When publishing in medical journals, researchers are often encouraged to submit their original data to encourage information sharing and open access. According to a recent paper in the journal, Anesthesia & Analgesia, this practice of data sharing could be a threat to patient privacy.
Despite the fact that most health data is anonymized before posting, the authors say that an individual patient’s health records could still be identified by malicious individuals accessing the publically posted database. What’s more, they say that current protective measures may not be sufficient from mitigating these risks.
Healthcare databases are often openly shared to allow other researchers to validate the findings, thereby promoting research integrity. Identifiable information is removed from the data prior to posting, to protect patient privacy.
Unfortunately, even de-identified research data can pose risks to patient privacy. This risk is most pronounced in datasets containing only a few patients, which is the norm for research in the fields of anesthesiology and surgery.
With just a few pieces of crucial information, attackers may be able to identify an individual participant. To prove their point, researchers showed that it was possible to identify the health records of a public figure by matching voter registration data to an anonymized healthcare database.
“For anesthesia studies, the variables most likely to result in identification of individuals are the combination of hospital and surgical procedures,” said Liam O’Neill, healthcare management expert with the University of North Texas-Health Science Center. For less commonly performed surgical procedures, data matching techniques could allow anyone to identify a specific individual.
In their paper, the researchers discussed various methods by which attackers could violate patient privacy, along with the defensive measures currently in place to prevent this from happening. All of the defense methods do have their own limitations however, and the researchers warn that compliance with the Health Insurance Portability and Accountability Act (HIPAA) “Safe Harbor” privacy rules, may not be enough to protect against all attacks.
To demonstrate the vulnerabilities via a case study, the researchers measured the uniqueness of a population of patients listed in a Texas surgical database. The database contained over 2.8 million patient records, and the researchers found that the uniqueness of each was relatively low. Still, the researchers calculated that the hackers would have a good shot at uncovering an individual patient’s identity.
“While the methods available to those who would undermine privacy have undergone rapid development, the methods of ‘defense’ have not achieved similar breakthroughs,” said the authors. “An adversary would have about a 42.8 percent chance of linking the anesthesia record to the hospital database, and thereby discovering the patient’s sensitive information.”
Even more alarmingly, the researchers say this risk could be even higher for patients in smaller, less-populous states. The authors suggest that the same safeguards used in economics and business may be insufficient protection for patient data published in medical and healthcare journals.
Their article also outlines some potential policies that these journals could adopt to reduce threats against patient privacy. One such proposed policy is that the data could be supplied only to qualified researchers, in a format maintained by the journal’s editor.
“For my entire term as editor, I have pushed authors to share data, under the assumption that anonymized data could be safely shared,” said Dr. Steven L. Shafer of Stanford University, Editor-in-Chief of Anesthesia & Analgesia. “Our authors show that this is not the case. For the editors of major medical journals, this article will quickly ice their plans to promote scientific exchange of data. I don’t like what this paper demonstrates, but it is better to know an uncomfortable truth than to remain ignorant.”