a reality check on health information privacy how should
play

A Reality Check on Health Information Privacy: How should we - PDF document

Nov 22, 2022 •41 likes •181 views

A Reality Check on Health Information Privacy: How should we understand re-identification risks under HIPAA? Daniel C. Barth-Jones, M.P.H., Ph.D. Assist ant Professor of Clinical Epidemiology, Mailman S chool of Public Healt h Columbia

  1. A Reality Check on Health Information Privacy: How should we understand re-identification risks under HIPAA? Daniel C. Barth-Jones, M.P.H., Ph.D. Assist ant Professor of Clinical Epidemiology, Mailman S chool of Public Healt h Columbia Universit y db2431@ Columbia.edu The Value of De-identification  Properly de-identified health data is an invaluable “public good”. The broad availabilit y of de-ident ified dat a is an essent ial t ool for societ y support ing scient ific innovat ion and healt h syst em improvement and efficiency. improvement and efficiency  De-identified data does and can serve as the engine driving forward innumerable essential health systems improvements: quality improvement, health systems planning, healthcare fraud, waste and abuse detection, and medical/ public health research (e.g. comparative effectiveness research, adverse drug event monitoring, patient safety improvements and reducing health disparities).  De identified health data greatly benefits our society and provides  De-identified health data greatly benefits our society and provides strong privacy protections for the individuals. As the promise of EHRs and Health IT yields richer de-identified clinical data, the progress of our nation’ s healthcare reform will likely be built on a foundation of such de-identified health data. 2 1

  2. The Inconvenient Truth: Complete Protection ion Bad Decisions / B d S i Bad Science Ideal Situation osure Protect (Perfect Information & Trade-Off between Perfect Information Protection) Quality Unfortunately, and not achievable Privacy Protection Privacy Protection Disclo due to due to Poor mathematical Privacy constraints Protection No Protection Information Optimal Precision, No Lack of Bias Information 3 Misconceptions about HIPAA De-identified Data: “It doesn’t work… ” “ easy, cheap, powerful re-identification” ( Ohm, 2009 “ Broken Promises of Privacy” ) *Pre-HIPAA Re-identification Risks {Zip5, Birth date, Gender} Able to identify 87% id tif 87% 63% - 63% of US f US Population (S P l ti weeney, 2000, Golle, 2006)  Reality: HIPAA compliant de-identification provides important privacy protections — S afe harbor re-identification risks have been more recently estimated at 0.04%(4 in 10,000) (S weeney, NCVHS Testimony, 2007) — Safe Harbor de-identification provides protections that have been estimated to be a minimum of 400 to 1000 times more protective of privacy than permitting direct PHI access. (Benitez & Malin, JAMIA, 2010)  Reality: Under HIPAA de-identification requirements, re- identification is expensive and time-consuming to conduct, requires serious computer/ mathematical skills, is rarely successful, and uncertain as to whether it has actually succeeded 4 2

  3. Misconceptions about HIPAA De-identified Data: “ It works perfect ly and permanent ly… ”  Reality: —Perfect de-identification is not possible Perfect de identification is not possible —De-identifying does not free data from all possible subsequent privacy concerns —Data is never permanently “ de-identified” … (There is no guarantee that de-identified data will remain de-identified regardless of what you do to it after it is de-identified.) —S imply collapsing your coding categories until the data is “ k-anonymous” without considering the impact on statistical accuracy and utility can make the data unsuitable for many statistical analyses 5 Myth of the “Perfect Population Register” and importance of “Data Divergence”  The critical part of re-identification efforts that is virtually never tested by disclosure scientists is assumption of a perfect population register .  Probabilistic record linkage has some capacity to dealing with errors and inconsistencies in the linking data between the sample and the population caused by “ data divergence ” : — Time dynamics in the variables (e.g. changing Zip Codes when individuals move), — Missing and Incomplete data and — Keystroke or other coding errors in either dataset,  But the links created by probabilistic record linkage are subj ect to uncertainty. The data intruder is never really certain that the correct persons have been re-identified. 6 3

  4. Identification Spectrum De- “Breach LDS Fully No Identified Safe” Information Identified Totally Safe, But Useless Research, Treatment, Useful for Any Public Health, Payment, Permitted Uses: � Breach Purpose Healthcare Operations Avoidance Operations Protected Health Information (PHI)  Limited Data Set (LDS  ) § 164.514(e)  Eliminate 16 Direct Identifiers (Name, Address, S  Eliminate 16 Direct Identifiers (Name Address S S S N etc ) N, etc.) LDS w/o 5-digit Zip & Date of Birth (LDS afe” ) 8/24/09 FedReg  -“ Breach S  Eliminate 16 Direct Identifiers and Zip5, DoB Safe Harbor De-identified Data Set (SHDDS) § 164.514(b)(2)   Eliminate 18 Identifiers (including Geo < 3 digit Zip, All Dates except Yr) Statistically De-identified Data Sets (SDDS) § 164.514(b)(1)   Verified “very small” Risk of Re-identification 7 HIPAA Statistical De-identification Conditions  “ Risk is very small… ” — “ that the information could be used ” … “ th t th i f ti ld b d ” — “ alone or in combination with other reasonably available information”… , “ by an anticipated recipient ”… — — “ to identify an individual”… 8 4

  5. Statistically De-identified Data Sets (SDDSs)  S t at ist ical De-ident ificat ion often can be used to release some of the safe harbor “ prohibited identifiers” provided that the risk of re-identification is “very small” . that the risk of re identification is very small .  For example, more detailed geography , dat es of service or encrypt ion codes could possibly be used within statistical de-identified data based on statistical disclosure analyses showing that the risks are very small.  However, disclosure analyses must be conducted to assess risks of re-identification (e.g., encrypted data with strong statistical associations to unencrypted data can pose important re-identification risks) 9 Information Explosion - Rapid Increase in Publically Available Data  Any information which is a “ mat t er of public record ” or “ reasonably available ” in data sets record or reasonably available in data sets which contain actual identifiers should be considered a quasi-identifier under the HIPAA definition for statistical de-identification.  The amount of data that will need to be considered “ reasonably available ” quasi- identifiers should only be expected to increase identifiers should only be expected to increase due to the dramatic expansion of public records which are freely available via the internet or inexpensively purchased data from marketing data vendors. 10 5

  6. Successful Solutions: Balancing Disclosure Risk and Statistical Accuracy  When appropriately implemented, statistical de- identification seeks to protect and balance two vitally important societal interests: p — 1) Protection of the privacy of individuals in healthcare data sets, (Disclosure or Identification Risk), and — 2) Preserving the utility and accuracy of statistical analyses performed with de-identified data (Loss of Information).  Limiting disclosure inevitably reduces the quality of  Limiting disclosure inevitably reduces the quality of statistical information to some degree, but the appropriate disclosure control methods result in small information losses while substantially reducing identifiability. 11 Essential Re-identification Concepts  Essential Re-identification and S tatistical Disclosure Concepts — Record Linkage g — Linkage Keys (Quasi-identifiers) — S ample Uniques and Populat ion Uniques  S traightforward Methods for Controlling Re- identification Risk — Decreasing Uniques:  by Reducing Key Resolutions  by Increasing Reporting Population S izes  Understanding challenges for reporting geographies 12 6

  7. Record Linkage Record Linkage is achieved by matching records in separate data sets that have a common “ Key” or set of data fields. Population Register (w/ IDs) Population Register (w/ IDs) (e.g. Voter Registration) Age Name Address Gender (Y oB) … Px Dx Age Gender (Y oB) ... Codes Codes ... Sample S l Data file Quasi- Revealed Identifiers Identifiers Data (Keys) 13 Quasi-identifiers While individual fields may not be identifying by themselves, the contents of several fields in combination may be sufficient to result in identification, the set of y , fields in the Key is called the set of Quasi-identifiers . Ethnic Marital Geo- Name Address Gender Age Group S tatus graphy ^------- Quasi-identifiers ---------^ Fields that should be considered part of a Quasi- identifier are those variables which would be likely to identifier are those variables which would be likely to exist in “ reasonably available” data sets along with actual identifiers (names, etc.). Note that this includes even fields that are not “ PHI” . 14 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Health Savings Account (HSA) INDIANA UNIVERSITY Reality Check A healthy couple retiring at age

Health Savings Account (HSA) INDIANA UNIVERSITY Reality Check A healthy couple retiring at age

IU Human Resources Health Savings Account (HSA) INDIANA UNIVERSITY Reality Check A healthy couple retiring at age 65 can expect to pay $404,253 in premiums, dental, vision, hearing and all other out of pocket health-related expenses during

573 views • 25 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
Health Savings Account (HSA) for Retirees Updated 03/21/2019 INDIANA UNIVERSITY Reality Check

Health Savings Account (HSA) for Retirees Updated 03/21/2019 INDIANA UNIVERSITY Reality Check

IU Human Resources Health Savings Account (HSA) for Retirees Updated 03/21/2019 INDIANA UNIVERSITY Reality Check You may live much longer than you think. who are in their 90 &amp; mid-50s today will live to be *Source: Society of

577 views • 29 slides
Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston,

Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston,

Privacy, Cybersecurity and the Use of Digital Health Information In Healthcare John P. Houston, Esq. Vice President, Privacy and Information Security &amp; Associate Counsel 1 Types of Digital Health Information UPMC has been progressive in

701 views • 24 slides
Health Care and Information Privacy Law Alert A Corporate Department Publication March 2009

Health Care and Information Privacy Law Alert A Corporate Department Publication March 2009

Health Care and Information Privacy Law Alert A Corporate Department Publication March 2009 This Health Care and Information Privacy HITECH Act Brings New Vigor to HIPAAs Law Alert is intended to provide general Privacy and Security Rules

267 views • 3 slides
Check-up Health Information at the Library Purpose This Presentation will cover: Understanding

Check-up Health Information at the Library Purpose This Presentation will cover: Understanding

From Check-out to Check-up Health Information at the Library Purpose This Presentation will cover: Understanding your community Example programs and resources Funding Sources Resources &amp; Tools Why Health Information

650 views • 35 slides
Health Privacy Project at CDT Projects aim: Develop and promote workable privacy and

Health Privacy Project at CDT Projects aim: Develop and promote workable privacy and

12/1/2011 De Identification of De-Identification of Health Data under HIPAA: Potential Paths Forward Deven McGraw Director Health Privacy Project Director, Health Privacy Project November 30, 2011 Health Privacy Project at CDT

510 views • 9 slides
The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS

The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS

The Reality Check HC2 Needs April 17, 2020 A BETTER HC2 | 1 DISCLAIMER THIS PRESENTATION IS FOR DISCUSSION AND GENERAL INFORMATIONAL PURPOSES ONLY. IT DOES NOT HAVE REGARD TO THE SPECIFIC INVESTMENT OBJECTIVE, FINANCIAL SITUATION, SUITABILITY,

366 views • 32 slides
AND WELLBEING Questionnaire Health visitor records Health check Healthy TED

AND WELLBEING Questionnaire Health visitor records Health check Healthy TED

YOUR CHILDS HEALTH AND WELLBEING Questionnaire Health visitor records Health check Healthy TED Getting to know you Hearing check Children on their own unless you wish to attend SCHOOL ENTRY HEALTH CHECK National

360 views • 6 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Health Information Privacy Breaches Privacy Breaches EHIL Webinar November 14, 2011 1 2011

Health Information Privacy Breaches Privacy Breaches EHIL Webinar November 14, 2011 1 2011

2011 11 16 Health Information Privacy Breaches Privacy Breaches EHIL Webinar November 14, 2011 1 2011 11 16 Agenda What is a privacy breach? What is a privacy breach? Breaches we investigate How to prepare

641 views • 14 slides
Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete

EUropean Best Information through Regional Outcomes in Diabetes Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe? The case of BIRO/EUBIROD Diabetes

325 views • 20 slides
Reality Check: Using Market Analysis to Illuminate Nonresidential Lighting Opportunities

Reality Check: Using Market Analysis to Illuminate Nonresidential Lighting Opportunities

Reality Check: Using Market Analysis to Illuminate Nonresidential Lighting Opportunities Jessica Aiona, Flux Resources for Bonneville Power Administration Laura Tabor, Navigant Kate Bushman, Cadeo 1 market perspective 2 How much has the

399 views • 16 slides
Wil ill it it Break the Bank? A Reality Check About the Costs of Care in Later Life Jullie

Wil ill it it Break the Bank? A Reality Check About the Costs of Care in Later Life Jullie

Wil ill it it Break the Bank? A Reality Check About the Costs of Care in Later Life Jullie Gray, MSW, LICSW, CMC Principal, Aging Wisdom 425.647.5810 jgray@agingwisdom.com Aging Stats Nationally: 10,000 people/day turn age 65.

375 views • 26 slides
Budgeting for Life After Graduation: A Reality Check Part 3 of Preparing for Civically Engaged

Budgeting for Life After Graduation: A Reality Check Part 3 of Preparing for Civically Engaged

Budgeting for Life After Graduation: A Reality Check Part 3 of Preparing for Civically Engaged Lives Bonner 8 Themes Curriculum After This Workshop You will be able to: Understand an average monthly budget breakdown Practice

240 views • 20 slides
Client Perspective: Implementing C2SIM in a Client Dr. Robert Wittman APPROVED FOR PUBLIC

Client Perspective: Implementing C2SIM in a Client Dr. Robert Wittman APPROVED FOR PUBLIC

Client Perspective: Implementing C2SIM in a Client Dr. Robert Wittman APPROVED FOR PUBLIC RELEASE LS-141 - C2 to Simulation Interoperability (C2SIM) Slide 1 Topics Why use C2SIM (MSDL &amp; C-BML) The Crawl, Walk, Run Implementation

393 views • 28 slides
De-Identification from the Privacy Practitioners Perspective October 16, 2019 David C.

De-Identification from the Privacy Practitioners Perspective October 16, 2019 David C.

De-Identification from the Privacy Practitioners Perspective October 16, 2019 David C. Keating Alston &amp; Bird LLP www.alstonprivacy.com www.alston.com The Deidentification Spectrum Data exists on spectrum of identifiability.

420 views • 24 slides
LEAP Data Integration Platform Update as at mid Oct 2020 Introduction to LEAP LEAP is an

LEAP Data Integration Platform Update as at mid Oct 2020 Introduction to LEAP LEAP is an

LEAP Data Integration Platform Update as at mid Oct 2020 Introduction to LEAP LEAP is an innovative programme created to better the lives of thousands of children in the Lambeth community, focusing on four wards: Stockwell, Coldharbour,

424 views • 16 slides
Data privacy and big Data privacy and big data data Engineering &amp; Public Policy Lorrie

Data privacy and big Data privacy and big data data Engineering &amp; Public Policy Lorrie

CyLab Data privacy and big Data privacy and big data data Engineering &amp; Public Policy Lorrie Faith Cranor November 12, 2015 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 /

658 views • 21 slides
CompSci 356: Computer Network Architectures Lecture 8: Spanning Tree Algorithm and Basic

CompSci 356: Computer Network Architectures Lecture 8: Spanning Tree Algorithm and Basic

CompSci 356: Computer Network Architectures Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch 3.1.5 &amp; 3.2 Xiaowei Yang xwy@cs.duke.edu Review Past lectures Single link networks Point-to-point, shared media

660 views • 47 slides
Introduction Goal : Enhance Productivity Increase Delivery and Support Quality

Introduction Goal : Enhance Productivity Increase Delivery and Support Quality

Smart IP Delivery Manager - IPMS TM Pascal Adam Gabrile Saucier Design And Reuse SST - A Microchip Technology Company IP SoC Grenoble, Dec. 5-6th, 2018 Introduction Goal : Enhance Productivity Increase Delivery and Support Quality

635 views • 19 slides
Project 1 Corso di Sistemi e Architetture per Big Data A.A. 2017/18 Valeria Cardellini, Matteo

Project 1 Corso di Sistemi e Architetture per Big Data A.A. 2017/18 Valeria Cardellini, Matteo

Universit degli Studi di Roma Tor Vergata Dipartimento di Ingegneria Civile e Ingegneria Informatica Project 1 Corso di Sistemi e Architetture per Big Data A.A. 2017/18 Valeria Cardellini, Matteo Nardelli Project delivery

288 views • 6 slides
To Towards Production-Ru Run Heisenbugs Re Reproduction on Commercial Hardware Shiyou Huang

To Towards Production-Ru Run Heisenbugs Re Reproduction on Commercial Hardware Shiyou Huang

To Towards Production-Ru Run Heisenbugs Re Reproduction on Commercial Hardware Shiyou Huang Bowen Cai and Jeff Huang 1 Whats a coders worst nightmare? https://www.quora.com/What-is-a-coders-worst-nightmare 2 The bug only occurs in

901 views • 50 slides

More recommend