Welcome to the InfoSci Platform
Reference Hub1
No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases

No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases

Nan Zhang, Liam O’Neill, Gautam Das, Xiuzhen Cheng, Heng Huang
Copyright: © 2012 |Volume: 7 |Issue: 4 |Pages: 11
ISSN: 1555-3396|EISSN: 1555-340X|EISBN13: 9781466612464|DOI: 10.4018/jhisi.2012100104
Cite Article Cite Article

MLA

Zhang, Nan, et al. "No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases." IJHISI vol.7, no.4 2012: pp.48-58. http://doi.org/10.4018/jhisi.2012100104

APA

Zhang, N., O’Neill, L., Das, G., Cheng, X., & Huang, H. (2012). No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases. International Journal of Healthcare Information Systems and Informatics (IJHISI), 7(4), 48-58. http://doi.org/10.4018/jhisi.2012100104

Chicago

Zhang, Nan, et al. "No Silver Bullet: Identifying Security Vulnerabilities in Anonymization Protocols for Hospital Databases," International Journal of Healthcare Information Systems and Informatics (IJHISI) 7, no.4: 48-58. http://doi.org/10.4018/jhisi.2012100104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

In accordance with HIPAA regulations, patients’ personal information is typically removed or generalized prior to being released as public data files. However, it is not known if the standard method of de-identification is sufficient to prevent re-identification by an intruder. The authors conducted analytical processing to identify security vulnerabilities in the protocols to de-identify hospital data. Their techniques for discovering privacy leakage utilized three disclosure channels: (1) data inter-dependency, (2) biomedical domain knowledge, and (3) suppression algorithms and partial suppression results. One state’s inpatient discharge data set was used to represent the current practice of de-identification of health care data, where a systematic approach had been employed to suppress certain elements of the patient’s record. Of the 1,098 records for which the hospital ID was suppressed, the original hospital ID was recovered for 616 records, leading to a nullification rate of 56.1%. Utilizing domain knowledge based on the patient’s Diagnosis Related Group (DRG) code, the authors recovered the real age of 64 patients, the gender of 83 male patients and 713 female patients. They also successfully identified the ZIP code of 1,219 patients. The procedure used to de-identify hospital records was found to be inadequate to prevent disclosure of patient information. As the masking procedure described was found to be reversible, this increases the risk that an intruder could use this information to re-identify individual patients.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.