Privacy-Preserving Surveillance

Privacy-Preserving Bioterrorism Surveillance

by Latanya Sweeney


Question: Can medical data be sufficiently de-identified under HIPAA so that it can be shared freely and still remain useful for bio-terrorism surveillance?

Answer: Yes. Using privacy technology, namely the Privacert Risk Assessment Server (a href=", data can be de-identified under the scientific standard for de-identification under HIPAA, and the resulting data remain useful for bio-terrorism surveillance. Society can have both safety and privacy.

The solution is to provide data with a sliding scale of identifiability (see below), where the level of anonymity matches the scientifically derived need based on suspicious occurrences appearing within the data. This is termed selective revelation. Bio-terrorism surveillance begins with data sufficiently de-identified in accordance to HIPAA. If evidence presents itself, a “drill-down” providing increasing more identifiable data commences in accordance to public health law. So, the goal is to prove that the data are anonymous yet remains useful. This is done using the Privacert Risk Assessment Server (now commercially available at

Click on image for improved view of selective revelation scale.

Keywords: homeland security, privacy-preserving surveillance, selective revelation, privacy appliance, public health, medical informatics, artificial intelligence

L. Sweeney. Privacy-Preserving Surveillance using Databases from Daily Life. IEEE Intelligent Systems, 20 (5), September-October 2005. (PDF).
Earlier versions: Privacy-Preserving Bio-terrorism Surveillance. AAAI Spring Symposium, AI Technologies for Homeland Security, 2005.
Privacy-Preserving Surveillance Using Selective Revelation. Carnegie Mellon University, LIDAP Working Paper 15, February 2005. (PDF).


Related Publications

  • L. Sweeney. "Privacy Technologies for Homeland Security", Testimony before the Privacy and Integrity Advisory Committee of the Department of Homeland Security (DHS), Boston, MA, June 15, 2005. (Testimony and Appendices)

  • L. Sweeney and R. Gross. Mining Images in Publicly-Available Cameras for Homeland Security. AAAI Spring Symposium, AI Technologies for Homeland Security, 2005. (PDF).

  • L. Sweeney. Privacy-Enhanced Linking. ACM SIGKDD Explorations 7(2) December 2005. (PDF).

In the News

  • CBS News, Associated Press, March 15, 2004, "Privacy Safeguards Quietly Killed". (text)
  • CBS News, Associated Press, November 4, 2002, "Germ Patrol: Like Never Before". (text)

Related Links

Fall 2005 Data Privacy Lab