Three computational systems for disclosing medical data in the year 1999

Abstract

Today most organizations release and receive medical data with all explicit identifiers, such as name, address, and phone number, removed in the incorrect belief that patient confidentiality is maintained because the resulting data look anonymous. We examine three computer programs that do maintain patient confidentiality when disclosing electronic medical records: the Scrub System which locates personally-identifying information in letters between doctors and notes written by clinicians; the Datafly System which generalizes data within the record based on a profile of the recipient at the time of access; and, the μ-Argus System which is becoming a European standard for disclosing public use data. The techniques presented in these systems help protect confidentiality in the face of a changing globally-networked society with immediate access to volumes of personal data.

Keywords: data anonymity, data privacy, re-identification, data fusion, privacy

Citation:
Latanya Sweeney. Three computational systems for disclosing medical data in the year 1999 Proceedings, MEDINFO 98. International Medical Informatics Association. Seoul, Korea. North-Holland, 1998. (PDF).

Related Publications

• L. Sweeney, k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570. Paper: 14 pages in PS or PDF.

• L. Sweeney, Achieving k-anonymity privacy protection using generalization and suppression. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 571-588. Abstract, Paper: 18 pages in PS or PDF.

• A. Meyerson and R. Williams, General k-anonymization is Hard. Carnegie Mellon School of Computer Science Tech Report,2003; 03-113. Abstract, Paper: 18 pages in PDF.