Answer: Yes. Using privacy technology, namely the Privacert Risk Assessment Server
Question: Can medical data be sufficiently de-identified under HIPAA so that it can be shared freely and still remain useful for bio-terrorism surveillance?
), data can be de-identified under the scientific standard for de-identification under HIPAA, and the resulting data remain useful for bio-terrorism surveillance. Society can have both safety and privacy.
Answer: Yes. Using privacy technology, namely the Privacert Risk Assessment Server (a href="http://www.privacert.com
The solution is to provide data with a sliding scale of identifiability (see below), where the level of anonymity matches the scientifically derived need based on suspicious occurrences appearing within the data. This is termed selective revelation. Bio-terrorism surveillance begins with data sufficiently de-identified in accordance to HIPAA. If evidence presents itself, a “drill-down” providing increasing more identifiable data commences in accordance to public health law. So, the goal is to prove that the data are anonymous yet remains useful. This is done using the Privacert Risk Assessment Server (now commercially available at www.privacert.com).
Keywords: homeland security, privacy-preserving surveillance, selective revelation, privacy appliance, public health, medical informatics, artificial intelligence
L. Sweeney. Privacy-Preserving Surveillance using Databases from Daily Life. IEEE Intelligent Systems, 20 (5), September-October 2005. (PDF).
Earlier versions: Privacy-Preserving Bio-terrorism Surveillance. AAAI Spring Symposium, AI Technologies for Homeland Security, 2005.
Privacy-Preserving Surveillance Using Selective Revelation. Carnegie Mellon University, LIDAP Working Paper 15, February 2005. (PDF).