Evaluation of Privacy Risks of Patients’ Data in China: Case Study

Background Patient privacy is a ubiquitous problem around the world. Many existing studies have demonstrated the potential privacy risks associated with sharing of biomedical data. Owing to the increasing need for data sharing and analysis, health care data privacy is drawing more attention. However, to better protect biomedical data privacy, it is essential to assess the privacy risk in the first place. Objective In China, there is no clear regulation for health systems to deidentify data. It is also not known whether a mechanism such as the Health Insurance Portability and Accountability Act (HIPAA) safe harbor policy will achieve sufficient protection. This study aimed to conduct a pilot study using patient data from Chinese hospitals to understand and quantify the privacy risks of Chinese patients. Methods We used g-distinct analysis to evaluate the reidentification risks with regard to the HIPAA safe harbor approach when applied to Chinese patients’ data. More specifically, we estimated the risks based on the HIPAA safe harbor and limited dataset policies by assuming an attacker has background knowledge of the patient from the public domain. Results The experiments were conducted on 0.83 million patients (with data field of date of birth, gender, and surrogate ZIP codes generated based on home address) across 33 provincial-level administrative divisions in China. Under the Limited Dataset policy, 19.58% (163,262/833,235) of the population could be uniquely identifiable under the g-distinct metric (ie, 1-distinct). In contrast, the Safe Harbor policy is able to significantly reduce privacy risk, where only 0.072% (601/833,235) of individuals are uniquely identifiable, and the majority of the population is 3000 indistinguishable (ie the population is expected to share common attributes with 3000 or less people). Conclusions Through the experiments based on real-world patient data, this work illustrates that the results of g-distinct analysis about Chinese patient privacy risk are similar to those from a previous US study, in which data from different organizations/regions might be vulnerable to different reidentification risks under different policies. This work provides reference to Chinese health care entities for estimating patients’ privacy risk during data sharing, which laid the foundation of privacy risk study about Chinese patients’ data in the future.

Download Full-text

Evaluation of Privacy Risks of Patients’ Data in China: Case Study (Preprint)

10.2196/preprints.13046 ◽

2018 ◽

Author(s):

Mengchun Gong ◽

Shuang Wang ◽

Lezi Wang ◽

Chao Liu ◽

Jianyang Wang ◽

...

Keyword(s):

Health Care ◽

Data Sharing ◽

Data Privacy ◽

Patient Data ◽

Chinese Patients ◽

Biomedical Data ◽

Safe Harbor ◽

Patient Privacy ◽

Privacy Risk ◽

Privacy Risks

BACKGROUND Patient privacy is a ubiquitous problem around the world. Many existing studies have demonstrated the potential privacy risks associated with sharing of biomedical data. Owing to the increasing need for data sharing and analysis, health care data privacy is drawing more attention. However, to better protect biomedical data privacy, it is essential to assess the privacy risk in the first place. OBJECTIVE In China, there is no clear regulation for health systems to deidentify data. It is also not known whether a mechanism such as the Health Insurance Portability and Accountability Act (HIPAA) safe harbor policy will achieve sufficient protection. This study aimed to conduct a pilot study using patient data from Chinese hospitals to understand and quantify the privacy risks of Chinese patients. METHODS We used g-distinct analysis to evaluate the reidentification risks with regard to the HIPAA safe harbor approach when applied to Chinese patients’ data. More specifically, we estimated the risks based on the HIPAA safe harbor and limited dataset policies by assuming an attacker has background knowledge of the patient from the public domain. RESULTS The experiments were conducted on 0.83 million patients (with data field of <i>date of birth, gender, and surrogate ZIP codes</i> generated based on home address) across 33 provincial-level administrative divisions in China. Under the Limited Dataset policy, 19.58% (163,262/833,235) of the population could be uniquely identifiable under the g-distinct metric (ie, 1-distinct). In contrast, the Safe Harbor policy is able to significantly reduce privacy risk, where only 0.072% (601/833,235) of individuals are uniquely identifiable, and the majority of the population is 3000 indistinguishable (ie the population is expected to share common attributes with 3000 or less people). CONCLUSIONS Through the experiments based on real-world patient data, this work illustrates that the results of g-distinct analysis about Chinese patient privacy risk are similar to those from a previous US study, in which data from different organizations/regions might be vulnerable to different reidentification risks under different policies. This work provides reference to Chinese health care entities for estimating patients’ privacy risk during data sharing, which laid the foundation of privacy risk study about Chinese patients’ data in the future.

Download Full-text

Between Access and Privacy: Challenges in Sharing Health Data

Yearbook of Medical Informatics ◽

10.1055/s-0038-1641216 ◽

2018 ◽

Vol 27 (01) ◽

pp. 055-059 ◽

Cited By ~ 5

Author(s):

Bradley Malin ◽

Kenneth Goodman ◽

Keyword(s):

Data Sharing ◽

Digital Library ◽

Selection Process ◽

Data Access ◽

Biomedical Data ◽

Game Theoretic ◽

Privacy Risks ◽

Cryptographic Techniques ◽

Selection Of

Objective: To summarize notable research contributions published in 2017 on data sharing and privacy issues in medical informatics. Methods: An extensive search of PubMed/Medline, Web of Science, ACM Digital Library, IEEE Xplore, and AAAI Digital Library was conducted to uncover the scientific contributions published in 2017 that addressed issues of biomedical data sharing, with a focus on data access and privacy. The selection process was based on three steps: (i) a selection of candidate best papers, (ii) the review of the candidate best papers by a team of international experts with respect to six predefined criteria, and (iii) the selection of the best papers by the editorial board of the Yearbook. Results: Five best papers were selected. They cover the lifecycle of biomedical data collection, use, and sharing. The papers introduce 1) consenting strategies for emerging environments, 2) software for searching and retrieving datasets in organizationally distributed environments, 3) approaches to measure the privacy risks of sharing new data increasingly utilized in research and the clinical setting (e.g., genomic), 4) new cryptographic techniques for querying clinical data for cohort discovery, and 5) novel game theoretic strategies for publishing summary information about genome-phenome studies that balance the utility of the data with potential privacy risks to the participants of such studies. Conclusion: The papers illustrated that there is no one-size-fitsall solution to privacy while working with biomedical data. At the same time, the papers show that there are opportunities for leveraging newly emerging technologies to enable data use while minimizing privacy risks.

Download Full-text

Privacy-Preserving Pandemic Monitoring

Advances in Data Mining and Database Management - Data Science Advancements in Pandemic and Outbreak Management ◽

10.4018/978-1-7998-6736-4.ch010 ◽

2021 ◽

pp. 194-206

Author(s):

Thu Yein Win ◽

Hugo Tianfield

Keyword(s):

Public Health ◽

Data Sharing ◽

Data Privacy ◽

Privacy Preserving ◽

Patient Data ◽

Future Research ◽

Health Safety ◽

Patient Data Privacy ◽

Significant Challenge ◽

The World

The recent COVID-19 pandemic has presented a significant challenge for health organisations around the world in providing treatment and ensuring public health safety. While this has highlighted the importance of data sharing amongst them, it has also highlighted the importance of ensuring patient data privacy in doing so. This chapter explores the different techniques which facilitate this, along with their overall implementations. It first provides an overview of pandemic monitoring and the privacy implications associated with it. It then explores the different privacy-preserving approaches that have been used in existing research. It also explores the strengths as well as their limitations, along with possible areas for future research.

Download Full-text

Blockchain Implementation in Health Care: Protocol for a Systematic Review (Preprint)

10.2196/preprints.10994 ◽

2018 ◽

Author(s):

Edward Meinert ◽

Abrar Alturkistani ◽

Kimberley A Foley ◽

Tasnime Osama ◽

Josip Car ◽

...

Keyword(s):

Health Care ◽

Health Care Providers ◽

Data Privacy ◽

Patient Data ◽

Risk Of Bias ◽

Care Providers ◽

Data Interoperability ◽

Care Protocol ◽

Patient Consent

BACKGROUND A blockchain is a digitized, decentralized, distributed public ledger that acts as a shared and synchronized database that records cryptocurrency transactions. Despite the shift toward digital platforms enabled by electronic medical records, demonstrating a will to reform the health care sector, health systems face issues including security, interoperability, data fragmentation, timely access to patient data, and silos. The application of health care blockchains could enable data interoperability, enhancement of precision medicine, and reduction in prescription frauds through implementing novel methods in access and patient consent. OBJECTIVE To summarize the evidence on the strategies and frameworks utilized to implement blockchains for patient data in health care to ensure privacy and improve interoperability and scalability. It is anticipated this review will assist in the development of recommendations that will assist key stakeholders in health care blockchain implementation, and we predict that the evidence generated will challenge the health care status quo, moving away from more traditional approaches and facilitating decision making of patients, health care providers, and researchers. METHODS A systematic search of MEDLINE/PubMed, Embase, Scopus, ProQuest Technology Collection and Engineering Index will be conducted. Two experienced independent reviewers will conduct titles and abstract screening followed by full-text reading to determine study eligibility. Data will then be extracted onto data extraction forms before using the Cochrane Collaboration Risk of Bias Tool to appraise the quality of included randomized studies and the Risk of Bias in nonrandomized studies of Interventions to assess the quality of nonrandomized studies. Data will then be analyzed and synthesized. RESULTS Database searches will be initiated in September 2018. We expect to complete the review in January 2019. CONCLUSIONS This review will summarize the strategies and frameworks used to implement blockchains in health care to increase data privacy, interoperability, and scalability. This review will also help clarify if the strategies and frameworks required for the operationalization of blockchains in health care ensure the privacy of patient data while enabling efficiency, interoperability, and scalability.

Download Full-text

System for Control and Management of Data Privacy of Patients with COVID-19

10.20944/preprints202007.0369.v1 ◽

2020 ◽

Author(s):

Arielle Verri Lucca ◽

Rodrigo Luchtenberg ◽

Leonardo Garcez de Paula Conceicao ◽

Luis Augusto Silva ◽

Raúl García Ovejero ◽

...

Keyword(s):

Control Patient ◽

Data Privacy ◽

Hospital Setting ◽

Patient Data ◽

Patient Privacy ◽

Control And Management

The COVID-19 pandemic plagues the whole world, bringing numerous challenges which need to be addressed. One of them is the privacy of patient data. There are several problems related to data privacy in IoT environments, the use of applications, devices, and functionalities in hospital processes. Therefore, we have compared works from the literature and developed a taxonomy consisting of the requirements necessary to control patient privacy data in a hospital setting in the current pandemic. Based on the studies, an application was modeled and implemented. According to the tests and comparisons drawn between the variables, the application yielded satisfactory results.

Download Full-text

Author Correction: Deep transfer learning for reducing health care disparities arising from biomedical data inequality

Nature Communications ◽

10.1038/s41467-020-20480-x ◽

2020 ◽

Vol 11 (1) ◽

Author(s):

Yan Gao ◽

Yan Cui

Keyword(s):

Health Care ◽

Transfer Learning ◽

Health Care Disparities ◽

Biomedical Data

A Correction to this paper has been published: https://doi.org/10.1038/s41467-020-20480-x

Download Full-text

Data Dentistry: How Data Are Changing Clinical Care and Research

Journal of Dental Research ◽

10.1177/00220345211020265 ◽

2021 ◽

pp. 002203452110202

Author(s):

F. Schwendicke ◽

J. Krois

Keyword(s):

Health Care ◽

Data Sharing ◽

Clinical Care ◽

Open Data ◽

User Interaction ◽

Data Availability ◽

Related Data ◽

Data User ◽

Regulatory Data ◽

Consumer Data

Data are a key resource for modern societies and expected to improve quality, accessibility, affordability, safety, and equity of health care. Dental care and research are currently transforming into what we term data dentistry, with 3 main applications: 1) medical data analysis uses deep learning, allowing one to master unprecedented amounts of data (language, speech, imagery) and put them to productive use. 2) Data-enriched clinical care integrates data from individual (e.g., demographic, social, clinical and omics data, consumer data), setting (e.g., geospatial, environmental, provider-related data), and systems level (payer or regulatory data to characterize input, throughput, output, and outcomes of health care) to provide a comprehensive and continuous real-time assessment of biologic perturbations, individual behaviors, and context. Such care may contribute to a deeper understanding of health and disease and a more precise, personalized, predictive, and preventive care. 3) Data for research include open research data and data sharing, allowing one to appraise, benchmark, pool, replicate, and reuse data. Concerns and confidence into data-driven applications, stakeholders’ and system’s capabilities, and lack of data standardization and harmonization currently limit the development and implementation of data dentistry. Aspects of bias and data-user interaction require attention. Action items for the dental community circle around increasing data availability, refinement, and usage; demonstrating safety, value, and usefulness of applications; educating the dental workforce and consumers; providing performant and standardized infrastructure and processes; and incentivizing and adopting open data and data sharing.

Download Full-text