Data Anonymization Project

Three computational systems for disclosing medical data in the year 1999

by Latanya Sweeney, Ph.D.

Abstract

Today most organizations release and receive medical data with all explicit identifiers, such as name, address, and phone number, removed in the incorrect belief that patient confidentiality is maintained because the resulting data look anonymous. We examine three computer programs that do maintain patient confidentiality when disclosing electronic medical records: the Scrub System which locates personally-identifying information in letters between doctors and notes written by clinicians; the Datafly System which generalizes data within the record based on a profile of the recipient at the time of access; and, the μ-Argus System which is becoming a European standard for disclosing public use data. The techniques presented in these systems help protect confidentiality in the face of a changing globally-networked society with immediate access to volumes of personal data.

Keywords: data anonymity, data privacy, re-identification, data fusion, privacy

Citation:
Latanya Sweeney. Three computational systems for disclosing medical data in the year 1999 Proceedings, MEDINFO 98. International Medical Informatics Association. Seoul, Korea. North-Holland, 1998. (PDF).

Related Publications


Summer 2003 Data Privacy Lab [De-identification Project]