HIPAA安全港数据中的重新识别风险:对一项环境健康研究数据的研究。

Technology science Pub Date : 2017-01-01 Epub Date: 2017-08-28
Latanya Sweeney, Ji Su Yoo, Laura Perovich, Katherine E Boronow, Phil Brown, Julia Green Brody
{"title":"HIPAA安全港数据中的重新识别风险:对一项环境健康研究数据的研究。","authors":"Latanya Sweeney,&nbsp;Ji Su Yoo,&nbsp;Laura Perovich,&nbsp;Katherine E Boronow,&nbsp;Phil Brown,&nbsp;Julia Green Brody","doi":"","DOIUrl":null,"url":null,"abstract":"<p><p>Researchers are increasingly asked to share research data as part of publication and funding processes and to maximize the benefits of publicly funded research. The Safe Harbor provision of the U.S. Health Information Portability and Accountability Act (HIPAA) offers guidance to researchers by prescribing how to redact data for public sharing. For example, the provision requires removing explicit identifiers (such as name, address and other personally identifiable information), reporting dates in years, and reducing some or all digits of a postal (or ZIP) code. Is this sufficient? Can research participants still be re-identified in research data that adhere to the HIPAA Safe Harbor standard? In 2006, researchers collected air and dust samples and interviewed residents of 50 homes from Bolinas and Richmond (Atchison Village and Liberty Village), California, to analyze the residents' exposure to pollutants. The study, known as the Northern California Household Exposure Study [1], led to publications that have been cited hundreds of times. We conducted experiments with separate \"attacker\" and \"scorer\" teams to see whether we could identify study participants from two versions of the data redacted beyond the HIPAA standard, one in which all dates were reported in ranges of 10 or 20 years and another in which a study participant's birth year was reported exactly. The attackers were blinded to the names and addresses of the participants, and the scorers were blinded to the strategy.</p>","PeriodicalId":92584,"journal":{"name":"Technology science","volume":"2017 ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2017-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6344041/pdf/nihms-988781.pdf","citationCount":"0","resultStr":"{\"title\":\"Re-identification Risks in HIPAA Safe Harbor Data: A study of data from one environmental health study.\",\"authors\":\"Latanya Sweeney,&nbsp;Ji Su Yoo,&nbsp;Laura Perovich,&nbsp;Katherine E Boronow,&nbsp;Phil Brown,&nbsp;Julia Green Brody\",\"doi\":\"\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p><p>Researchers are increasingly asked to share research data as part of publication and funding processes and to maximize the benefits of publicly funded research. The Safe Harbor provision of the U.S. Health Information Portability and Accountability Act (HIPAA) offers guidance to researchers by prescribing how to redact data for public sharing. For example, the provision requires removing explicit identifiers (such as name, address and other personally identifiable information), reporting dates in years, and reducing some or all digits of a postal (or ZIP) code. Is this sufficient? Can research participants still be re-identified in research data that adhere to the HIPAA Safe Harbor standard? In 2006, researchers collected air and dust samples and interviewed residents of 50 homes from Bolinas and Richmond (Atchison Village and Liberty Village), California, to analyze the residents' exposure to pollutants. The study, known as the Northern California Household Exposure Study [1], led to publications that have been cited hundreds of times. We conducted experiments with separate \\\"attacker\\\" and \\\"scorer\\\" teams to see whether we could identify study participants from two versions of the data redacted beyond the HIPAA standard, one in which all dates were reported in ranges of 10 or 20 years and another in which a study participant's birth year was reported exactly. The attackers were blinded to the names and addresses of the participants, and the scorers were blinded to the strategy.</p>\",\"PeriodicalId\":92584,\"journal\":{\"name\":\"Technology science\",\"volume\":\"2017 \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6344041/pdf/nihms-988781.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Technology science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2017/8/28 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Technology science","FirstCategoryId":"1085","ListUrlMain":"","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2017/8/28 0:00:00","PubModel":"Epub","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

作为出版和资助过程的一部分,研究人员越来越多地被要求共享研究数据,并最大限度地提高公共资助研究的效益。《美国健康信息可携带性和责任法案》(HIPAA)的安全港条款规定了如何编辑数据以供公众共享,从而为研究人员提供了指导。例如,该条款要求删除明确的标识符(如姓名、地址和其他个人身份信息)、以年为单位的报告日期,并减少邮政编码的部分或全部数字。这足够吗?在符合HIPAA安全港标准的研究数据中,研究参与者还能被重新识别吗?2006年,研究人员收集了空气和灰尘样本,并采访了来自加利福尼亚州Bolinas和Richmond(Atchison村和Liberty村)的50户家庭的居民,以分析居民对污染物的暴露情况。这项研究被称为“北加州家庭暴露研究”[1],其出版物被引用了数百次。我们对独立的“攻击者”和“记分者”团队进行了实验,看看我们是否可以从两个版本的数据中识别出研究参与者,这两个版本都是在HIPAA标准之外编辑的,其中一个版本报告了10年或20年的所有日期,另一个版本则准确报告了研究参与者的出生年份。攻击者对参与者的姓名和地址视而不见,记分员对策略视而不见。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Re-identification Risks in HIPAA Safe Harbor Data: A study of data from one environmental health study.

Re-identification Risks in HIPAA Safe Harbor Data: A study of data from one environmental health study.

Re-identification Risks in HIPAA Safe Harbor Data: A study of data from one environmental health study.

Researchers are increasingly asked to share research data as part of publication and funding processes and to maximize the benefits of publicly funded research. The Safe Harbor provision of the U.S. Health Information Portability and Accountability Act (HIPAA) offers guidance to researchers by prescribing how to redact data for public sharing. For example, the provision requires removing explicit identifiers (such as name, address and other personally identifiable information), reporting dates in years, and reducing some or all digits of a postal (or ZIP) code. Is this sufficient? Can research participants still be re-identified in research data that adhere to the HIPAA Safe Harbor standard? In 2006, researchers collected air and dust samples and interviewed residents of 50 homes from Bolinas and Richmond (Atchison Village and Liberty Village), California, to analyze the residents' exposure to pollutants. The study, known as the Northern California Household Exposure Study [1], led to publications that have been cited hundreds of times. We conducted experiments with separate "attacker" and "scorer" teams to see whether we could identify study participants from two versions of the data redacted beyond the HIPAA standard, one in which all dates were reported in ranges of 10 or 20 years and another in which a study participant's birth year was reported exactly. The attackers were blinded to the names and addresses of the participants, and the scorers were blinded to the strategy.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信