Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

The disclosure of diagnosis codes can breach research participants' privacy

Loukides, Grigorios ORCID: https://orcid.org/0000-0003-0888-5061, Denny, J. C. and Malin, B. 2010. The disclosure of diagnosis codes can breach research participants' privacy. JAMIA Journal of the American Medical Informatics Assocation 17 (1) , pp. 322-327. 10.1136/jamia.2009.002725

Full text not available from this repository.

Abstract

Objective: De-identified clinical data in standardized form (eg, diagnosis codes), derived from electronic medical records, are increasingly combined with research data (eg, DNA sequences) and disseminated to enable scientific investigations. This study examines whether released data can be linked with identified clinical records that are accessible via various resources to jeopardize patients' anonymity, and the ability of popular privacy protection methodologies to prevent such an attack. Design: The study experimentally evaluates the re-identification risk of a de-identified sample of Vanderbilt's patient records involved in a genome-wide association study. It also measures the level of protection from re-identification, and data utility, provided by suppression and generalization. Measurement: Privacy protection is quantified using the probability of re-identifying a patient in a larger population through diagnosis codes. Data utility is measured at a dataset level, using the percentage of retained information, as well as its description, and at a patient level, using two metrics based on the difference between the distribution of Internal Classification of Disease (ICD) version 9 codes before and after applying privacy protection. Results: More than 96% of 2800 patients' records are shown to be uniquely identified by their diagnosis codes with respect to a population of 1.2 million patients. Generalization is shown to reduce further the percentage of de-identified records by less than 2%, and over 99% of the three-digit ICD-9 codes need to be suppressed to prevent re-identification. Conclusions: Popular privacy protection methods are inadequate to deliver a sufficiently protected and useful result when sharing data derived from complex clinical systems. The development of alternative privacy protection models is thus required.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Publisher: BMJ Publishing Group Limited
ISSN: 1067-5027
Last Modified: 18 Oct 2022 14:23
URI: https://orca.cardiff.ac.uk/id/eprint/17315

Citation Data

Cited 81 times in Scopus. View in Scopus. Powered By Scopus® Data

Actions (repository staff only)

Edit Item Edit Item
Altmetric
Dimensions
CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services