Evaluating the risk of re-identification of patients from hospital prescription records

Khaled El Emam, Fida K. Dankar, Régis Vaillancourt, Tyson Roffey, Mary Lysyk

Research output: Contribution to journalArticlepeer-review

48 Citations (Scopus)

Abstract

Background: Pharmacies often provide prescription records to private research firms, on the assumption that these records are de-identified (i.e., identifying information has been removed). However, concerns have been expressed about the potential that patients can be re-identified from such records. Recently, a large private research firm requested prescription records from the Children's Hospital of Eastern Ontario (CHEO), as part of a larger effort to develop a database of hospital prescription records across Canada. Objective: To evaluate the ability to re-identify patients from CHEO'S prescription records and to determine ways to appropriately de-identify the data if the risk was too high. Methods: The risk of re-identification was assessed for 18 months' worth of prescription data. De-identification algorithms were developed to reduce the risk to an acceptable level while maintaining the quality of the data. Results: The probability of patients being re-identified from the original variables and data set requested by the private research firm was deemed quite high. A new de-identified record layout was developed, which had an acceptable level of re-identification risk. The new approach involved replacing the admission and discharge dates with the quarter and year of admission and the length of stay in days, reporting the patient's age in weeks, and including only the first character of the patient's postal code. Additional requirements were included in the data-sharing agreement with the private research firm (e.g., audit requirements and a protocol for notification of a breach of privacy). Conclusions: Without a formal analysis of the risk of re-identification, assurances of data anonymity may not be accurate. A formal risk analysis at one hospital produced a clinically relevant data set that also protects patient privacy and allows the hospital pharmacy to explicitly manage the risks of breach of patient privacy.

Original languageEnglish
Pages (from-to)307-319
Number of pages13
JournalCanadian Journal of Hospital Pharmacy
Volume62
Issue number4
Publication statusPublished - Jul 2009
Externally publishedYes

Keywords

  • Data anonymity
  • De-identification
  • Privavy
  • Re-identification risk
  • Secondary use of data

ASJC Scopus subject areas

  • Pharmacy
  • Pharmacology (medical)

Fingerprint

Dive into the research topics of 'Evaluating the risk of re-identification of patients from hospital prescription records'. Together they form a unique fingerprint.

Cite this