Estimating the re-identification risk of clinical data sets

Fida Kamal Dankar, Khaled El Emam, Angelica Neisa, Tyson Roffey

Research output: Contribution to journalArticlepeer-review

53 Citations (Scopus)

Abstract

Background: De-identification is a common way to protect patient privacy when disclosing clinical data for secondary purposes, such as research. One type of attack that de-identification protects against is linking the disclosed patient data with public and semi-public registries. Uniqueness is a commonly used measure of re-identification risk under this attack. If uniqueness can be measured accurately then the risk from this kind of attack can be managed. In practice, it is often not possible to measure uniqueness directly, therefore it must be estimated. Methods: We evaluated the accuracy of uniqueness estimators on clinically relevant data sets. Four candidate estimators were identified because they were evaluated in the past and found to have good accuracy or because they were new and not evaluated comparatively before: the Zayatz estimator, slide negative binomial estimator, Pitmans estimator, and mu-argus. A Monte Carlo simulation was performed to evaluate the uniqueness estimators on six clinically relevant data sets. We varied the sampling fraction and the uniqueness in the population (the value being estimated). The median relative error and inter-quartile range of the uniqueness estimates was measured across 1000 runs. Results: There was no single estimator that performed well across all of the conditions. We developed a decision rule which selected between the Pitman, slide negative binomial and Zayatz estimators depending on the sampling fraction and the difference between estimates. This decision rule had the best consistent median relative error across multiple conditions and data sets. Conclusion: This study identified an accurate decision rule that can be used by health privacy researchers and disclosure control professionals to estimate uniqueness in clinical data sets. The decision rule provides a reliable way to measure re-identification risk.

Original languageEnglish
Article number66
JournalBMC Medical Informatics and Decision Making
Volume12
Issue number1
DOIs
Publication statusPublished - 2012
Externally publishedYes

ASJC Scopus subject areas

  • Health Policy
  • Health Informatics
  • Computer Science Applications

Fingerprint

Dive into the research topics of 'Estimating the re-identification risk of clinical data sets'. Together they form a unique fingerprint.

Cite this