Summary
Background: The reuse of clinical data for research purposes requires methods for the protection of personal privacy. One general approach is the removal of personal identifiers from the data. A frequent part of this anonymization process is the removal of times and dates, which we refer to as “chrononymization.” While this step can make the association with identified data (such as public information or a small sample of patient information) more difficult, it comes at a cost to the usefulness of the data for research.
Objectives: We sought to determine whether removal of dates from common laboratory test panels offers any advantage in protecting such data from re-identification.
Methods: We obtained a set of results for 5.9 million laboratory panels from the National Institutes of Health’s (NIH) Biomedical Translational Research Information System (BTRIS), selected a random set of 20,000 panels from the larger source sets, and then identified all matches between the sets.
Results: We found that while removal of dates could hinder the re-identification of a single test result, such removal had almost no effect when entire panels were used.
Conclusions: Our results suggest that reliance on chrononymization provides a false sense of security for the protection of laboratory test results. As a result of this study, the NIH has chosen to rely on policy solutions, such as strong data use agreements, rather than removal of dates when reusing clinical data for research purposes.
Citation: Cimino J.J. The false security of blind dates: Chrononymization’s lack of impact on data privacy of laboratory data. Appl Clin Inf 2012; 3: 392–403
http://dx.doi.org/10.4338/ACI-2012-07-RA-0028
Keywords
Patient data privacy - data adjustments - clinical research - clinical informatics - health policy - anonymizatoin - de-identification - dates