part ii real world de identification of transactional
play

PART II Real-world de-identification of transactional data extracted - PowerPoint PPT Presentation

Feb 09, 2024 •204 likes •560 views

Target Information Architecture (TIA) to satisfy twin task demands: 1. Supply a working blueprint [architecture] & roadmap for Health Service Analytics Innovation 2. Set requirements for data de-identification framework and standard

  1. Target Information Architecture (TIA) – to satisfy twin task demands: 1. Supply a working blueprint [architecture] & roadmap for Health Service Analytics Innovation 2. Set requirements for data de-identification framework and standard operating procedures that operationalize that framework PART II “Real-world” de-identification of transactional data extracted from electronic health records – breaking the curse of dimensionality Adapted from: presentation to the 20 th Annual Privacy and Security Conference (Reboot), February 7, 2019 July 16, 2019 Kenneth A. Moselle, PhD, R.Psych. Director, Applied Clinical Research Unit, Island Health 1 Adjunct Assoc. Professor, University of Victoria

  2. This presentation represents Part II of a set of documents concerned with two related challenges: 1. Part I - Target Information Architecture - derivation of products from health service data that are sufficiently statistically/methodologically robust and targeted that they at least warrant consideration as candidates for translation back to a health service system. 2. Part II – Data De-Identification - disclosure/access management of source health service data to those parties/team who are likely to possess the requisite combinations of clinical content domain knowledge and statistical/analytically expertise required to generate useful/usable products. In effect, Part I sets out the requirements for Part II – the methodology covered in Part II must scale out to the types of datasets required to generate the products covered in Part I. 2

  3. Streamlined, Privacy-Protected Access to Data – the Ultimate Quest and Grand Challenge A body of person-level, real-world transactional (and other) health data, extracted from a jurisdictionally- heterogeneous array of clinical information systems, pre- authorized by multiple stewards for disclosure –under a well- specified set of conditions) This is in the real world! 3

  4. My kingdom for consensus on a data de-identification methodology that scales out to real-world high- dimensional health datasets • A Thorny Problem - when data linkage, de-identificatio n and access are centrally administered, how can this distributed array of source-data stewards know the privacy risk profile of the linked data ? If they don’t know this – how can they sign off on a disclosure – assuming that “risk” and “legislative/regulatory compliance” has something to do with “data contents”. Might this slow down approval processes??? • Required –an explicitly articulated data disclosure privacy risk model, clear operational definitions of key constructs such as “i dentifiable ” or “ anonymized ” or “ limiting disclosure ” – or “ de-identified ” or “ risk ” – and a set of standard operating procedures keyed to that model. • No model = no shared understanding or consensus at the level of SOPs. • With these SOPs recapitulated at every point and level within the data ecology (a ‘fractal’ data access management architecture) we can implement distributed and proportionate data de-identification procedures. • With proportionate data de-identification in place, we can then implement collective proportionate governance –calibrating level of oversight, review and data protection to risk. 4

  5. Our method must be able to adjudicate among a variety of options 1. No de-identification – disclose with unique identifiers 2. Nominal de-identification – remove “obvious” identifiers. 3. Ad hoc rule-of-thumb approaches plus #2, e.g., coarsen Postal Codes and Dates of Birth. 4. Documented & validated heuristic approaches (e.g., Safe Harbor 18 categories of re-identification “risk carriers”) 5. Statistical disclosure control (SDC)-based methods – e.g., k-anonymization. 6. Data simulation approaches (?? how far can these go??). 7. No disclosure, even if judged to be in the public good. For related work (with details) see: El Emam, K. & Hassan, W. (2013) The De-identification Maturity Model. Privacy Analytics, Inc. http://waelhassan.com/wp-content/uploads/2013/06/DMM-Khaled-El-Emam-Wael-Hassan.pdf 5

  6. How about Option #2? We’ll just jettison the primary care data, invoke provisions that allow disclosures of personal information for research purposes, and get on with it. 35 (1)A public body may disclose personal information in its custody or under its control for a research purpose, including statistical research [subject to a specified set of conditions that include approval from the head of the public body…] (from BC Freedom of Information and Protection of Privacy Act, current as of Jan 2, 2019). • Question : Why don’t we just invoke 35(1) and implement robust technical controls? • Answer #1: General limiting principles in privacy laws/codes; “unreasonable invasion of privacy”; recognition of “mosaic effect” associated with “seemingly innocuous” bits of [linkable] information: In the US HIPAA Privacy Rule, there is a similar “minimal necessary” requirement. Therefore, as a starting point, the application of such limiting principles or minimal necessary criteria requires that de-identification be considered for all collection, use, and disclosure of health information. (El Emam, Jonker, & Fineberg. The Case for De-Identifying Personal Health Information (January 18, 2011). • Answer #2 : Legislative compliance is not the same as due diligence. • Answer #3 : Free floating generalized data disclosure anxiety states (or traits) – GDDAS – not in ICD9/10 or DSM-V) NOTE: GDDAS is often secondary to absence of organizational standard operating procedures and documentation of methods and justification of those methods for meeting “limiting disclosure” requirements (see e.g. CFR164.514 or GDPR re: requirements around documenting procedures). 6

  7. How about Option #5 – we’ll just de-identify using classic k-anonymization • k-anonymization – the industry-standard, most basic tool for implementing the US Privacy Rule [statistical] expert determination method for data de- identification – for “limiting disclosure” in a methodologically transparent fashion that translates across data disclosure scenarios. • It works by rendering cases INDISTINGUISHABLE on the basis of any information available in the world that could be used for re-identification purposes – compress dimensions in space so that distinguished cases are re- located to essentially exactly the SAME place in data space. • Sounds great. What’s the problem? Cavoukian and Castro concede that de-identification is inadequate for high dimensional data. But nowadays most interesting datasets are high-dimensional. High-dimensional data consists of numerous data points about each individual, enough that every individual’s record is likely to be unique, and not even similar to other records. Cavoukian and Castro admit that: “In the case of high-dimensional data, additional arrangements may need to be pursued, such as making the data available to researchers only under tightly restricted legal agreements.” Of course, restrictive legal agreements are not a form of de-identification. Rather, they are a necessary protection in cases where de-identification is unavailable or is likely to fail. Arvind Narayanan & Ed Felten, No Silver Bullet: De-Identification Still Doesn't Work, July 9, 2014. But see also El Emam (numerous) 7 for a response.

  8. You can’t get there from here – how high dimensionality breaks k-anonymization People starting to “clump” Everybody distinguishable Inherently together into groups where Not so – in practically uncountably Problematic members are similar – and Problematic many different ways more privacy-protected. The more similar people are in a dataset, the more difficult it is to re-identify anybody with any “reasonable” degree of confidence. You want to be able to get from this state to that state, while preserving the fitness of the data . So sorry! Distinguishability is another name for “distance”. k-anonymization measures distance in the quintessentially most simple way – exact correspondence on one or more risk-carrying attributes. But being able to measuring distance (i.e., similarity vs difference) between people is one of the most basic curse(s) of High Dimensional Data – and essentially everybody in a high dimensional dataset is likely to be as different as their fingerprints. You can inject statistic noise into the dataset. That does nothing about distinguishability, but it does obscure the relationship between the data and reality - that detracts from the fitness of the data. And, the amount of noise you have to inject increases multiplicatively as you add dimensions. So this is not a solution, at least not for research with a real-world applied focus. 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Safety surveillance in real world data: leveraging transactional insurance claims databases and

Safety surveillance in real world data: leveraging transactional insurance claims databases and

Worldwide Safety Strategy Safety surveillance in real world data: leveraging transactional insurance claims databases and electronic medical records Andrew Bate Andrew Bate Senior Director, Analytics Team Lead, Epidemiology, Worldwide Safety

541 views • 13 slides
A Model in Science Something made to be like some part of the real world in a particular

A Model in Science Something made to be like some part of the real world in a particular

A Model in Science Something made to be like some part of the real world in a particular way. Studying a good model can help us learn something about the natural world. A scale model is a smaller (or bigger) picture or sculpture of

256 views • 21 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov.

15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov.

15-853:Algorithms in the Real World Announcement: HW3 was released on Tuesday Due on Nov. 20 11:59pm Small typo corrected in Problem 3.2: Use part (a) -> Use part (1) No recitation tomorrow: Work on HW Naama will have two

551 views • 31 slides
OKness HEALING THE DIVISIONS IN OUR WORLD 2019 JOINT TRANSACTIONAL ANALYSIS CONFERENCE 31 JULY

OKness HEALING THE DIVISIONS IN OUR WORLD 2019 JOINT TRANSACTIONAL ANALYSIS CONFERENCE 31 JULY

Promoting Equality and OKness HEALING THE DIVISIONS IN OUR WORLD 2019 JOINT TRANSACTIONAL ANALYSIS CONFERENCE 31 JULY - 3 August Raleigh, North Carolina, USA Empowering to Defeat Poverty Vs. The Robin Hood Syndrome 2019 JOINT TRANSACTIONAL

467 views • 34 slides
Influence Identification on Independent Cascade Model

Influence Identification on Independent Cascade Model

Influence Identification on Independent Cascade Model Part 1 Introduction Part 2 Related Work Part 3 Algorithm Part 4 Experiment Part 5 Conclusion Part 6 References

723 views • 33 slides
Cloth Collisions/Contact Challenges Cloth is thin Critical part of real-world clothing

Cloth Collisions/Contact Challenges Cloth is thin Critical part of real-world clothing

Cloth Collisions/Contact Challenges Cloth is thin Critical part of real-world clothing sims is collision Not too many simple flags / curtains / table cloths in movies! Once you have a penetration, its very obvious This

235 views • 11 slides
elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June

A gentle introduction to elliptic curve cryptography Craig Costello Summer School on Real-World Crypto and Privacy June 11, 2018 ibenik , Croatia Part 1: Motivation Part 2: Elliptic Curves Part 3: Elliptic Curve Cryptography Part 4:

1.38k views • 48 slides
Newbury Pre Diabetes Project A real-world implementation of QDiabetes in a CCG Area Tim Walter

Newbury Pre Diabetes Project A real-world implementation of QDiabetes in a CCG Area Tim Walter

Newbury and District CCG Newbury Pre Diabetes Project A real-world implementation of QDiabetes in a CCG Area Tim Walter Aims of the PreDM Project Raise awareness generally Lifestyle intervention for those at risk Early identification

714 views • 36 slides
Real-time in the real world Facilitator: Jamie Wood, Manager Clearing Systems, Payments NZ October

Real-time in the real world Facilitator: Jamie Wood, Manager Clearing Systems, Payments NZ October

Real-time in the real world Facilitator: Jamie Wood, Manager Clearing Systems, Payments NZ October 2018 Disclaimer This document is owned by Payments NZ and must not be copied, reproduced or distributed, in whole or in part, without the consent

416 views • 29 slides
PATIENT IDENTIFICATION SYSTEM Graham Blair, Angela Liu, Mark Tull Winter 2013 | CSE

PATIENT IDENTIFICATION SYSTEM Graham Blair, Angela Liu, Mark Tull Winter 2013 | CSE

IRIS PATIENT IDENTIFICATION SYSTEM Graham Blair, Angela Liu, Mark Tull Winter 2013 | CSE 490d / HCDE 595d with iRespond.org Problem 2 Part Problem 1. Identification of patients in developing world is very difficult. 2. Medical

614 views • 28 slides
Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory

Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory

Introduction Methodology Performance Evaluation Conclusions References Evaluating the Impact of Transactional Characteristics on the Performance of Transactional Memory Applications 1 Fernando Rui, 2 Mrcio Castro, 1 Dalvan Griebler, 1 Luiz

370 views • 16 slides
How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive

How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive

How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive Editor Scrip Bridget Silverman Presenters Managing Editor Pink Sheet Ben Gutierrez Head, US Value Evidence & Outcomes GlaxoSmithKline

371 views • 33 slides
Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting Students to and Through Market Value Asset Attainment 4th highest-ranked Strategic Plan Alignment Every student will demonstrate global

499 views • 24 slides
Real time reconstruction of the equilibrium of the plasma in a Tokamak and identification of the

Real time reconstruction of the equilibrium of the plasma in a Tokamak and identification of the

Real time reconstruction of the equilibrium of the plasma in a Tokamak and identification of the current density profile with the EQUINOX code Jacques Blum Cedric Boulbe Blaise Faugeras in collaboration with IRFM CEA and JET Universit e

378 views • 25 slides
THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept.

THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept.

THE PROBLEM OF PRIVATE IDENTIFICATION PROTOCOLS Ruxandra F. Olimid and Stig F. Mjlsnes Dept. of Information Security and Communication Technology, NTNU, Norway Real World Crypto 2018 Zurich, January 10 Motivation - LTE 2 LTE -

661 views • 25 slides
What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate ani- mals of terrestrial

What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate ani- mals of terrestrial

What Happened to the Dinosaurs? Dinosaurs were the dominant vertebrate ani- mals of terrestrial ecosystems for over 160 mil- lion years from about 230 million years ago to 65 million years ago. Recent research indicates that theropod dinosaurs

702 views • 34 slides
Disabilities Act (ADA), the Family and Medical Leave Act (FMLA), and Workers Compensation

Disabilities Act (ADA), the Family and Medical Leave Act (FMLA), and Workers Compensation

8/27/2014 Intersection of the Americans with Disabilities Act (ADA), the Family and Medical Leave Act (FMLA), and Workers Compensation Mid-Atlantic ADA Update Conference Baltimore, MD 9/18/14 Enforcement Guidance: Reasonable

402 views • 24 slides
Analysing the Rate of Change in a Longitudinal Study with Missing Data, Taking into Account the

Analysing the Rate of Change in a Longitudinal Study with Missing Data, Taking into Account the

Motivation Selection Models Results Conclusions & Future Work Analysing the Rate of Change in a Longitudinal Study with Missing Data, Taking into Account the Number of Contact Attempts Mouna Akacha Prof. Jane L. Hutton Department of

741 views • 59 slides
1/19/2016 Jacq Jacquely lyn C. C. Cam Campbell ll, , PhD PhD, RN, RN, FAA FAAN Jane net

1/19/2016 Jacq Jacquely lyn C. C. Cam Campbell ll, , PhD PhD, RN, RN, FAA FAAN Jane net

1/19/2016 Jacq Jacquely lyn C. C. Cam Campbell ll, , PhD PhD, RN, RN, FAA FAAN Jane net Su Sull lliv ivan W Wilson ilson, , PhD, R D, RN Jill T Ther eresa M esa Messing, M ng, MSW, W, P PhD Sh Sher eryl yll Brow l

333 views • 14 slides
Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

International Workshop on Spatial and Temporal Modeling from Statistical, Machine Learning and Engineering perspectives:STM2016 23 July 2016 Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy Protection

1.35k views • 79 slides
BIG THING Jyoti Bansal, Founder and CEO AGENDA 1 0 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1

BIG THING Jyoti Bansal, Founder and CEO AGENDA 1 0 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1

THE NEW GENERATION OF ENTERPRISE JAVA & .NET DESIGNING FOR THE NEXT BIG THING Jyoti Bansal, Founder and CEO AGENDA 1 0 1 0 1 0 1 1 0 1 0 1 0 1 1 0 1 0 1 0 1 0 1 Cloud 1 0 1 0 1 0 1 Big Data DevOps Managing Failure OPS Dev

647 views • 41 slides
New Real-time Applications PhD Peter Idestam-Almquist Starcounter AB New real time applications

New Real-time Applications PhD Peter Idestam-Almquist Starcounter AB New real time applications

NewSQL Database for New Real-time Applications PhD Peter Idestam-Almquist Starcounter AB New real time applications Millions of simultaneous online users. High degree of concurrency. Interactive applications (95% reads; 5% writes). 2

700 views • 38 slides
Time to Sputum Culture Conversion, identifying independent modifiable risk factors Nikhil

Time to Sputum Culture Conversion, identifying independent modifiable risk factors Nikhil

SOA07-1073-25 Time to Sputum Culture Conversion, identifying independent modifiable risk factors Nikhil Gupte, PhD Union 2018 Background and Rationale Time to sputum culture conversion is widely used surrogate marker in early phase

380 views • 11 slides

More recommend