For studies with small cohorts, like the data commonly used in anesthesiology and surgery research papers, having even basic information about patients could be enough for a bad actor to identify an individual. The study authors demonstrated how this might be done by matching information from a de-identified healthcare database with voter registration data.
“For anesthesia studies, the variables most likely to result in identification of individuals are the combination of hospital and surgical procedures,” the authors wrote.
After calculating the “population uniqueness” of patients undergoing at least one surgical procedure, the researchers found the probability that a randomly selected individual’s medical record could be matched to their record in a state database to be 42.8 percent.
“For my entire term as editor, I have pushed authors to share data, under the assumption that anonymized data could be safely shared,” wrote Steven Shafer, MD, a Stanford (Calif.) University School of Medicine professor and editor-in-chief of Anesthesia & Analgesia,in a commentary published along with the paper. “Our authors show that this is not the case. For the editors of major medical journals, this article will quickly ice their plans to promote scientific exchange of data. I don’t like what this paper demonstrates, but it is better to know an uncomfortable truth than to remain ignorant.”
More articles on patient data:
Using big data to create a ‘cancer internet’ could save lives
HHS’ OCR to develop guide on preparing for, responding to ransomware
Google permitted unrestricted access to 1.6M NHS patient records
