As a way to facilitate peer-review, openness and bolster legitimacy around medical studies, journals and the research community often encourage study authors to make their original data available online. However, a special review published in Anesthesia & Analgesia suggests that this poses a significant risk to patient privacy — even when the data is presented anonymously.
For studies with small cohorts, like the data commonly used in anesthesiology and surgery research papers, having even basic information about patients could be enough for a bad actor to identify an individual. The study authors demonstrated how this might be done by matching information from a de-identified healthcare database with voter registration data.
"For anesthesia studies, the variables most likely to result in identification of individuals are the combination of hospital and surgical procedures," the authors wrote.
After calculating the "population uniqueness" of patients undergoing at least one surgical procedure, the researchers found the probability that a randomly selected individual's medical record could be matched to their record in a state database to be 42.8 percent.
"For my entire term as editor, I have pushed authors to share data, under the assumption that anonymized data could be safely shared," wrote Steven Shafer, MD, a Stanford (Calif.) University School of Medicine professor and editor-in-chief of Anesthesia & Analgesia,in a commentary published along with the paper. "Our authors show that this is not the case. For the editors of major medical journals, this article will quickly ice their plans to promote scientific exchange of data. I don't like what this paper demonstrates, but it is better to know an uncomfortable truth than to remain ignorant."