Abstract
We present a computer program named Datafly that maintains anonymity in medical data by automatically generalizing, substituting, and removing information as appropriate without losing many of the details found within the data. Decisions are made at the field and record level at the time of database access, so the approach can be used on the fly in role-based security within an institution, and in batch mode for exporting data from an institution. Often organizations release and receive medical data with all explicit identifiers, such as name, address and phone number, removed in the incorrect belief that patient confidentiality is maintained because the resulting data look anonymous; however, we show the remaining data can often be used to re-identify individuals by linking or matching the data to other databases or by looking at unique characteristics found in the fields and records of the database itself. When these less apparent aspects are taken into account, each released record can be made to ambiguously map to many possible people, providing a level of anonymity determined by the user.
Keywords
AnonymityComputer scienceConfidentialityMatching (statistics)IdentifierData anonymizationField (mathematics)Data sharingUnique identifierDatabaseInstitutionPhoneInternet privacyInformation retrievalComputer securityInformation privacyMedicine
Affiliated Institutions
Related Publications
Maintaining the Confidentiality of Medical Records Shared over the Internet and the World Wide Web
The Boston Electronic Medical Record Collaborative is working to develop a system that will use the World Wide Web to transfer computer-based patient information to clinicians i...
k-ANONYMITY: A MODEL FOR PROTECTING PRIVACY
Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a ve...
Enhancing Access to Microdata While Protecting Confidentiality: Prospects for the Future
This article presents a scenario for the future of research access to federally collected microdata. Many researchers find access to government databases increasingly desirable....
Limiting privacy breaches in privacy preserving data mining
There has been increasing interest in the problem of building accurate data mining models over aggregate data, while protecting privacy at the level of individual records. One a...
PubChem BioAssay: 2017 update
PubChem's BioAssay database (https://pubchem.ncbi.nlm.nih.gov) has served as a public repository for small-molecule and RNAi screening data since 2004 providing open access of i...
Publication Info
- Year
- 1997
- Type
- article
- Pages
- 51-5
- Citations
- 241
- Access
- Closed
External Links
Social Impact
Altmetric
PlumX Metrics
Social media, news, blog, policy document mentions
Citation Metrics
241
OpenAlex
Cite This
Latanya Sweeney
(1997).
Guaranteeing anonymity when sharing medical data, the Datafly system.
PubMed
, 51-5.
https://doi.org/10.1184/r1/6622412
Identifiers
- DOI
- 10.1184/r1/6622412