Abstract
Organizations often release and receive medical data with all explicit identifiers, such as name, address, telephone number, and Social Security number (SSN), removed on the assumption that patient confidentiality is maintained because the resulting data look anonymous. However, in most of these cases, the remaining data can be used to reidenafy individuals by linking or matching the data to other data bases or by looking at unique characteristics found in the fields and records of the data base itself. When these less apparent aspects are taken into account, each released record can map to many possible people, providing a level of anonymity that the recordholder determines. The greater the number of candidates per record, the more anonymous the data.I examine three general-purpose computer programs for maintaining patient confidentiality when disclosing electronic medical records: the Scrub System, which locates and suppresses or replaces personally identifying information in letters between doctors and in notes written by clinicians; the Datafly System, which generalizes values based on a profile of the data recipient at the time of disclosure; and the μ-Argus System, a somewhat similar system which is becoming a European standard for disclosing public use data.
Publisher
Cambridge University Press (CUP)
Subject
Health Policy,General Medicine,Issues, ethics and legal aspects
Reference37 articles.
1. “Privacy: The Workplace Issue of the ’90s,”;Linowes;John Marshall Law Review,1990
2. An evaluation of machine-learning methods for predicting pneumonia mortality
3. 6. See Kohane, et al., supra note 1.
Cited by
226 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献