluate STRANON on real-world datasets with known susceptibilities and demonstrate data holders can release significant quantities of data with zero trail re-identifiability.
看似匿名的健康数据,如DNA记录,可通过地点访问模式或踪迹重新识别出具体患者。这是一个现实存在的隐私问题,因为数据持有者在披露数据之前并未进行协作。在本文中,我们提出了STRANON,这是一种新颖的计算协议,能使数据持有者共同确定可以披露的记录,并满足正式的隐私保护模型。STRANON包含一个安全的加密环境,因此在已披露记录的踪迹被证明无法关联之前,没有数据持有者会泄露信息。我们在具有已知易感性的真实世界数据集上对STRANON进行了评估,并证明数据持有者可以在踪迹无法重新识别的情况下发布大量数据。
