A risk-based framework for biomedical data sharing

The problem of biomedical data sharing is a form of gambling; on one hand it incurs the risk of privacy violations and on the other it stands to profit from knowledge discovery. In general, the risk of granting data access to a user depends heavily upon the data requested, the purpose for the access, the user requesting the data (user motives) and the security of the user's environment. While traditional manual biomedical data sharing processes (based on institutional review boards) are lengthy and demanding, the automated ones (known as honest broker systems) disregard the individualities of different requests and offer "one-size-fits-all" solutions to all data requestors. In this manuscript, we propose a conceptual risk-aware data sharing system; the system brings the concept of risk, from all contextual information surrounding a data request, into the data disclosure decision module. The decision module, in turn, imposes mitigation measures to counter the calculated risk.

[1]  Khaled El Emam,et al.  Protecting privacy using k-anonymity. , 2008, Journal of the American Medical Informatics Association : JAMIA.

[2]  Ashwin Machanavajjhala,et al.  l-Diversity: Privacy Beyond k-Anonymity , 2006, ICDE.

[3]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[4]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[5]  K. Emam,et al.  Evaluating the Risk of Re-identification of Patients from Hospital Prescription Records. , 2009, The Canadian journal of hospital pharmacy.

[6]  John F. Roddick,et al.  Detecting Privacy and Ethical Sensitivity in Data Mining Results , 2004, ACSC.

[7]  E. Clayton,et al.  Principles of Human Subjects Protections Applied in an Opt‐Out, De‐identified Biobank , 2010, Clinical and translational science.

[8]  B S Erdal,et al.  A Database De-identification Framework to Enable Direct Queries on Medical Data for Secondary Use , 2012, Methods of Information in Medicine.

[9]  Paul S. Appelbaum,et al.  Informed consent for return of incidental findings in genomic research , 2013, Genetics in Medicine.

[10]  Ken Barker,et al.  A Data Privacy Taxonomy , 2009, BNCOD.

[11]  Bradley Malin,et al.  Biomedical data privacy: problems, perspectives, and recent advances , 2013, J. Am. Medical Informatics Assoc..

[12]  Isao Echizen,et al.  New Approach to Quantification of Privacy on Social Network Sites , 2010, 2010 24th IEEE International Conference on Advanced Information Networking and Applications.

[13]  Bruce Schneier,et al.  Architecture of Privacy , 2009, IEEE Security & Privacy Magazine.

[14]  Alessandro Armando,et al.  Risk-Aware Information Disclosure , 2014, DPM/SETOP/QASA.

[15]  Khaled El Emam,et al.  Practicing Differential Privacy in Health Care: A Review , 2013, Trans. Data Priv..

[16]  Soo-Yong Shin,et al.  Lessons Learned from Development of De-identification System for Biomedical Research in a Korean Tertiary Hospital , 2013, Healthcare informatics research.

[17]  A. Schuchat DEPARTMENT OF HEALTH & HUMAN SERVICES , 2015 .

[18]  Deborah G Graham,et al.  The IRB Challenge for Practice-based Research: Strategies of the American Academy of Family Physicians National Research Network (AAFP NRN) , 2007, The Journal of the American Board of Family Medicine.

[19]  Insup Lee,et al.  Privacy apis: formal models for analyzing legal privacy requirements , 2008 .

[20]  A. Westin Social and Political Dimensions of Privacy , 2003 .

[21]  Joshua C. Denny,et al.  Enabling Genomic-Phenomic Association Discovery without Sacrificing Anonymity , 2013, PloS one.

[22]  A. Adams,et al.  The Implications of Users ' Multimedia Privacy Perceptions on Communication and Information Privacy Policies , 1999 .

[23]  Carl A. Gunter,et al.  Privacy in the Genomic Era , 2014, ACM Comput. Surv..

[24]  Khaled El Emam,et al.  A method for managing re-identification risk from small geographic areas in Canada , 2010, BMC Medical Informatics Decis. Mak..

[25]  Bradley Malin,et al.  Evaluating re-identification risks with respect to the HIPAA privacy rule , 2010, J. Am. Medical Informatics Assoc..

[26]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[27]  D. Roden,et al.  Development of a Large‐Scale De‐Identified DNA Biobank to Enable Personalized Medicine , 2008, Clinical pharmacology and therapeutics.

[28]  B. Lo,et al.  Human Subjects Issues and IRB Review in Practice-Based Research , 2005, The Annals of Family Medicine.

[29]  Francesco Bonchi,et al.  A Survey of Challenges and Solutions for Privacy in Clinical Genomics Data Mining , 2010 .

[30]  Elisa Bertino,et al.  Privacy Protection , 2022 .

[31]  Katherine L Kahn,et al.  Burdens on research imposed by institutional review boards: the state of the evidence and its implications for regulatory reform. , 2011, The Milbank quarterly.

[32]  Zhen Lin,et al.  Genomic Research and Human Subject Privacy , 2004, Science.

[33]  Elena Ferrari,et al.  Towards a Modeling and Analysis Framework for Privacy-Aware Systems , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[34]  Ravi S. Sandhu,et al.  An Attribute Based Framework for Risk-Adaptive Access Control Models , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[35]  Khaled El Emam,et al.  Risk-Based De-Identification of Health Data , 2010, IEEE Secur. Priv..

[36]  Khaled El Emam,et al.  The Case for De-Identifying Personal Health Information , 2011 .

[37]  Khaled El Emam,et al.  Estimating the re-identification risk of clinical data sets , 2012, BMC Medical Informatics and Decision Making.

[38]  Anind K. Dey,et al.  A Conceptual Model and a Metaphor of Everyday Privacy in Ubiquitous , 2002 .

[39]  Rajiv Dhir,et al.  A multidisciplinary approach to honest broker services for tissue banks and clinical data , 2008, Cancer.

[40]  Wendy A. Wolf,et al.  The eMERGE Network: A consortium of biorepositories linked to electronic medical records data for conducting genomic studies , 2011, BMC Medical Genomics.

[41]  Bradley Malin,et al.  Never too old for anonymity: a statistical standard for demographic data sharing via the HIPAA Privacy Rule , 2011, J. Am. Medical Informatics Assoc..

[42]  D. Richard Kuhn,et al.  Role-Based Access Controls , 2009, ArXiv.

[43]  Julio C. Facelli,et al.  A domain analysis model for eIRB systems: Addressing the weak link in clinical research informatics , 2014, J. Biomed. Informatics.

[44]  Robert Kevin Grigsby,et al.  Federal Policy for the Protection of Human Subjects , 1993, Research on social work practice.

[45]  Ashwin Machanavajjhala,et al.  Privacy-Preserving Data Publishing , 2009, Found. Trends Databases.

[46]  Ken Barker,et al.  Quantifying Privacy Violations , 2011, Secure Data Management.

[47]  Cognitive Board on Behavioral Federal Policy for the Protection of Human Subjects (“Common Rule”) , 2014 .

[48]  Rashid Al-Ali,et al.  A Theoretical Multi-level Privacy Protection Framework for Biomedical Data Warehouses , 2015, EUSPN/ICTH.

[49]  Fida K Dankar,et al.  The development of large-scale de-identified biomedical databases in the age of genomics—principles and challenges , 2018, Human Genomics.

[50]  Khaled El Emam,et al.  Evaluating the risk of patient re-identification from adverse drug event reports , 2013, BMC Medical Informatics and Decision Making.

[51]  Griffin M. Weber,et al.  Serving the enterprise and beyond with informatics for integrating biology and the bedside (i2b2) , 2010, J. Am. Medical Informatics Assoc..