EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases

Nan Zhang, Liam O’Neill, Gautam Das, Xiuzhen Cheng and Heng Huang
Additional contact information
Nan Zhang: Department of Computer Science, George Washington University, Washington, DC, USA
Liam O’Neill: School of Public Health, University of North Texas Health Science Center at Fort Worth, Fort Worth, TX, USA
Gautam Das: Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, TX, USA
Xiuzhen Cheng: Department of Computer Science, George Washington University, Washington, DC, USA
Heng Huang: Department of Computer Science and Engineering, University of Texas at Arlington, Arlington, TX, USA

International Journal of Healthcare Information Systems and Informatics (IJHISI), 2012, vol. 7, issue 4, 48-58

Abstract: In accordance with HIPAA regulations, patients’ personal information is typically removed or generalized prior to being released as public data files. However, it is not known if the standard method of de-identification is sufficient to prevent re-identification by an intruder. The authors conducted analytical processing to identify security vulnerabilities in the protocols to de-identify hospital data. Their techniques for discovering privacy leakage utilized three disclosure channels: (1) data inter-dependency, (2) biomedical domain knowledge, and (3) suppression algorithms and partial suppression results. One state’s inpatient discharge data set was used to represent the current practice of de-identification of health care data, where a systematic approach had been employed to suppress certain elements of the patient’s record. Of the 1,098 records for which the hospital ID was suppressed, the original hospital ID was recovered for 616 records, leading to a nullification rate of 56.1%. Utilizing domain knowledge based on the patient’s Diagnosis Related Group (DRG) code, the authors recovered the real age of 64 patients, the gender of 83 male patients and 713 female patients. They also successfully identified the ZIP code of 1,219 patients. The procedure used to de-identify hospital records was found to be inadequate to prevent disclosure of patient information. As the masking procedure described was found to be reversible, this increases the risk that an intruder could use this information to re-identify individual patients.

Date: 2012
References: Add references at CitEc
Citations:

Downloads: (external link)
http://services.igi-global.com/resolvedoi/resolve. ... 018/jhisi.2012100104 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:igg:jhisi0:v:7:y:2012:i:4:p:48-58

Access Statistics for this article

International Journal of Healthcare Information Systems and Informatics (IJHISI) is currently edited by Qiang (Shawn) Cheng

More articles in International Journal of Healthcare Information Systems and Informatics (IJHISI) from IGI Global
Bibliographic data for series maintained by Journal Editor ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:igg:jhisi0:v:7:y:2012:i:4:p:48-58