New study finds patient privacy risks in sharing research data

By Sally Crocker

Liam O’Neill

 

In publishing new studies, health care researchers take care to remove identifiable patient information when sharing their data.

But a UNT Health Science Center public health professor has found that despite such precautionary measures, often required by grant-funding organizations and research journals, online attackers can still identify individual patient health records through cross-referencing against publicly available databases.

Liam O’Neill, PhD, Associate Professor of Health Management and Policy at the UNTHSC School of Public Health, published the report in the June 2016 issue of Anesthesia & Analgesia with colleagues from the University of Iowa and George Washington University.

The article was featured as the June cover story and was also highlighted in a recent podcast. The journal’s editor-in-chief, Dr. Steven L. Shafer of Stanford University, said he believes the article “will have profound implications for digital sharing of patient data” in the future.

“Posting health information that has been properly ‘de-identified’ for public use is assumed to pose no risks to patient privacy, yet computer scientists have demonstrated that this assumption is flawed,” Dr. O’Neill said.

“Knowing a person’s date of birth is insufficient by itself, for example, to identify an individual,” he said, “yet, 87 percent of the specific combinations of date of birth, postal code and gender occur only once among the entire U.S. population.”

“The first step is for an online attacker to link two or more open databases based on overlapping attributes,” he said.

For their study, Dr. O’Neill and colleagues used the State of Texas surgical database – containing public information on more than 2.8 million records – to show that there is a 42.8 percent chance that an online attacker could match an anesthesia record to a de-identified hospital database to uncover sensitive patient information.

The percentage is even greater, they reported, for patients undergoing multiple procedures or from smaller states.

“Few people today would think that the combination of hospital and surgical procedures could be enough to link to a single inpatient record out of a database of millions,” Dr. O’Neill said, “which is why the use or exchange of this type of data is largely unregulated. But methods of online attack are advancing rapidly, faster than methods of defense.” Dr. O’Neill said.

While supporting research transparency, the authors recommended a change in peer-reviewed editorial policy, where study data could be requested from a journal’s editor, rather than being publicly shared in de-identified format.

Funding for this study was provided by the National Science Foundation.

Recent News

Wellest Team
  • On Campus
|Dec 6, 2022

Wellest Inc. founder Dave Sekowski partners with HSC faculty through Techstars program

For Dave Sekowski, founder and CEO of Wellest Inc., the road to wellness has not been easy. Growing up with limited access to healthy food and education about health and nutrition, he struggled with childhood obesity. “I had to take it upon myself to figure it out,” Sekowski said. “I joined...
IHI Banner
  • Patient Care
|Dec 6, 2022

TCOM leadership presents patient safety course to 2022 IHI forum

The Texas College of Osteopathic Medicine’s innovative patient safety course and how to incorporate it into an academic curriculum was on display at the 2022 Institute for Healthcare Improvement Forum in Orlando, Florida.  Frank Filipetto, DO, CPPS, FACOFP, dean of TCOM, and Lillee Gelinas DNP...
Stephanie Ibekwe
  • Our People
|Dec 5, 2022

A voice for women in medicine

When Dr. Stephanie Ibekwe’s mother, Sarah, came home from her nursing job, she would tell her daughter stories about her patients and the conversations she had with them. “Nursing is pretty stressful, but my mom had an amazing way of handling things,” she said. “My mom really loved to bui...
Noah Peeri Headshot
  • Our People
|Dec 5, 2022

SPH alum Dr. Noah Peeri produces JAMA Oncology publication just months after graduation

Noah Peeri, Ph.D., MPH, a recent graduate of The University of North Texas Health Science Center’s School of Public Health, has achieved a major milestone by publishing an article in the Journal of the American Medical Association Oncology just months after completing his graduate degree.   H...