Format

Send to

Choose Destination
EGEMS (Wash DC). 2019 Mar 29;7(1):6. doi: 10.5334/egems.270.

Assessing and Minimizing Re-identification Risk in Research Data Derived from Health Care Records.

Author information

1
Kaiser Permanente Washington Health Research Institute, Seattle, WA, US.
2
HealthPartners Institute, Minneapolis, MN, US.
3
Kaiser Permanente Hawaii Center for Health Research, Honolulu, HI, US.
4
Baylor Scott and White Research Institute, Dallas, TX, US.
5
Kaiser Permanente Northwest Center for Health Research, Portland, OR, US.

Abstract

Background:

Sharing of research data derived from health system records supports the rigor and reproducibility of primary research and can accelerate research progress through secondary use. But public sharing of such data can create risk of re-identifying individuals, exposing sensitive health information.

Method:

We describe a framework for assessing re-identification risk that includes: identifying data elements in a research dataset that overlap with external data sources, identifying small classes of records defined by unique combinations of those data elements, and considering the pattern of population overlap between the research dataset and an external source. We also describe alternative strategies for mitigating risk when the external data source can or cannot be directly examined.

Results:

We illustrate this framework using the example of a large database used to develop and validate models predicting suicidal behavior after an outpatient visit. We identify elements in the research dataset that might create risk and propose a specific risk mitigation strategy: deleting indicators for health system (a proxy for state of residence) and visit year.

Discussion:

Researchers holding health system data must balance the public health value of data sharing against the duty to protect the privacy of health system members. Specific steps can provide a useful estimate of re-identification risk and point to effective risk mitigation strategies.

KEYWORDS:

HIPAA; confidentiality; data sharing; electronic health records; privacy

Conflict of interest statement

The authors have no competing interests to declare.

Supplemental Content

Full text links

Icon for PubMed Central
Loading ...
Support Center