IDEAS home Printed from https://ideas.repec.org/a/igg/jhisi0/v7y2012i4p48-58.html
   My bibliography  Save this article

No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases

Author

Listed:
  • Nan Zhang

    (Department of Computer Science, George Washington University, Washington, DC, USA)

  • Liam O’Neill

    (School of Public Health, University of North Texas Health Science Center at Fort Worth, Fort Worth, TX, USA)

  • Gautam Das

    (Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, TX, USA)

  • Xiuzhen Cheng

    (Department of Computer Science, George Washington University, Washington, DC, USA)

  • Heng Huang

    (Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, TX, USA)

Abstract

In accordance with HIPAA regulations, patients’ personal information is typically removed or generalized prior to being released as public data files. However, it is not known if the standard method of de-identification is sufficient to prevent re-identification by an intruder. The authors conducted analytical processing to identify security vulnerabilities in the protocols to de-identify hospital data. Their techniques for discovering privacy leakage utilized three disclosure channels: (1) data inter-dependency, (2) biomedical domain knowledge, and (3) suppression algorithms and partial suppression results. One state’s inpatient discharge data set was used to represent the current practice of de-identification of health care data, where a systematic approach had been employed to suppress certain elements of the patient’s record. Of the 1,098 records for which the hospital ID was suppressed, the original hospital ID was recovered for 616 records, leading to a nullification rate of 56.1%. Utilizing domain knowledge based on the patient’s Diagnosis Related Group (DRG) code, the authors recovered the real age of 64 patients, the gender of 83 male patients and 713 female patients. They also successfully identified the ZIP code of 1,219 patients. The procedure used to de-identify hospital records was found to be inadequate to prevent disclosure of patient information. As the masking procedure described was found to be reversible, this increases the risk that an intruder could use this information to re-identify individual patients.

Suggested Citation

  • Nan Zhang & Liam O’Neill & Gautam Das & Xiuzhen Cheng & Heng Huang, 2012. "No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases," International Journal of Healthcare Information Systems and Informatics (IJHISI), IGI Global, vol. 7(4), pages 48-58, October.
  • Handle: RePEc:igg:jhisi0:v:7:y:2012:i:4:p:48-58
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/jhisi.2012100104
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jhisi0:v:7:y:2012:i:4:p:48-58. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.