Email updates

Keep up to date with the latest news and content from BMC Medical Informatics and Decision Making and BioMed Central.

Open Access Research article

Estimating the re-identification risk of clinical data sets

Fida Kamal Dankar1, Khaled El Emam124*, Angelica Neisa1 and Tyson Roffey3

Author Affiliations

1 Children’s Hospital of Eastern Ontario Research Institute, Ottawa, ON, K1H 8L1, Canada

2 Pediatrics, University of Ottawa, Ottawa, ON K1H 8L1, Canada

3 Children’s Hospital of Eastern Ontario, Ottawa, ON K1H 8L1, Canada

4 CHEO Research Institute, 401 Smyth Road, Ottawa, ON K1H 8L1, Canada

For all author emails, please log on.

BMC Medical Informatics and Decision Making 2012, 12:66  doi:10.1186/1472-6947-12-66

Published: 9 July 2012

Abstract

Background

De-identification is a common way to protect patient privacy when disclosing clinical data for secondary purposes, such as research. One type of attack that de-identification protects against is linking the disclosed patient data with public and semi-public registries. Uniqueness is a commonly used measure of re-identification risk under this attack. If uniqueness can be measured accurately then the risk from this kind of attack can be managed. In practice, it is often not possible to measure uniqueness directly, therefore it must be estimated.

Methods

We evaluated the accuracy of uniqueness estimators on clinically relevant data sets. Four candidate estimators were identified because they were evaluated in the past and found to have good accuracy or because they were new and not evaluated comparatively before: the Zayatz estimator, slide negative binomial estimator, Pitman’s estimator, and mu-argus. A Monte Carlo simulation was performed to evaluate the uniqueness estimators on six clinically relevant data sets. We varied the sampling fraction and the uniqueness in the population (the value being estimated). The median relative error and inter-quartile range of the uniqueness estimates was measured across 1000 runs.

Results

There was no single estimator that performed well across all of the conditions. We developed a decision rule which selected between the Pitman, slide negative binomial and Zayatz estimators depending on the sampling fraction and the difference between estimates. This decision rule had the best consistent median relative error across multiple conditions and data sets.

Conclusion

This study identified an accurate decision rule that can be used by health privacy researchers and disclosure control professionals to estimate uniqueness in clinical data sets. The decision rule provides a reliable way to measure re-identification risk.