de identification of the hhp data
play

De-identification of the HHP Data Khaled El Emam, CHEO RI & - PDF document

Nov 24, 2023 •307 likes •455 views

De-identification of the HHP Data Khaled El Emam, CHEO RI & uOttawa Todays Presentation Provide overview of rationale and methods P id i f ti l d th d used to de-identify the HHP data set, as well as lessons learnt The

  1. De-identification of the HHP Data Khaled El Emam, CHEO RI & uOttawa Today’s Presentation • Provide overview of rationale and methods P id i f ti l d th d used to de-identify the HHP data set, as well as lessons learnt • The complete details have been published in a recent article in JMIR: http: / / www.jmir.org/ 2012/ 1/ e33/ • Address questions from different communities: – entrants in the competition – disclosure control community – other competition organizers Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1

  2. Caveats • Certain manipulations are not revealed C t i i l ti t l d • We do not represent HPN or Kaggle – questions about the competition rules should be posted on the HHP forum for the Kaggle team to respond to Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Basic Principles • The HHP data set had to be compliant with Th HHP d t t h d t b li t ith the HIPAA Privacy Rule - this defined basic parameters that guided the de-identification • Many versions of de-identified data set were created and the data utility evaluated through modeling to see how data quality was affected – achieve a balance • Extensive discussions with other disclosure control experts along the way • De-identification was informed by known re- identification attacks Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 2

  3. The Data Set • The original data set had a lot of missingness Th i i l d t t h d l t f i i in it – this is real data that was pulled out of production systems • We do not have the names or identities of any of the patients – therefore risk assessments had to be done with estimates and simulations d i l ti • The competition data set represents a small sample of HPN members – the sub-sampling has a big impact on re-identification risk Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca HI PAA Privacy Rule • HIPAA defines two standards for the de- HIPAA d fi t t d d f th d identification of health information: – Safe Harbor – Statistical method • HIPAA has tended to be more precise about de-identification than privacy legislation in p y g other jurisdictions Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 3

  4. HI PAA Safe Harbor Safe Harbor Direct Identifiers and Quasi-identifiers 1. Names 12.Vehicle identifiers 18.Any other unique 2. ZIP Codes (except and serial numbers, identifying number, first three) including license characteristic, or 3. All elements of dates plate numbers code (except year) 13.Device identifiers 4. Telephone numbers and serial numbers 5. Fax numbers 14.Web Universal 6. Electronic mail Resource Locators addresses (URLs) 7. Social security 7. Social security 15.Internet Protocol (IP) 15.Internet Protocol (IP) numbers address numbers 8. Medical record 16.Biometric identifiers, numbers including finger and 9. Health plan voice prints beneficiary numbers 17.Full face 10.Account numbers photographic images 11.Certificate/license and any comparable numbers images; Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca HI PAA Safe Harbor Safe Harbor Direct Identifiers and Quasi-identifiers 1. Names 13.Device identifiers 2. ZIP Codes (except and serial numbers first three) 14.Web Universal 3. All elements of dates Resource Locators (except year) (URLs) 4. Telephone numbers 15.Internet Protocol (IP) 5. Fax numbers address numbers 6. Electronic mail 16.Biometric identifiers, addresses including finger and 7. Social security 7. Social security voice prints voice prints numbers 17.Full face 8. Medical record photographic images numbers and any comparable 12.Vehicle identifiers 9. Health plan images; and serial numbers, beneficiary numbers 18.Any other unique including license 10.Account numbers identifying number, 11.Certificate/license plate numbers characteristic, or numbers code Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 4

  5. Reasonableness Criterion • “Health information that does not identify an individual “H lth i f ti th t d t id tif i di id l and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.” • “… generally accepted statistical and scientific principles … ” • • “ the risk is very sm all that the information could be .. the risk is very sm all that the information could be used, alone or in combination with other reasonably available inform ation , by an anticipated recipient to identify an individual who is a subject of the information .. “ Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Statistical Method • Need to ensure that the risk of re- N d t th t th i k f identification is very small   1          I  i     N N i Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 5

  6. “Reasonable” Risk Thresholds Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Precedents - I   • The value of represents the probability Th l f t th b bilit that a record can be correctly re-identified • There are many precedents for setting this value to 0.2, 0.1, and 0.05 for the public release of health data (as well as other types of data) • For the HHP data it was decided to err on the conservative side and use a threshold value of 0.05 • This is under ideal conditions – real value likely lower Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 6

  7. Precedents - I I • HIPAA Safe Harbor estimated risk is that HIPAA S f H b ti t d i k i th t 0.04% of the population is unique:   1        1  0.9996 I i     N N i Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Risk Exposure   Risk Exposure Loss Probability • In the case of Safe Harbor:    Risk Exposure N 0.0004 1 • Equivalent HHP risk exposure:    Risk Exposure N 0.008 0.05 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 7

  8. Risk Management • Ensure that no more than 0.8% of members E th t th 0 8% f b have a probability of re-identification greater than 0.05 • A combination of technical and legal approaches used to manage the overall risk • Legal limits: – Prohibition on re-identification – Agreements with HPN service providers (e.g., labs and insurers) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Data Set Age (members) Date of claim (claim) Sex (members) Diagnosis (claim) Days in Hospital (Outcome) Length of stay (claim) Specialty of provider (claim) Provider ID (claim) Place of service (claim) Vendor ID (claim) CPT Code (claim) Pay delay (claim) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 8

  9. Pre-processing • Creating pseudonyms for the IDs C ti d f th ID • Top coding pay delay and days in hospital (99 th percentile) • Removal of high (re-identification and stigmatization) risk patients and claims: – rare and visible diagnoses – sensitive diagnoses and procedures (e.g., HIV, abortions, substance abuse, sex change) • Suppression of unique provider and vendor patterns Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Truncation of Claims • Some patients had an unusually large S ti t h d ll l numbers of claims per year – they stand out • The number of claims distribution has a very long tail • Used a score to identify which claims to truncate – those that are unique among the patients • Truncation at the 95 th percentile • Out of 113,000 patients, 9,556 patients had at least one claim truncated Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PART II Real-world de-identification of transactional data extracted from electronic health

PART II Real-world de-identification of transactional data extracted from electronic health

Target Information Architecture (TIA) to satisfy twin task demands: 1. Supply a working blueprint [architecture] & roadmap for Health Service Analytics Innovation 2. Set requirements for data de-identification framework and standard

560 views • 35 slides
Identification and Estimation of Causal Effects from Dependent Data Eli Sherman esherman@jhu.edu

Identification and Estimation of Causal Effects from Dependent Data Eli Sherman esherman@jhu.edu

Identification and Estimation of Causal Effects from Dependent Data Eli Sherman esherman@jhu.edu with Ilya Shpitser Johns Hopkins Computer Science 12/6/2018 Eli Sherman Identification and Estimation of Causal Effects from Dependent Data 1 /

379 views • 11 slides
Extent- -based Incremental Identification based Incremental Identification Extent of Reaction

Extent- -based Incremental Identification based Incremental Identification Extent of Reaction

LABORATOIRE DAUTOMATIQUE AUTOMATIC CONTROL LABORATORY Extent- -based Incremental Identification based Incremental Identification Extent of Reaction Kinetics from Spectroscopic Data of Reaction Kinetics from Spectroscopic Data XIII

428 views • 23 slides
RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software

RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software

RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software projects David OBrien | PMI Ireland Chapter 23 03 2020 Let Risk identification is your super-power Risk Identification 30 MARCH 2020 2 RISK

375 views • 22 slides
LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System

LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System

LudgerT ag V-T ag for N-glycan profiling and identification Highlights of the V-Tag System V-Tag labeling Allows glycan identification and quantitation using (U)HPLC. Provides data comparable to gold-standard glycoprofiling method based on

175 views • 15 slides
Data Reduction Techniques applied on Automatic Identification System Data Claudia Ifrim*, Iulian

Data Reduction Techniques applied on Automatic Identification System Data Claudia Ifrim*, Iulian

Data Reduction Techniques applied on Automatic Identification System Data Claudia Ifrim*, Iulian Iuga**, Florin Pop*, Manolis Wallace***, Vassilis Poulopoulos*** * - University Politehnica of Bucharest, Bucharest, Romania ** - Independent

588 views • 19 slides
Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami

Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami

1 Quantifying the Risk of Re-identification in Data Anonymization Competition Takao Murakami (AIST*, Japan) *AIST: National Institute of Advanced Industrial Science & Technology 2 Outline Data Anonymization Mechanism Plays an

543 views • 27 slides
AMRtime Precise identification of antimicrobial resistance determinants from metagenomic data

AMRtime Precise identification of antimicrobial resistance determinants from metagenomic data

AMRtime Precise identification of antimicrobial resistance determinants from metagenomic data Finlay Maguire finlaymaguire@gmail.com December 3, 2019 Faculty of Computer Science, Dalhousie University Table of contents 1. Background 2.

813 views • 43 slides
AI applications for analysis ofmulti Omics data for identification of personalized driver

AI applications for analysis ofmulti Omics data for identification of personalized driver

AI applications for analysis ofmulti Omics data for identification of personalized driver pathways and Cancer therapy candidates Uur Sezerman Acbadem niversitesi Human Genome Project Goals: identify all the approximate 30,000

907 views • 66 slides
European Clinical Data on HIV-1 Coreceptor Usage and Genotypic Identification of Tropism in HIV-2

European Clinical Data on HIV-1 Coreceptor Usage and Genotypic Identification of Tropism in HIV-2

European Clinical Data on HIV-1 Coreceptor Usage and Genotypic Identification of Tropism in HIV-2 Matthias Dring Max Planck Institute for Informatics May 8, 2015 Coreceptors are crucial for HIV-1 cell entry Delhalle et al, Int. J. Mol. Sci.

600 views • 17 slides
Does De-identification Work ? Khaled El Emam, CHEO RI & uOttawa Key Points Progress

Does De-identification Work ? Khaled El Emam, CHEO RI & uOttawa Key Points Progress

Does De-identification Work ? Khaled El Emam, CHEO RI & uOttawa Key Points Progress The evidence that it is easy to re-identify health data Th id th t it i t id tif h lth d t Intro Reid or that current de-identification

292 views • 17 slides
What is System identification Using experimental data obtained from input/output relations to

What is System identification Using experimental data obtained from input/output relations to

What is System identification Using experimental data obtained from input/output relations to model dynamic systems. disturbances input output System Different approaches to system identification depending on model class Linear/Non-linear

529 views • 48 slides
COMPREHENSIVE BEHAVIORAL HEALTH SERVICES: USING DATA FOR IDENTIFICATION, Annual Conference of

COMPREHENSIVE BEHAVIORAL HEALTH SERVICES: USING DATA FOR IDENTIFICATION, Annual Conference of

COMPREHENSIVE BEHAVIORAL HEALTH SERVICES: USING DATA FOR IDENTIFICATION, Annual Conference of PARTNERSHIP DEVELOPMENT, Advancing AND RESEARCH School Mental Health, Sept 19, 2014 Pittsburgh PA ANDRIA AMADOR, CAGS, NCSP & MARY COHEN,

734 views • 59 slides
Identification of Hazardous Road Why is Hazardous Road Location treatment necessary?

Identification of Hazardous Road Why is Hazardous Road Location treatment necessary?

Agenda Identification of Hazardous Road Why is Hazardous Road Location treatment necessary? Locations on the basis of Floating Car A need for new methods? Data The Method briefly Scientific background Data source

227 views • 4 slides
The De-identification of Longitudinal and Geospatial Data Khaled El Emam, CHEO RI & uOttawa

The De-identification of Longitudinal and Geospatial Data Khaled El Emam, CHEO RI & uOttawa

The De-identification of Longitudinal and Geospatial Data Khaled El Emam, CHEO RI & uOttawa Context The disclosure of health information for Th di l f h lth i f ti f secondary purposes, such as research Many practical

200 views • 9 slides
Face Recognition: Some Challenges in Forensics Anil K. Jain, Brendan Klare, and Unsang Park

Face Recognition: Some Challenges in Forensics Anil K. Jain, Brendan Klare, and Unsang Park

Face Recognition: Some Challenges in Forensics Anil K. Jain, Brendan Klare, and Unsang Park Forensic Identification Forensic Identification Apply science to A l i t analyze data for identification identification Traditionally:

336 views • 31 slides
1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized,

1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized,

1 PleasePrEPMe.org is your home for PrEP & PEP access. PleasePrEPMe is a mobile optimized, location responsive website. PleasePrEPMe launched in June 2015 as the California PrEP Provider directory, expanding in December 2016 to a national

472 views • 4 slides
Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects

Lets Revoke Public key infrastructure prevents Man-in-the-Middle attacks Revocation protects clients from compromised certificates Without revocation, these attacks would go undetected 2 Certificate Revocation Lists (CRLs) Lists of

544 views • 27 slides
Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47

Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47

Unicode BCP47 Extensions Mark Davis http://goo.gl/owbBk Unicode Locale/Lang ID BCP47 Optional: only use where needed sl -Latn -IT -fonipa EXTENSIONS Variant(s) [digit4/alphanum5..8] Italy - ISO 3166 [alpha2] or UN M49* [digit3]

550 views • 10 slides
MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins

MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins

MEDIACTRL IETF 77 Eric Burger eburger@standardstrack.com Spencer Dawkins spencer@wonderhamster.org March 2010 IETF 77 - Anaheim, CA, USA 1 Note Well Any submission to the IETF intended by the Contributor for publication as all or

219 views • 5 slides
Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016

Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016

Advocating for CA Prisoners Marvin Mutch Progressive Lawyering Day October 8, 2016 Introduction The Title 15 Explained Who is held to the Title 15? Does the Title 15 apply to solitary confinement? Title 15 and prisoner

277 views • 11 slides
Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B.

Risk-Limiting Audits Defined Risk-Limiting Audits in CA Discussion Simpler Risk-Limiting Audits? Conclusions Implementing Risk-Limiting Post-Election Audits in California J.L. Hall 1 , 2 L.W. Miratrix 3 P.B. Stark 3 M. Briones 4 E. Ginnold 4

631 views • 23 slides
Student Code of Conduct- Academic Integrity Slides for Faculty Members & Instructors to cover

Student Code of Conduct- Academic Integrity Slides for Faculty Members & Instructors to cover

Student Code of Conduct- Academic Integrity Slides for Faculty Members & Instructors to cover with their students Where to find the Code 1. Student Life Page 2. Policies & Procedures Library Course Syllabus Statement A breach of

88 views • 7 slides
Slides built from Carter Chapter 10 Animating Sprites (textures) Images from wikipedia.org

Slides built from Carter Chapter 10 Animating Sprites (textures) Images from wikipedia.org

Slides built from Carter Chapter 10 Animating Sprites (textures) Images from wikipedia.org Animating Sprites (textures) Images from wikipedia.org Lets Add to Our XELibrary Going to add a CelAnimationManager class Want to pass in a sheet

447 views • 24 slides

More recommend