Building public trust in uses of Health Insurance Portability and Accountability Act de-identified data

Journal of the American Medical Informatics Association (Impact Factor: 3.5). 06/2012; 20(1). DOI: 10.1136/amiajnl-2012-000936
Source: PubMed


The aim of this paper is to summarize concerns with the de-identification standard and methodologies established under the Health Insurance Portability and Accountability Act (HIPAA) regulations, and report some potential policies to address those concerns that were discussed at a recent workshop attended by industry, consumer, academic and research stakeholders.

Target audience
The target audience includes researchers, industry stakeholders, policy makers and consumer advocates concerned about preserving the ability to use HIPAA de-identified data for a range of important secondary uses.

HIPAA sets forth methodologies for de-identifying health data; once such data are de-identified, they are no longer subject to HIPAA regulations and can be used for any purpose. Concerns have been raised about the sufficiency of HIPAA de-identification methodologies, the lack of legal accountability for unauthorized re-identification of de-identified data, and insufficient public transparency about de-identified data uses. Although there is little published evidence of the re-identification of properly de-identified datasets, such concerns appear to be increasing. This article discusses policy proposals intended to address de-identification concerns while maintaining de-identification as an effective tool for protecting privacy and preserving the ability to leverage health data for secondary purposes.

12 Reads
  • Source
    • "However, medical data are sensitive as they essentially contain personal information and can reveal much about ethnicity, disease risk [3], and even family surnames [4]. To promote data sharing, it is important to develop privacy-preserving algorithms that respect data confidentiality and present data utility [5], especially when one wants to leverage cloud computing [6]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Data sharing is challenging but important for healthcare research. Methods for privacy-preserving data dissemination based on the rigorous differential privacy standard have been developed but they did not consider the characteristics of biomedical data and make full use of the available information. This often results in too much noise in the final outputs. We hypothesized that this situation can be alleviated by leveraging a small portion of open-consented data to improve utility without sacrificing privacy. We developed a hybrid privacy-preserving differentially private support vector machine (SVM) model that uses public data and private data together. Our model leverages the RBF kernel and can handle nonlinearly separable cases. Experiments showed that this approach outperforms two baselines: (1) SVMs that only use public data, and (2) differentially private SVMs that are built from private data. Our method demonstrated very close performance metrics compared to nonprivate SVMs trained on the private data.
    06/2014; 2014:1-10. DOI:10.1155/2014/827371
  • Source
    • "The provider should be encouraged to enforce adequate data de-identification mechanisms against risks such as the inappropriate use and exploitation of data sharing. The legislation should also enact prohibitions for the unauthorized re-identification of anonymized data.25 Legal and financial remedies must exist to address any privacy violations or security breaches. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Health social networking sites (HSNS), virtual communities where users connect with each other around common problems and share relevant health data, have been increasingly adopted by medical professionals and patients. The growing use of HSNS like Sermo and PatientsLikeMe has prompted public concerns about the risks that such online data-sharing platforms pose to the privacy and security of personal health data. This paper articulates a set of privacy risks introduced by social networking in health care and presents a practical example that demonstrates how the risks might be intrinsic to some HSNS. The aim of this study is to identify and sketch the policy implications of using HSNS and how policy makers and stakeholders should elaborate upon them to protect the privacy of online health data.
    Journal of the American Medical Informatics Association 04/2013; 20(4). DOI:10.1136/amiajnl-2012-001500 · 3.50 Impact Factor
  • Source

    Journal of the American Medical Informatics Association 12/2012; 20(1). DOI:10.1136/amiajnl-2012-001509 · 3.50 Impact Factor
Show more

Preview (2 Sources)

12 Reads
Available from