the case for de identification
play

The Case for De-identification Khaled El Emam uOttawa & CHEO RI - PDF document

Aug 18, 2023 •170 likes •413 views

The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1 Section 1 Electronic Health Information

  1. The Case for De-identification Khaled El Emam uOttawa & CHEO RI Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 1

  2. Section 1 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Benefits of Sharing Data • Many benefits to sharing data (as an M b fit t h i d t ( example for research data): – Confirm published results – Availability of data for meta-analyses – Feedback to improve data quality – Cost savings from not collecting the data Cost savings from not collecting the data again – Minimize need for participants to provide data repeatedly – Data for instruction and education Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 2

  3. I ncreased Demand for Health Data • More data needed for research purposes - M d t d d f h some in the health research community have phrased the stakes as: “It’s a matter of life and death” • Public health needs more data to detect and manage disease outbreaks • With better data we can find efficiencies in the healthcare system • Advertising and marketing efforts can be more targeted if detailed consumer/ patient information is available Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Case for De-identification • We make the case that de- W k th th t d identification is the main reasonable approach for many instances of sharing health information for secondary purposes under the legal framework that exists today that exists today Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 3

  4. Summary of Case • Better risk management for internal uses B tt i k t f i t l • Custodians reluctant to share data even when permitted • Current consent models have disadvantages – de-id the alternative • Breach notification not required if data is de-identified • Unexpected uses and disclosures – avoid surprises and retain value in data if it is de-identified • Privacy protective behaviors by the public and erosion of trust • Alternative access methods have important disadvantages Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Limiting Principles • Do not collect, use, or disclose PHI if other D t ll t di l PHI if th information will serve the purpose • For example, even if it is easier to disclose a whole record, that should not be done if lesser information will reasonably satisfy the purpose • De-identification would be one element in limiting the amount of PHI that is collected/ used/ disclosed • Same as “minimal necessary” criterion in the US Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 4

  5. Section 2 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Secondary Use/ Disclosure disclosure collection recipient individuals custodian agent custodian use disclosure Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 5

  6. Data Flows • Mandatory disclosures M d t di l • Uses by an agent for secondary purposes • Permitted discretionary disclosures for secondary purposes (e.g., public health and research) d h) • Other disclosures for secondary purposes (e.g., marketing) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 3 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 6

  7. Uses by Agents • Data breaches by insiders are relatively D t b h b i id l ti l common (between a quarter and half): – Malicious: financial gain, revenge, dismissal – Accidental: loss of equipment, inadvertent disclosure • Applies to sub-contractors as well • De-identification of internally used data D id tifi ti f i t ll d d t protects against these internal breaches Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 4 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 7

  8. Discretionary Disclosures • In many cases the data custodians do not I th d t t di d t want to disclose patient information unless it is de-identified, even if it is permitted, e.g., for public health purposes • Providers are also concerned about their own privacy • Most are willing to disclose patient data if it is de-identified Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 5 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 8

  9. Obtaining Consent - I • Sometimes it is not possible or S ti it i t ibl practical to obtain individual consent: – Making contact to obtain consent may reveal the individual’s condition to others against their wishes – The size of the population may be too large The size of the population may be too large to obtain consent from everyone – Many patients may have relocated or died Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Obtaining Consent - I I – There may be a lack of existing or Th b l k f i ti continuing relationship with the patients – There is a risk of inflicting psychological, social or other harm by contacting individuals or their families in delicate circumstances – It would be difficult to contact individuals through advertisements and other public notices Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 9

  10. I mpact of Obtaining Consent • In the case where explicit individual I th h li it i di id l consent is used, consenters and non- consenters differ on: – age, sex, race, marital status, educational level, socioeconomic status, health status, mortality, lifestyle factors, functioning o a y, y a o , u o g • The consent rate for express consent varied from 16% to 93% Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 6 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 10

  11. Data Breach Notification • The number of records involved in Th b f d i l d i known data breaches is very high • Many jurisdictions have breach notification laws • Breaches involving de-identified data need not be reported d b d Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Data Breach Notification Costs • Negative impact on share price N ti i t h i • Reduced loyalty and trust from clients, and discontinuing relationship with custodian • Cost to custodian ~ $300 per individual (notification, compensation, ( f investigation, penalties, and litigation) Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 11

  12. What are they worth ? • Medical records may contain financial M di l d t i fi i l information • Financial value in medical records themselves • Extortion attempts Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Sale of Healthcare Data - I Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 12

  13. Sale of Healthcare Data - I I Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 13

  14. Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Section 7 Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 14

  15. Compelled Disclosures • There are many instances where Th i t h individuals have no choice but to disclose information: – To obtain a service – more difficult with governments because they have a monopoly on some services o opo y o o – Prosecution • The public should demand that data be de-identified at the earliest opportunity Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca Electronic Health Information Laboratory, CHEO Research Institute, 401 Smyth Road, Ottawa K1H 8L1, Ontario; www.ehealthinformation.ca 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Identification of Bug-fix Commits: The Case of GitHub Projects Yujuan Jiang, Rodrigo

Automatic Identification of Bug-fix Commits: The Case of GitHub Projects Yujuan Jiang, Rodrigo

Automatic Identification of Bug-fix Commits: The Case of GitHub Projects Yujuan Jiang, Rodrigo Morales, Bram Adams, Foutse Khom 1 Case study projects Approach Research questions Result (so far) 2 Case Study Projects key words:

642 views • 34 slides
Outcomes in social communication intervention: the case for mechanism identification and

Outcomes in social communication intervention: the case for mechanism identification and

Outcomes in social communication intervention: the case for mechanism identification and individualization of therapy Dr Catherine Adams University of Limerick 3 May 2017 Outline Social Communication Intervention programme and project

627 views • 35 slides
RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard

RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard

RESTifying WS-* Services A Case Study in RFID (Radio Frequency IDentification) Dominique Guinard SAP Research & ETH Zurich Mathias Mueller University of Fribourg 167 Todays Menu 1. Background: > The global RFID network in a

325 views • 19 slides
RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software

RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software

RISK IDENTIFICATION Everything your competitor knows about Risk Identification on Software projects David OBrien | PMI Ireland Chapter 23 03 2020 Let Risk identification is your super-power Risk Identification 30 MARCH 2020 2 RISK

375 views • 22 slides
Protocol Identification via Statistical Analysis (PISA) BlackHat 2007 Rohit Dhamankar and Rob

Protocol Identification via Statistical Analysis (PISA) BlackHat 2007 Rohit Dhamankar and Rob

Protocol Identification via Statistical Analysis (PISA) BlackHat 2007 Rohit Dhamankar and Rob King Agenda Why PISA? Generalized Traffic Identification Axes Case Study: Skype Ongoing Work Why PISA? The Problem Encrypted

617 views • 30 slides
Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in

Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in

Introduction Formulation of the . . . Straightforward . . . Identification of Human Gait Why Fourier-Based . . . Why Fourier-Based . . . in Neuro-Rehabilitation: Shift Detection: . . . Towards Efficient Algorithms General Case Conclusions

502 views • 10 slides
Hour #1: Passwords Identification, Authentication, and Authorization Identification: You

Hour #1: Passwords Identification, Authentication, and Authorization Identification: You

CSCI E-170 Computer Security, Usability & Privacy Hour #1: Passwords Identification, Authentication, and Authorization Identification: You give your name Authentication: Youve proven that its really you.

486 views • 31 slides
Automated Identification and Discarding of Low-Quality External Medication Information in an

Automated Identification and Discarding of Low-Quality External Medication Information in an

Automated Identification and Discarding of Low-Quality External Medication Information in an Electronic Health Record S05: Applications for Quality and Efficiency Improvement Processes Nicholas Riley, MD, PhD Clinical Informatics Fellow Case

243 views • 20 slides
Gem Identification Gem Identification There are approx. 4000 minerals Approx. 100 are

Gem Identification Gem Identification There are approx. 4000 minerals Approx. 100 are

Gem Identification Gem Identification There are approx. 4000 minerals Approx. 100 are classified as gem species. They are found in gem quality. The gem quality has the attributes of a gemstone beauty, durability, rarity, and

613 views • 42 slides
Problem Identification and Resolution Using PMM - A Case Study Johan Nilsson - Verisure Michael

Problem Identification and Resolution Using PMM - A Case Study Johan Nilsson - Verisure Michael

Problem Identification and Resolution Using PMM - A Case Study Johan Nilsson - Verisure Michael Coburn - Percona About Us Michael Coburn Johan Nilsson Product Manager, Percona Senior DBA, Verisure Innovation, Sweden PMM and Percona

297 views • 29 slides
IconIntent : Automatic Identification of Sensitive UI Widgets based on Icon Classification for

IconIntent : Automatic Identification of Sensitive UI Widgets based on Icon Classification for

IconIntent : Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android Apps Xusheng Xiao 1 , XiaoyinWang 2 , Zhihao Cao 1 , HanlinWang 1 , and Peng Gao 3 1 Case Western Reserve University 2 The University of Texas at

491 views • 19 slides
EASM 2014 Individuals characterized with high team identification would be more involved with a

EASM 2014 Individuals characterized with high team identification would be more involved with a

Examination on the Relationship Among School Identification, Team Identification, and Sport Consumption of College Students Submitting author: Dr Li-Shiue Gau Asia University, Taiwan, Taichung, 41354 Taiwan All authors: Jong-Chae Kim,

525 views • 3 slides
Case Study: Jackie Ensley, MLS(ASCP) CM SBB CM Immunohematology Reference Laboratory Manager

Case Study: Jackie Ensley, MLS(ASCP) CM SBB CM Immunohematology Reference Laboratory Manager

Case Study: Jackie Ensley, MLS(ASCP) CM SBB CM Immunohematology Reference Laboratory Manager Kentucky Blood Center 1 Objectives 1. To discuss a case study which required more complex antibody detection and identification 2. To review

466 views • 27 slides
Hazard Identification & Control Contents Hazard Identification & Control Hazard Alert

Hazard Identification & Control Contents Hazard Identification & Control Hazard Alert

Hazard Identification & Control Contents Hazard Identification & Control Hazard Alert Form Hazard Tracking Log Quiz Employer / Instructor Notes: 1. Review Hazard Identification and Control and the Quiz (prior to conducting

192 views • 8 slides
Identification of Joint Impedance tools for understanding the human motion system, treatment

Identification of Joint Impedance tools for understanding the human motion system, treatment

Identification of Joint Impedance tools for understanding the human motion system, treatment selection and evaluation Lecture 12 SIPE 2010 Case Studies Erwin de Vlugt, PhD Delft University of Technology Delft-Leiden Research Connection

361 views • 32 slides
Religious Profile: Jewish Identification 2 Jewish Identification (Jewish Households)

Religious Profile: Jewish Identification 2 Jewish Identification (Jewish Households)

1 1 Religious Profile: Jewish Identification 2 Jewish Identification (Jewish Households) Reconstructionist Conservative 2% 20% Orthodox 9% Reform 35% Humanist 4% Just Jewish 31% 3 Jewish Identification (Jewish Persons) Conservative

1.59k views • 119 slides
3 rd Quarter 2013 Analyst/Investor Briefing 18 Nov 2013 5.00pm TH PLANTATIONS BERHAD (Company

3 rd Quarter 2013 Analyst/Investor Briefing 18 Nov 2013 5.00pm TH PLANTATIONS BERHAD (Company

3 rd Quarter 2013 Analyst/Investor Briefing 18 Nov 2013 5.00pm TH PLANTATIONS BERHAD (Company No: 12696-M) Presented by: Dato Zainal Azwar Zainal Aminuddin Chief Executive Officer 1 TH PLANTATIONS BERHAD (Company No: 12696-M)

291 views • 25 slides
Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu

Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu

Case Method and Integration of Academic Activities T. Grandon Gill Professor grandon@usf.edu Overview What is the case method? Pedagogy Different types of case study and how they are used Facilitating case discussions in the

731 views • 30 slides
Exploring Knowledge Bases for Similarity Eneko Agirre , Montse Cuadros German Rigau ,

Exploring Knowledge Bases for Similarity Eneko Agirre , Montse Cuadros German Rigau ,

Exploring Knowledge Bases for Similarity Eneko Agirre , Montse Cuadros German Rigau , Aitor Soroa IXA NLP Group, University of the Basque Country, Donostia, Basque Country, e.agirre@ehu.es, german.rigau@ehu.es, a.soroa@ehu.es

649 views • 40 slides
Advanced UNIX CIS 218 Advanced UNIX Regular Expressions See also: www.regex101.com

Advanced UNIX CIS 218 Advanced UNIX Regular Expressions See also: www.regex101.com

Advanced UNIX CIS 218 Advanced UNIX Regular Expressions See also: www.regex101.com www.regexr.com 1 CIS 218 Advanced UNIX Why Regular Expressions? To locate text To change text To delineate metacharacters from ordinary characters

224 views • 21 slides
2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today

2016 First Quarter Update May 4, 2016 Safe Harbor Statement Some of what well discuss today concerning future company performance will be forward-looking information within the meanings of the securities laws. Actual results may materially

250 views • 11 slides
Preliminary results from Quad test beam Kees Ligtenberg LC-TPC Colloboration meeting January 7,

Preliminary results from Quad test beam Kees Ligtenberg LC-TPC Colloboration meeting January 7,

Preliminary results from Quad test beam Kees Ligtenberg LC-TPC Colloboration meeting January 7, 2019 Kees Ligtenberg (Nikhef) Results from Quad test beam January 7, 2019 1 / 14 Table of Contents Introduction 1 Synchronization issues 2

603 views • 16 slides
Soay sheep, Ovis aries Island of Soay, viewed from Hirta Images courtesy Soay Sheep Breeders Coop,

Soay sheep, Ovis aries Island of Soay, viewed from Hirta Images courtesy Soay Sheep Breeders Coop,

Soay sheep, Ovis aries Island of Soay, viewed from Hirta Images courtesy Soay Sheep Breeders Coop, U of Sheffield Demographic projection matrices A demographic projection matrix is the (square) matrix formed by collecting the average transitions

344 views • 7 slides
Scalable Synthesis with Symbolic Syntax Graphs Rohin Shah, Sumith Kulal , Ras Bodik UC Berkeley,

Scalable Synthesis with Symbolic Syntax Graphs Rohin Shah, Sumith Kulal , Ras Bodik UC Berkeley,

Scalable Synthesis with Symbolic Syntax Graphs Rohin Shah, Sumith Kulal , Ras Bodik UC Berkeley, IIT Bombay and UW 18 July 2018, Oxford UK [Solar-Lezama et al. ASPLOS06] Combinatorial Sketching for Finite Programs Sketching also promises to

652 views • 30 slides

More recommend