20
Risk-based De-identification Khaled El Emam, CHEO RI & uOttawa

Risk Based De-identification for Sharing Health Data

  • Upload
    kelemam

  • View
    1.034

  • Download
    4

Tags:

Embed Size (px)

DESCRIPTION

This presentation describes a methodology, tools, and experiences for the de-identification of health information. The objective is to support data sharing for the purpose of research and public health.

Citation preview

Page 1: Risk Based De-identification for Sharing Health Data

Risk-based De-identificationKhaled El Emam, CHEO RI & uOttawa

Page 2: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• Re-identification risk assessment, re-identification attacks, de-identification:– Birth registry / newborn screening program– Tumor bank– Hospital data (discharge abstracts and

pharmacy databases) – local, provincial/state, national

– EMR data

Background

Page 3: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• De-identification works well in practice if you adopt a risk-based approach

• Re-identification attacks are hard• It is possible to de-identify data sets

and still retain sufficient utility• De-identification can be made simple

Issues

Page 4: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Re-identification Risk Spectrum

Page 5: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Page 6: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Managing Re-identification Risk

RiskExposure

Amount ofDe-identification

MitigatingControls

Motives &Capacity

Invasion-of-PrivacyV A

V A

-

- ++

Page 7: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Determining Pr Re-identification Attempts

Page 8: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Determining Risk Threshold to Use

Page 9: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• Adjust threshold• Adjust amount of suppression that is

acceptable• Adjust precision of variables• Sub-sample• Adjust variable weights

Tradeoffs Made

Page 10: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• Passage through research ethics is significantly faster for “secondary use” protocols that are certified as low risk

• Provides an incentive for data recipients to improve their security and privacy practices

• Provides an incentive for funders to cover the costs of infrastructure for handling data

• Amount of de-identification is proportionate to the actual risk

Advantages

Page 11: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Risk Assessment

Page 12: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

De-identification

Page 13: Risk Based De-identification for Sharing Health Data

Risk Assessment for REB

Page 14: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Risk Assessment for REB

Page 15: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

Risk Assessment for REB

Page 16: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• ‘Rogue researcher’ adversary• Search queries considered high risk• Combination of sub-sampling and

generalization for each tumor site data• Moving towards researcher self-

assessments to decide appropriate level of de-identification

Example – Tumor Bank

Page 17: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• ‘ Nosey neighbor’ adversary• Creation of a public data file• Diagnosis and intervention codes

presented difficulties• High level of suppression for a public

file, but acceptable utility with stronger access controls (higher threshold)

Example – Discharge Abstracts

Page 18: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• An audit program is required to ensure compliance with ‘mitigating controls’

• What if a breach happens ?– A risk management approach ensures that

the data is highly de-identified in situations where breaches are most likely

– Can demonstrate due diligence

Practical Considerations

Page 19: Risk Based De-identification for Sharing Health Data

Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca

Bckgrd

Contents

End

• Geospatial data and longitudinal data always represent challenges because they increase the risk of re-identification

• Thus far we’ve never had to decline a data request because of identifiability or were unable to provide data with sufficient utility for a study

Lessons Learned

Page 20: Risk Based De-identification for Sharing Health Data

www.ehealthinformation.ca

www.ehealthinformation.ca/knowledgebase

[email protected]

http://www.ehealthinformation.ca/documents/OPCReportv11.pdf
http://www.ehealthinformation.ca/documents/HealthCanadaReidReport.pdf

c4a - Risk Identification Measurement

c4a - Risk Identification Measurement

Documents
Failure Mode Effects Analysis Effects Analysis Risk Identification FMEA Risk Identification FMEA

Failure Mode Effects Analysis Effects Analysis Risk Identification FMEA Risk Identification FMEA

Documents
Planning and Risk Identification

Planning and Risk Identification

Documents
L03 Risk Identification

L03 Risk Identification

Documents
Risk Assessment Hazard Identification

Risk Assessment Hazard Identification

Documents
Risk Identification

Risk Identification

Documents
Enterprise Risk Management (Risk identification and assessment )

Enterprise Risk Management (Risk identification and assessment )

Documents
Security Risk Assessment Guide for Industrial Control SystemsRisk Assessment Overall process of risk identification, risk analysis and risk evaluation Risk Identification Process of

Security Risk Assessment Guide for Industrial Control SystemsRisk Assessment Overall process of risk identification, risk analysis and risk evaluation Risk Identification Process of

Documents
HAZARD IDENTIFICATION & RISK ASSESSMENT (HIRA) likely ...environmentclearance.nic.in/writereaddata/online/... · HAZARD IDENTIFICATION & RISK ASSESSMENT (HIRA) A Hazard Identification

HAZARD IDENTIFICATION & RISK ASSESSMENT (HIRA) likely ...environmentclearance.nic.in/writereaddata/online/... · HAZARD IDENTIFICATION & RISK ASSESSMENT (HIRA) A Hazard Identification

Documents
HIGH-RISK MUNITIONS IDENTIFICATION GUIDE high-risk munitions identification guide subject: high-risk munitions identification guide keywords

HIGH-RISK MUNITIONS IDENTIFICATION GUIDE high-risk munitions identification guide subject: high-risk munitions identification guide keywords

Documents
HAZARD IDENTIFICATION, RISK ASSESSMENT & RISK CONTROL …sabah.gov.my/mlgh/HIRARC.pdf · hazard identification, risk assessment & risk ... why we need osh-ms ... hazard identification,

HAZARD IDENTIFICATION, RISK ASSESSMENT & RISK CONTROL …sabah.gov.my/mlgh/HIRARC.pdf · hazard identification, risk assessment & risk ... why we need osh-ms ... hazard identification,

Documents
Risk Sharing with Multilateral Financial Institutions …oa.upm.es/14400/1/Raul_Rosales_Araque.pdf · Risk Sharing with Multilateral Financial ... Risk Sharing with Multilateral Financial

Risk Sharing with Multilateral Financial Institutions …oa.upm.es/14400/1/Raul_Rosales_Araque.pdf · Risk Sharing with Multilateral Financial ... Risk Sharing with Multilateral Financial

Documents
RISK SHARING PARTNERSHIPS

RISK SHARING PARTNERSHIPS

Documents
HAZARD IDENTIFICATION, RISK ASSESSMENT & RISK CONTROL

HAZARD IDENTIFICATION, RISK ASSESSMENT & RISK CONTROL

Documents
Risk-Sharing Networks in Rural Philippines Marcel ...fafchamp/risk.pdf · Risk-Sharing Networks in Rural Philippines Marcel Fafchamps † and Susan ... model of risk sharing. The

Risk-Sharing Networks in Rural Philippines Marcel ...fafchamp/risk.pdf · Risk-Sharing Networks in Rural Philippines Marcel Fafchamps † and Susan ... model of risk sharing. The

Documents
Risk Identification, Assessment & · PDF fileRisk Identification, Assessment & Facilitation ... Risk Identification, Assessment & Facilitation ... extensive experience in financial

Risk Identification, Assessment & · PDF fileRisk Identification, Assessment & Facilitation ... Risk Identification, Assessment & Facilitation ... extensive experience in financial

Documents
Agriculture Risk Sharing - African Development Bank · 2019. 6. 29. · 7 Workshop on Establishing an African Agriculture Risk Sharing and Financing Mechanism Risk Sharing the risk

Agriculture Risk Sharing - African Development Bank · 2019. 6. 29. · 7 Workshop on Establishing an African Agriculture Risk Sharing and Financing Mechanism Risk Sharing the risk

Documents
Risk sharing: webinar presentation

Risk sharing: webinar presentation

Documents
boundaries in risk –sharing experiences · 2019. 12. 19. · Denaturants Indelible identification of feed materials. EFSA@10 Challenging boundaries in risk assessment – sharing

boundaries in risk –sharing experiences · 2019. 12. 19. · Denaturants Indelible identification of feed materials. EFSA@10 Challenging boundaries in risk assessment – sharing

Documents
Informal Risk Sharing, Index Insurance and Risk-Taking in ...faculty.som.yale.edu/mushfiqmobarak/papers/insuranceAEA.pdf · Informal Risk Sharing, Index Insurance and Risk-Taking

Informal Risk Sharing, Index Insurance and Risk-Taking in ...faculty.som.yale.edu/mushfiqmobarak/papers/insuranceAEA.pdf · Informal Risk Sharing, Index Insurance and Risk-Taking

Documents
A Graphical Approach to Risk Identification, Motivated by ...coras.sourceforge.net/documents/models06.pdf · A Graphical Approach to Risk Identification, ... Approach to Risk Identification,

A Graphical Approach to Risk Identification, Motivated by ...coras.sourceforge.net/documents/models06.pdf · A Graphical Approach to Risk Identification, ... Approach to Risk Identification,

Documents
Risk identification in practice

Risk identification in practice

Documents
Health Insurance Risk-Sharing Plan (HIRSP)€¦ · Health Insurance Risk-Sharing Plan (HIRSP) The health insurance risk-sharing plan (HIRSP) offers health insurance coverage to Wisconsin

Health Insurance Risk-Sharing Plan (HIRSP)€¦ · Health Insurance Risk-Sharing Plan (HIRSP) The health insurance risk-sharing plan (HIRSP) offers health insurance coverage to Wisconsin

Documents
Performance-Based Risk-Sharing Arrangements - · PDF fileISPOR Performance Based Risk Sharing Arrangements TF Report FINAL DRAFT for REVIEW 1 . Performance-Based Risk-Sharing Arrangements

Performance-Based Risk-Sharing Arrangements - · PDF fileISPOR Performance Based Risk Sharing Arrangements TF Report FINAL DRAFT for REVIEW 1 . Performance-Based Risk-Sharing Arrangements

Documents
Risk Identification and Risk Assessment

Risk Identification and Risk Assessment

Documents
Hazard Risk Identification

Hazard Risk Identification

Documents
Risk sharing tech dvpt

Risk sharing tech dvpt

Documents
Risk Identification, Assessment & Facilitation · PDF fileRisk Identification, Assessment & Facilitation ... Risk Identification, Assessment & Facilitation ... extensive experience

Risk Identification, Assessment & Facilitation · PDF fileRisk Identification, Assessment & Facilitation ... Risk Identification, Assessment & Facilitation ... extensive experience

Documents
RISK IDENTIFICATION, ASSESSMENT AND …...Risk Identification, Assessment and Response Risk Identification Techniques Any number of techniques can be used to identify potential events

RISK IDENTIFICATION, ASSESSMENT AND …...Risk Identification, Assessment and Response Risk Identification Techniques Any number of techniques can be used to identify potential events

Documents
Hazard Identification, Risk Assessment & Risk Control ...osh.ummc.edu.my/osh/images/slide hirarc _oshe.pdf · Hazard Identification, Risk Assessment & Risk Control (HIRARC) Training

Hazard Identification, Risk Assessment & Risk Control ...osh.ummc.edu.my/osh/images/slide hirarc _oshe.pdf · Hazard Identification, Risk Assessment & Risk Control (HIRARC) Training

Documents