Confidentiality risks in fine scale aggregations of health data

Curtis, Andrew; Mills, John; Agustin, Loraine; Cockburn, Myles

doi:10.1016/j.compenvurbsys.2010.08.002

Cited by 28 publications

(36 citation statements)

References 20 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In terms of privacy protection, the risk of uncovering individual locations at an aggregated dataset to a zip code level is considered very low. However, aggregated data to the zip code level is often too abstract to uncover relationships related to the physical or cultural neighborhood [2]. For example, the use of zip code aggregated healthcare datasets to link patients' recovery outcomes after hospital discharges may encompass several culturally diverse neighborhoods, but the risk of reverseengineering the geo-coded data is low.…”

Section: Aggregationmentioning

confidence: 98%

“…As a result, there has been an increasing pressure on these providers to share health information with external researchers, academics, and business contractors [7]. However, sharing healthcare data with external partners is a major challenge due to privacy provisions (e.g., HIPAA) and concerns; maps have the potential to be reverse-engineered to reveal Protected Health Information (PHI) about individuals [2]. Although researchers have attended to risks associated with spatial confidentiality, there is an understanding between researchers and healthcare organizations, that much work is still needed to generate well-established guidelines or frameworks to overcome these risks.…”

Section: Introductionmentioning

confidence: 98%

“…As a consequence, a variety of methods have been introduced to mask patients' locational information, also called geo-masking methods [2]. This study assessed the five main geo-masking methods as cited by [3] in terms of re-identification risk and performance.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Protecting patient geo-privacy via a triangular displacement geo-masking method

Murad

Hilton

Horan

et al. 2014

Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis

View full text Add to dashboard Cite

Protecting patient geo-privacy while allowing for valid geographic analyses of the data is a major challenge [1]. As a consequence, a variety of methods have been introduced to mask patients' locational information, also called geo-masking methods [2]. This study assessed the five main geo-masking methods as cited by [3] in terms of re-identification risk and performance. These five methods are Random Direction and Fixed Radius, Random Perturbation within a Circle, Gaussian Displacement, Donut Masking, and Bimodal Gaussian Displacement. Based on the assessment, the study highlighted two major gaps in the design of these geo-masking methods. First, all five geo-masking methods used only population density in calculating the displacement distances between the original locations of points and their new locations. However, other criteria that might be as important as population density were not considered in designing these five methods. These include data sensitivity, research types, quasi-indicator availability, previously generated maps availability, end-users' types, and the possibility of temporal synergy of data. Second, the Donut Masking and the Bimodal Gaussian Displacement methods were found to be superior in terms of minimizing re-identifying risks, but they were also found to be consuming much more processing power compared to the other three geo-masking methods. To address these gaps, this study proposed a new geo-masking method, called the "Triangular Displacement". The primary design, development, and evaluation of the Triangular Displacement method were based on the Design Science Research (DSR) Process Model [4], also known as DSRM. The expected next step is to implement the resultant geomasking method as a tool to help healthcare data guardians deidentify large sets of PHR automatically. A pilot study with a large Southern Californian healthcare provider has been outlined to examine the efficacy of the developed solution.

show abstract

Section: Aggregationmentioning

confidence: 98%

Section: Introductionmentioning

confidence: 98%

See 1 more Smart Citation

Protecting patient geo-privacy via a triangular displacement geo-masking method

Murad

Hilton

Horan

et al. 2014

Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis

View full text Add to dashboard Cite

show abstract

“…In general, decreasing the amount of disclosure risk by applying more stringent geographic masking processes also decreases the accuracy of inferences obtainable from the released data source (Karr et al, 2006). While there is a wide understanding of this tradeoff between disclosure risk and data utility, there is no consensus on a particular methodology to visualize and share confidential data without dramatically limiting any analyses (Curtis et al, 2011).…”

Section: Literature Reviewmentioning

confidence: 99%

“…One aggregation approach, areal aggregation, enumerates the total existing within a predefined political or administrative entity, whereas a second approach, point aggregation, assigns individual records to a single location representing a subset of the original locations (Armstrong et al, 1999). The ubiquitousness of this masking method is likely attributed to the ease for local data custodians, who may be technically or resource limited, to conduct this technique (Curtis et al, 2011). Armstrong et al denoted four means in which the ability of the researcher to detect clusters or investigate potential relationships is compromised by employing aggregation (Armstrong et al, 1999).…”

Section: Geographic Perturbation Methodsmentioning

confidence: 99%

Wider Dissemination of Household Travel Survey Data Using Geographical Perturbation Methods

Clifton¹,

Gehrke²

2014

View full text Add to dashboard Cite

Individual privacy versus public good: protecting confidentiality in health research

O'Keefe

Rubin

2015

Statistics in Medicine

View full text Add to dashboard Cite

Health and medical data are increasingly being generated, collected, and stored in electronic form in healthcare facilities and administrative agencies. Such data hold a wealth of information vital to effective health policy development and evaluation, as well as to enhanced clinical care through evidence-based practice and safety and quality monitoring. These initiatives are aimed at improving individuals' health and well-being. Nevertheless, analyses of health data archives must be conducted in such a way that individuals' privacy is not compromised. One important aspect of protecting individuals' privacy is protecting the confidentiality of their data. It is the purpose of this paper to provide a review of a number of approaches to reducing disclosure risk when making data available for research, and to present a taxonomy for such approaches. Some of these methods are widely used, whereas others are still in development. It is important to have a range of methods available because there is also a range of data-use scenarios, and it is important to be able to choose between methods suited to differing scenarios. In practice, it is necessary to find a balance between allowing the use of health and medical data for research and protecting confidentiality. This balance is often presented as a trade-off between disclosure risk and data utility, because methods that reduce disclosure risk, in general, also reduce data utility.

show abstract

Confidentiality risks in fine scale aggregations of health data

Cited by 28 publications

References 20 publications

Protecting patient geo-privacy via a triangular displacement geo-masking method

Protecting patient geo-privacy via a triangular displacement geo-masking method

Wider Dissemination of Household Travel Survey Data Using Geographical Perturbation Methods

Individual privacy versus public good: protecting confidentiality in health research

Contact Info

Product

Resources

About