A Determination Scheme for Quasi-Identifiers Using Uniqueness and Influence for De-Identification of Clinical Data

Objectives; The accumulation and usefulness of clinical data have increased with IT development. While using clinical data that needs to be identifiable to obtain meaningful information, it is essential to ensure that data is de-identified and unnecessary clinical information is minimized to protect personal information. This process requires criteria and an appropriate method as there are clear identifiers as well as quasi-identifiers that are not readily identifiable. Methods; To formulate such a method, first, primary quasi-identifiers were selected by classifying information in 20 clinical personal information database tables into Direct-Identifier (DID), Quasi-Identifier (QI), Sensitive Attribute (SA), and Non-Sensitive Attribute (NSA) according to its type. Secondary QIs were then selected by assessing the risk for outliers by measuring uniqueness values of the selected data and scoring re-identification by calculating equivalence class of the influence on other data on QI removal. Third, the risk of re-identification of data users was numeralized and classified. Lastly, the final QI according to user class was determined by comparing the calculated re-identification scores to the threshold values of user classes. Results; Eventually, final QIs ranging from a minimum of 18 to a maximum of 28 were selected by making an assumption about user classes and using it as criteria. Conclusions; The QI selection method presented by the current investigators can be used by researchers at the final checkup stage before they de-identify the selected QIs. Therefore, clinical data users can securely and efficiently use clinical data containing personal information by objectively selecting QIs using the method proposed in the present study.

[1]  Martin M. Merener Theoretical Results on De-Anonymization via Linkage Attacks , 2012, Trans. Data Priv..

[2]  Anthony N. Nguyen,et al.  De-identification of health records using Anonym: Effectiveness and robustness across datasets , 2014, Artif. Intell. Medicine.

[3]  Goran Nenadic,et al.  Combining knowledge- and data-driven methods for de-identification of clinical narratives , 2015, J. Biomed. Informatics.

[4]  Arvind Narayanan An Adversarial Analysis of the Reidentifiability of the Heritage Health Prize Dataset , 2014 .

[5]  Kyung Ho Lee,et al.  Re-identification of medical records by optimum quasi-identifiers , 2017, 2017 19th International Conference on Advanced Communication Technology (ICACT).

[6]  Simson L. Garfinkel,et al.  De-Identification of Personal Information , 2015 .

[7]  Stéphane M. Meystre,et al.  Text de-identification for privacy protection: A study of its impact on clinical text information content , 2014, J. Biomed. Informatics.

[8]  Vishal N. Patel,et al.  Using aggregated, de-identified electronic health record data for multivariate pharmacosurveillance: A case study of azathioprine , 2014, J. Biomed. Informatics.

[9]  Soo-Yong Shin,et al.  Lessons Learned from Development of De-identification System for Biomedical Research in a Korean Tertiary Hospital , 2013, Healthcare informatics research.

[10]  Fabian Prasser,et al.  Efficient and effective pruning strategies for health data de-identification , 2016, BMC Medical Informatics and Decision Making.

[11]  Lynette Hirschman,et al.  De-identification of clinical narratives through writing complexity measures , 2014, Int. J. Medical Informatics.

[12]  Luk Arbuckle,et al.  El Emam Et Al.: the De‐identification of the Heritage Health Prize Claims Data Set Multimedia Appendix Multimedia Appendix 1 Truncation of Claims 2 Removal of High Risk Patients , 2022 .

[13]  Jae Ho Lee,et al.  A De-identification Method for Bilingual Clinical Texts of Various Note Types , 2014, Journal of Korean medical science.

[14]  Khaled El Emam,et al.  Estimating the re-identification risk of clinical data sets , 2012, BMC Medical Informatics and Decision Making.

[15]  Liam Peyton,et al.  A unified framework for evaluating the risk of re-identification of text de-identification tools , 2016, J. Biomed. Informatics.

[16]  Deborah A. Nichols,et al.  Strategies for De-identification and Anonymization of Electronic Health Record Data for Use in Multicenter Research Studies , 2012, Medical care.

[17]  Yon Dohn Chung,et al.  Privacy-preserving data cube for electronic medical records: An experimental evaluation , 2017, Int. J. Medical Informatics.

[18]  Jung-Sook Kim,et al.  Personal Health Information De-identified Performing Methods in Big Data Environments , 2016 .

[19]  Cyril Grouin,et al.  De-identification of clinical notes in French: towards a protocol for reference corpus development , 2014, J. Biomed. Informatics.

[20]  Matthijs Oudkerk,et al.  Image De-Identification Methods for Clinical Research in the XDS Environment , 2016, Journal of Medical Systems.

[21]  Jean-Pierre Corriveau,et al.  A globally optimal k-anonymity method for the de-identification of health data. , 2009, Journal of the American Medical Informatics Association : JAMIA.

[22]  Wahyu Kusuma,et al.  Journal of Theoretical and Applied Information Technology , 2012 .

[23]  Soyoung Yoo,et al.  Establishing the role of honest broker: bridging the gap between protecting personal health data and clinical research efficiency , 2015, PeerJ.

[24]  Angus Roberts,et al.  Development and evaluation of a de-identification procedure for a case register sourced from mental health electronic records , 2013, BMC Medical Informatics and Decision Making.