Perceived Risk of Re-identification in OMOP-CDM Database: A Cross-Sectional Survey (Preprint)
BACKGROUND The advancement of information technology has immensely increased the quality and volume of health data. This has led to an increase in observational study, as well as to the threat of privacy invasion. Recently, a distributed research network based on the common data model (CDM) has emerged, enabling collaborative international medical research without sharing patient-level data. Although the CDM database for each institution is built inside a firewall, the risk of re-identification requires management. OBJECTIVE This study aims to elucidate the perceptions CDM users have towards CDM and risk management for re-identification. METHODS The survey, targeted to answer specific in-depth questions on CDM, was conducted from October - November 2020. We targeted well-experienced researchers who actively use CDM. Basic statistics (total number and percent) were computed for all covariates. RESULTS There were 33 valid respondents. Of these, 43.8% demonstrated supplementary privacy measures were unnecessary, as the “minimum cell count” parameter was effective in minimizing the liability of re-identification. During extract-transform-load processes, 81.8% of respondents assumed structured data is under control from the risk of re-identification. However, respondents noted that date of birth and death were highly re-identifiable information. The majority of respondents (n=22, 66.7%) conceded the possibility of identifier-contained unstructured data in the NOTE table. CONCLUSIONS Overall, CDM users generally attributed high reliability for privacy protection to the intrinsic nature of CDM. There was little demand for additional de-identification methods. However, unstructured data in the CDM were suspected to have risks. The necessity for a coordinating consortium to define and manage the re-identification risk of CDM was urged.