Suppr超能文献

盲目约会的虚假安全感:年代定年对实验室数据的数据隐私没有影响。

The false security of blind dates: chrononymization's lack of impact on data privacy of laboratory data.

机构信息

Department of Pediatrics, Hospital for Special Surgery.

出版信息

Appl Clin Inform. 2012 Oct 24;3(4):392-403. doi: 10.4338/ACI-2012-07-RA-0028. Print 2012.

DOI:10.4338/ACI-2012-07-RA-0028
PMID:23646086
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC3613034/
Abstract

BACKGROUND

The reuse of clinical data for research purposes requires methods for the protection of personal privacy. One general approach is the removal of personal identifiers from the data. A frequent part of this anonymization process is the removal of times and dates, which we refer to as "chrononymization." While this step can make the association with identified data (such as public information or a small sample of patient information) more difficult, it comes at a cost to the usefulness of the data for research.

OBJECTIVES

We sought to determine whether removal of dates from common laboratory test panels offers any advantage in protecting such data from re-identification.

METHODS

We obtained a set of results for 5.9 million laboratory panels from the National Institutes of Health's (NIH) Biomedical Translational Research Information System (BTRIS), selected a random set of 20,000 panels from the larger source sets, and then identified all matches between the sets.

RESULTS

We found that while removal of dates could hinder the re-identification of a single test result, such removal had almost no effect when entire panels were used.

CONCLUSIONS

Our results suggest that reliance on chrononymization provides a false sense of security for the protection of laboratory test results. As a result of this study, the NIH has chosen to rely on policy solutions, such as strong data use agreements, rather than removal of dates when reusing clinical data for research purposes.

摘要

背景

出于研究目的而重复使用临床数据需要采取措施保护个人隐私。一种常用方法是从数据中删除个人标识符。该匿名化过程的一个常见步骤是删除时间和日期,我们称之为“年代化名”。虽然这一步骤可以使数据与已识别数据(例如公共信息或一小部分患者信息)的关联更加困难,但这会降低数据对研究的可用性。

目的

我们旨在确定从常见实验室检测面板中删除日期是否可以提供任何优势,从而保护这些数据不被重新识别。

方法

我们从美国国立卫生研究院(NIH)的生物医学转化研究信息系统(BTRIS)中获取了一组 590 万份实验室面板的结果,从更大的源集中随机选择了 20,000 份面板,然后识别了两组之间的所有匹配项。

结果

我们发现,虽然删除日期可能会阻碍单个测试结果的重新识别,但在使用整个面板时,这种删除几乎没有影响。

结论

我们的结果表明,依赖年代化名会给实验室检测结果的保护带来一种虚假的安全感。基于这项研究,NIH 选择依赖政策解决方案,例如签订强有力的数据使用协议,而不是在出于研究目的重复使用临床数据时删除日期。

相似文献

1
The false security of blind dates: chrononymization's lack of impact on data privacy of laboratory data.
Appl Clin Inform. 2012 Oct 24;3(4):392-403. doi: 10.4338/ACI-2012-07-RA-0028. Print 2012.
2
Perspectives of Australian adults about protecting the privacy of their health information in statistical databases.
Int J Med Inform. 2012 Apr;81(4):279-89. doi: 10.1016/j.ijmedinf.2012.01.005. Epub 2012 Feb 10.
3
Text de-identification for privacy protection: a study of its impact on clinical text information content.
J Biomed Inform. 2014 Aug;50:142-50. doi: 10.1016/j.jbi.2014.01.011. Epub 2014 Feb 3.
4
Evaluating common de-identification heuristics for personal health information.
J Med Internet Res. 2006 Nov 21;8(4):e28. doi: 10.2196/jmir.8.4.e28.
5
Preserving temporal relations in clinical data while maintaining privacy.
J Am Med Inform Assoc. 2016 Nov;23(6):1040-1045. doi: 10.1093/jamia/ocw001. Epub 2016 Mar 24.
6
Protecting the confidentiality and security of personal health information in low- and middle-income countries in the era of SDGs and Big Data.
Glob Health Action. 2016 Nov 23;9:32089. doi: 10.3402/gha.v9.32089. eCollection 2016.
7
Reducing patient re-identification risk for laboratory results within research datasets.
J Am Med Inform Assoc. 2013 Jan 1;20(1):95-101. doi: 10.1136/amiajnl-2012-001026. Epub 2012 Jul 21.
8
Use and Understanding of Anonymization and De-Identification in the Biomedical Literature: Scoping Review.
J Med Internet Res. 2019 May 31;21(5):e13484. doi: 10.2196/13484.
9
[The risk of re-identification when analyzing electronic health records: a critical appraisal and possible solutions].
Z Evid Fortbild Qual Gesundhwes. 2019 Dec;149:22-31. doi: 10.1016/j.zefq.2020.01.002. Epub 2020 Mar 10.
10
Selling health data: de-identification, privacy, and speech.
Camb Q Healthc Ethics. 2015 Jul;24(3):256-71. doi: 10.1017/S0963180114000589.

引用本文的文献

1
Reidentification of Participants in Shared Clinical Data Sets: Experimental Study.
JMIR AI. 2024 Mar 15;3:e52054. doi: 10.2196/52054.
2
The Detection of Date Shifting in Real-World Data.
Appl Clin Inform. 2023 Aug;14(4):763-771. doi: 10.1055/a-2130-2197. Epub 2023 Jul 17.
3
Algorithms to anonymize structured medical and healthcare data: A systematic review.
Front Bioinform. 2022 Dec 22;2:984807. doi: 10.3389/fbinf.2022.984807. eCollection 2022.
4
Developing a systematic approach to assessing data quality in secondary use of clinical data based on intended use.
Learn Health Syst. 2021 May 3;6(1):e10264. doi: 10.1002/lrh2.10264. eCollection 2022 Jan.
5
Broadening horizons: the case for capturing function and the role of health informatics in its use.
BMC Public Health. 2019 Oct 15;19(1):1288. doi: 10.1186/s12889-019-7630-3.
6
Use and Understanding of Anonymization and De-Identification in the Biomedical Literature: Scoping Review.
J Med Internet Res. 2019 May 31;21(5):e13484. doi: 10.2196/13484.
7
Classifying Clinical Trial Eligibility Criteria to Facilitate Phased Cohort Identification Using Clinical Data Repositories.
AMIA Annu Symp Proc. 2018 Apr 16;2017:1754-1763. eCollection 2017.
8
Grappling with the Future Use of Big Data for Translational Medicine and Clinical Care.
Yearb Med Inform. 2017 Aug;26(1):96-102. doi: 10.15265/IY-2017-020. Epub 2017 Sep 11.
9
Preserving temporal relations in clinical data while maintaining privacy.
J Am Med Inform Assoc. 2016 Nov;23(6):1040-1045. doi: 10.1093/jamia/ocw001. Epub 2016 Mar 24.
10
The National Institutes of Health's Biomedical Translational Research Information System (BTRIS): design, contents, functionality and experience to date.
J Biomed Inform. 2014 Dec;52:11-27. doi: 10.1016/j.jbi.2013.11.004. Epub 2013 Nov 19.

本文引用的文献

1
Implementation of a deidentified federated data network for population-based cohort discovery.
J Am Med Inform Assoc. 2012 Jun;19(e1):e60-7. doi: 10.1136/amiajnl-2011-000133. Epub 2011 Aug 26.
2
Identifiability in biobanks: models, measures, and mitigation strategies.
Hum Genet. 2011 Sep;130(3):383-92. doi: 10.1007/s00439-011-1042-5. Epub 2011 Jul 8.
3
Methods for the de-identification of electronic health records for genomic research.
Genome Med. 2011 Apr 27;3(4):25. doi: 10.1186/gm239.
4
Validation of de-identified record linkage to ascertain hospital admissions in a cohort study.
BMC Med Res Methodol. 2011 Apr 8;11:42. doi: 10.1186/1471-2288-11-42.
5
Accuracy of probabilistic record linkage in the assessment of high-complexity cardiology procedures.
Rev Saude Publica. 2011 Apr;45(2):269-75. doi: 10.1590/s0034-89102011005000012. Epub 2011 Feb 25.
6
The clinical research data repository of the US National Institutes of Health.
Stud Health Technol Inform. 2010;160(Pt 2):1299-303.
7
The disclosure of diagnosis codes can breach research participants' privacy.
J Am Med Inform Assoc. 2010 May-Jun;17(3):322-7. doi: 10.1136/jamia.2009.002725.
8
Perspectives for medical informatics. Reusing the electronic medical record for clinical research.
Methods Inf Med. 2009;48(1):38-44.
9
Accuracy of EMS-recorded patient demographic data.
Prehosp Emerg Care. 2008 Apr-Jun;12(2):187-91. doi: 10.1080/10903120801907687.
10
Evaluating the state-of-the-art in automatic de-identification.
J Am Med Inform Assoc. 2007 Sep-Oct;14(5):550-63. doi: 10.1197/jamia.M2444. Epub 2007 Jun 28.

文献AI研究员

20分钟写一篇综述,助力文献阅读效率提升50倍。

立即体验

用中文搜PubMed

大模型驱动的PubMed中文搜索引擎

马上搜索

文档翻译

学术文献翻译模型,支持多种主流文档格式。

立即体验