Soon enough this data will end up in the hands of our insurers, and enough technology will be built to where if you buy a 6 pack on the weekend, your premium will be adjusted on-the-fly.
FWIW socialised healthcare (the better alternative) hasn't solved that particular problem. Punitive taxes on alcohol and smoking are very common because they're trying to reduce costs. Insurance is the same thing but on an individual basis, which means healthier people should _in theory_ get better premiums in your example.
Right, but I'm talking about the novel ways companies try to optimize premiums. Car insurance is already doing it with some companies wanting you to install an application on your phone to track your driving habits in hopes of maybe lowering your premium. Disgusting shit.
I don't install these apps but what exactly is wrong with them and why is it "disgusting shit?" If I drive the speed limit or slower, stop for 3-4 seconds at every stop sign, don't accelerate quickly, etc., what's wrong with me having a lower auto insurance premium than someone with an identical profile who goes 10 over the limit everywhere and rolls through every 5th stop sign?
I'm not implying insurance companies are doing this out of altruism. If it resulted in a net decrease in profit, the apps wouldn't exist. But it does seem like a beneficial form of price discrimination. It seems like it's only "disgusting shit" if it makes your insurance premiums go up because you're a less safe driver.
I will admit I'm not a fan of surveillance based insurance, either. Just pointing out the alternative is individualising the cost via insurance or making all society pay for a few people.
The problem is when it becomes required to submit to this sort of surveillance, or you don't get insurance at all. That doesn't seem like an unlikely endgame to me.
Also the factors the app monitors are not necessarily correlated with risk of a crash in the way we'd expect. For example, if you drive the speed limit or slower on most highways in the US, you will be driving slower than the speed of most traffic, and it's more likely that someone will rear-end you.
Already done - this type of data is already used to assess your risk for opioid addiction in several states, especially if you are in a high risk/high cost group.
So medical science could figure out the health consequence of all your dietary and recreational decisions with amazing granularity, and your take is this is a negative thing because of the possibility of higher insurance rates?
No one here is proposing we give this data to insurers.
The poster I responded to is proposing we deny medical science this data, and that we remain remain sicker and more ignorant about health, because otherwise the discoveries medical science makes might get used by insurers who somehow gain access to our purchasing data later (another thing no one here is proposing they be given).
Under current US law, health insurance companies can't even adjust your premiums for serious preexisting conditions, much less because you bought some beer.
It's hard to compare smoking to the 'sin of the week'. It's the leading cause of preventable death in the U.S. (or was a few years ago), and probably has been for generations. It is one of the most studied and prolonged public health issues.
It's hard to blame smoking insurance costs on 'sin' - it kills people and increases costs for the insurance company, possibly more than any other choice people can make. If you drive in drag races and ask for car insurance, don't be surprised if it costs more.
The trick is to use a proxy for the metric that IS permissible in much the same way that financial companies in the 1960s used address data once it became illegal to discriminate directly because someone was black.
The only factors are "location, age, tobacco use, plan category, and whether the plan covers dependents."
Maybe some zipcodes drink more than others, but they don't need to figure that out because they can just look at illness rates for the zipcode directly. Same for age and tobacco.
>> Soon enough this data will end up in the hands of our insurers, and enough technology will be built to where if you buy a 6 pack on the weekend, your premium will be adjusted on-the-fly.
The underlying claim here is that de-identification doesn't work, the articles then explores the consequences of that.
But the real question should be: why doesn't de-identification work and how to make it work. It is a technical problem, and I thought it was more or less solved. But the author here things it is just placebo. If so, what is the problem exactly? Is there a fundamental problem with the very idea of de-identification? Is there a "bug" in the process? What level is required to conduct these attacks? Can in individual do it? A cybercrime gang? A nation state? Is it only theoretical?
Depending on that, the answer could be very different.
I suspect that the more data they have for a particular patient (many visits over multiple years) makes the re-identification process easier. The article mention financial data, if dates and amounts of charges aren't masked or altered that could be cross-referenced with another data source to deduce the person's identity.
De-identification is in the eye of the data steward and their legal folks.
So it’s the definition of de-id that doesn’t actually “work” in that it’s possible to reidentify small amounts from de-id data, and that adds up over time.
For example, HIPAA considers data de-id if you remove 19 fields or expert determine that it’s de-id. [0]
What’s expert determination, who’s an export? That’s up to me to decide and my lawyers to accept.
The bug is that if half a percent of people each de-id datasets can be reidentified, likely acceptable in HIPAA, then each data released adds up for reidentified people. And more datasets allow for triangulation and linking to reidentify.
The article calls this out as a risk, not a certainty as it’s unclear if anyone is doing this. But the process would be something like:
1) buy HIPAA de-identified data since it doesn’t require patient consent
2) reidentify patients using other data publicly for sale (marketing data, voter registration, etc)
3) new data is not longer HIPAA restricted and fully identified health records can be sold for whatever you like (eg, super targeted drug marketing)
The US federal government requires users to agree to terms in return for receiving potentially identifiable data. Usually those terms include something like, "I agree to not attempt to use these data to identify any individuals." Granted, an agreement carries more weight when it's with the federal government (lying to them is criminal). But this kind of clause can prevent legal groups from reliably trading in identified data, even if it's from a private hospital. If they break the agreement, they'll probably never again receive new data from the provider, and stale data is low value.
Some medical data, such as genome sequence data, is unique to an individual (where the uniqueness is partly dependent on the length of sequence data generated - short sequences may not be unique). Even worse, whole exome or genome data also describes your lineage and may reveal sensitive information about relatives, living and not. Deidentification of such genomic data is especially difficult.
But the real question should be: why doesn't de-identification work and how to make it work.
How much health data is required to distinguish a specific individual even without any "identifying" information? Surely there must be many people with unique combinations of conditions and treatments. If that is so then a data set that includes those people could only ever be pseudonymous, not truly anonymous.
What other data sets might then be combined with the health data to match a pseudonymous record with an identifiable person? Payment records? Travel records? Time off work? Insurance claims?
I don't know much about how the US healthcare system works, but maybe before asking how to make de-identification of health data work we should be asking whether it could ever work effectively at all.
The industry of de-identification has a long history in fact.
It is typical for many types of criminals to employ hard-to-identify outfit and appearance.
The work of investigators is to overcome this hardship and identify the criminal.
The co-evolution of methods on both sides will never end.
It's a mathematical problem, not a technical problem. You can remove features from a dataset that, on their own, serve to uniquely identify someone, but that doesn't change that the remaining features still each partition the population into smaller and smaller subsets until eventually the subset is one or only a few people. Once you get down to "only a few people," metadata may be able to bring that to one, i.e. there are a few hundred people it could potentially be, but only one was actually at the hospital the data was collected from at the time it was collected. You don't necessarily even need the hospital to leak that metadata. Maybe this person was the only one who even lived near that hospital near that time.
The only way to anonymize the data in a foolproof way is to remove so many features that it becomes useless for statistical research.
Modeling-wise, regression, classification, and clustering alike all rely on being able to construct a model that minimizes entropy. But anonymity relies upon maximizing entropy. This fundamental conflict can't really be resolved. You pick some point in the middle of the spectrum that ends up serving neither purpose well.
Math problems aren't technical problems? Do you mean it's a mathematically-impossible technical problem?
Noise and obfuscation can be added to the data such that the unique person it identifies doesn't exist. For example changing the dates by some limited random amount. Replacing values with roughly-similar choices (replace engineer with scientist, replace Mexico with el Salvador, etc.) The technical problem is doing that in a way that doesn't harm its research value, never allows the final set of possible similar identities to be below some lower limit, and can't be reversed of course.
Would you be willing to provide a few references for this? My professional work has skirted around the discussion at times, and I would be fantastically interested in learning more.
It doesn’t work because the data can be correlated against other sets of data.
When my wife almost died from an ectopic pregnancy, Enfamil was confident enough of the would-be due date based on data pieces together by a broker to FedEx us a box of formula on the due date.
Third parties get a real time feed of insurance claims, hospital admissions, prescriptions and other data. They put the puzzle together and make an assertion of valuable diagnoses. (Pregnancy, diabetes, etc)
They don’t need to be 100% accurate. The collateral damage of reminding someone who lost a child and nearly lost their life doesn’t have a cost to them.
In many cases, abusing such data will also be profitable even if the result estimate is highly noisy.
Just as an example, let's assume that an insurance company knows your given name when you apply and they have statistical data which shows that if your name belongs to one set of names, you are smoking with a probability of 51%. If you have another name, you are smoking with a probability of 49%, because the correlation is noisy. It is still more lucrative for the company to exclude applicants from the "more likely to smoke" names group, because smoking causes cost. You might never have tried a single cigarette in your life but with the information the company has, it is more profitable to not insure you.
Of course the above is an exaggerated example which would not work out quantitatively (the profit they make by insuring you might be higher than the expected value of risk from smoking) but the principle still holds; it is used for credit scoring and similar things.
It’s more insidious than that. Based on proprietary databases, insurers can target advertising or marketing at you based on profiles that you don’t know exist.
If you want to avoid insuring a protected class, you might be able to identify them based on those databases, and use advertising to avoid the folks you don’t want. (This is common for student apartments)
> It is a technical problem, and I thought it was more or less solved.
As a technical problem, it is more or less understood to be unsolvable.
The core issue is the more information you strip away, the more sanitized the data is, the less useful it is. Once the statistics of your "representative" set are no longer that (even worse, weirdly biased) you are very limited in what you can do. This works ok if you already 100% know the data you need and don't, but otherwise it falls apart pretty quickly.
On the other hand, relatively small numbers of innocuous data points about individuals will identify them uniquely.
People have mentioned some good cases, but I think the most straightforward one is radiology.
Imagine you have high quality 3D scans of people. You can strip the names off of the files, but anyone can volume render the data to see what they look like (inside and out).
There are some papers on adjusting the data, while hopefully preserving anything medically important, but that's obviously a challenging problem.
Information is information and the more you have, the easier it is to figure out where it came from. Some data makes it easier than others.
I worked with a hospital awhile back with patient radiological data (for free and for science). Patients had to explicly sign-off that they were sharing their data with us and what we planned to use it for. A lot of the metadata from DICOM wasn't even wiped, I had their names, street addresses, all sorts of stuff which was supposed to be wiped (de-identified).
Even then, I worked with data from a patient with a brain tumor and their neurosurgeon looking to remove it. That data was correctly anonymoized but it was their head, so I could basically reconstruct their face--so is a coarse geomerric sampling of a face de-identified? I guess it depends on how coarse it was.
Just look at what's done with social media, advertising, and browser data to get an idea of where things can go.
Under what circumstances did they "explicitly sign-off" on the data sharing, I wonder? There are a lot of times during a hospital visit, when one could be less-than-observant of exactly what he/she is signing.
Every doctor's visit I've had in recent memory had a data sharing agreement I had to sign (or at least, that was presented to me) if I hadn't been there before.
This was for a project paternship with a university and hospital to improve patient outcomes with some new exploratory tech approaches. A short document that followed some standard study participation format was generated using easily understandable language in about 1-2 pages IIRC (large fonts so it was easily readable by patients with poor eye-sight). Everything done, including the document, went through an external IRB process for human subject data and was approved. Everyone involved had to go through human subject training and what not.
Physician would mention the study to patients that would likely be good subjects for the work about the work, its goals, if they'd be interested in participating. Forms were then provided to patients involved to sign (explicitly) about their agreement to participate in the effort and how their data would be used, protected, etc. The process also required physician sign-off to confirm they read the document to the patient verbally, determined they were competent, cognizant, not under any sort of duress/intoxication, etc. The patient also needed to verbally acknowledge they agreed. Oh, and there was a clause they could retroactively pull out of the work, including their data at any point of they felt uncomfortable or changed their minds.
The patients and their data weren't the product, tech developed that would assist patients was the product of the data.
For patients who agreed, some would also be permitted to see some of the products of the work related to their data. Im forgetting a lot of the data collection process because it was very rigorous and several years ago now, but everything above bar, no dark patterny ah-ha-gotcha! line buried in a 300 page liability sign off they had to agree to for some necessary life saving treatment or anything of that nature.
I even got to meet some of the people we helped which was a bit rewarding to see people's lives improve a bit with technology. The specific patient mentioned and their neurosurgeon even let me sit in on their brain surgery tumor removal (patient's suggestion), which was a very unique experience. So yea, they knew what was going on.
With that said, not all data usage was as transparent and ethical as what I worked with, and I saw a lot of mistakes there that make me cringe thinking what a less ethical business with no transparency might do, given the opportunity.
I’m glad to see this getting more attention as it seems scary to me as a private citizen who wants my medical data to stay private.
I’m not sure how to defend against this as it seems based on HIPAA and what it allows. Since de-identified data can be legally sold, I think it will.
The theoretical defense I’ve thought up is a class action lawsuit for synthetic breaches. Since these data are deemed de-identified by expert determination [0] and that’s hazy, if I could reidentify myself after de-id, and I didn’t authorize it, then I could be eligible for breach damages for HIPAA violations up to $50k per person [1].
Since these sets have millions of people, likely everyone in the country. And since expert determination can possibly classify an acceptable re-id risk as less than 1%, this could be a million or two people. So a big enough pool to attract big legal investments.
That would increase the cost and risk of doing this to outweigh the benefits. But currently it’s “free money” for any healthcare system that’s kind of impossible for me as a patient to opt out.
I like your idea of a class action lawsuit but wouldn't the $50k per person penalty shift your idea of what an organization would consider an acceptable risk? 1 million * $50,000 is probably not acceptable.
I hope for all our sakes you are in the business of buying de-identified medical data :)
I think this has the potential for the next asbestos or tobacco or opioid payouts. I definitely wouldn’t want to work in this area (both for ethical and business model at risk for sued out of existence).
HIPAA has no private cause of action (you can't sue providers who violate your rights under HIPAA). The government can fine them, so from a provider POV they are liable for the breach you propose, but you are not eligible for recovering the $50k.
You may or may not have a private civil tort against the medical provider, separately from HIPAA.
Good point, the fines are by HHS and not dollar amounts to victims. I gave the amounts to signify the importance and IANAL would be part of a basis for establishing harm done.
I specifically linked to an injury lawyer to show the types of current HIPAA violation civil suits that have succeeded. My reasoning is that it’s lucrative enough for lawyers to solicit business.
People talk about the US being lawsuit-happy, but here's an example where the tort system could work to encourage the enforcement of a law if the government doesn't want to enforce it.
As a non-American I am always fascinated by the hacks and kludges that people propose to mitigate the inherent dysfunction that is the US medical system.
I consider intentional breaches of medical privacy to be in the same league as physical assault and as such would expect a society to respond to these kinds of crimes with swift and severe punishments including jail time and fines.
Why not just arrest these people and take the profits from their crime instead of adding civil lawyers and bureaucracy to the mix?
The USA. HIPAA states that willful or malicious disclosures of identifiable health information with intent to sell for personal gain have penalties of up to 10 years in prison [0].
Right, there are criminal penalties possible under HIPAA (I don't know if anyone has actually gone to jail under them) but they explicitly don't apply to the situation I was replying to (or I misunderstood it).
As far as data privacy goes, I will say that the sale of health data has some pretty significant upsides--specifically medical research. There's probably a better way to get the best of both worlds, but I would hate for us to just pull the rug out from under medical research without a satisfactory backfill.
Disclaimer: I work for a company that uses this data to match terminally ill patients with niche treatments and clinical trials, and the work literally saves and prolongs lives.
The article mentions the dispute over wether or not anonymized medical record data really has enough of a signal for meaningful research use cases. That has to be weighed against the privacy concern.
> I work for a company that uses this data to match terminally ill patients with niche treatments and clinical trials, and the work literally saves and prolongs lives.
Talked with a company that made similar claims about what they are doing, but it turns out they were really ensuring that their users where choosing the medication from the highest bidder rather than the one that was really in the the patient's best interests.
The mental gymnastics they did to justify they were doing what was in the patient's best interests was fun to observe, but in the end they were just a tool of a large pharmaceutical company, exploiting sick people for profit.
Quick cynicism sanity check: who pays your company, your users or the "niche" treatment provider?
If it's the former, that sounds like it's good work.
If it's the latter I would recommend being a bit more skeptical of the business motives of your employer and their customers.
huh, would that be part of the jewel encrusted platinum insurance plan? Because I've always just assumed that once you started getting into the experimental drug desperation phase - insurance carriers were totally off the hook for the what would otherwise be an infinite increase in their risk exposure. It sure would be nice if there wasn't such a massive asymmetry in pricing data.
Why are you so sensitive? Unless you are an insurance provider incarnate - nothing I said was critical of you. Now... if I were to being going after you, I'd imagine it would be because of the hamfisted "Making the world a better place, through <insert profit motivated activity here>."
You can just want money, it is perfectly natural in a world full priced things, and I don't imagine the self deception is good for you.
This is just baseless, predictable cynicism, devoid of any understanding of basic economics. Someone is doing good work for society and making money? Insert boilerplate remark about how greedy they must be.
Of course, not only is it distinctly possible to contribute to society and make a profit—it’s basically the only way. In the real world loads of researchers and engineers and other employees aren’t going to work for free to appease random Internet cynics (who rarely if ever make positive contributions to society of their own, mind you), so capital is required which entails investors and returns on investment. Yeah, that means insurers or someone else paying money.
Looks like I was right, you're clearly so emotional invested that you've failed to notice how you just repeated what I wrote... but with greater verbosity and the kind of angry tone that makes an opinion so easy to dismiss.
It's surprisingly hard, which is why there is a cottage industry built up around it for clinical trials.
Regardless, getting informed consent for data acquisition is great if you are doing a clinical trial or really looking forward, but for a lot of things you want a ton of retrospective data that can be difficult or impossible to consent.
It's a hard problem. I hope in the future it will be an easy problem, but we aren't there.
I have literally yet to see a medical-adjacent company not default to assuming they’re on the moral high ground.
When I see companies say “we save lives” my initial reaction is no different from companies that say “we hire the best” or laws that “are for the children”.
Yeah, I mean it sucks. Investors want returns. Employees want competitive salaries. There’s lots of greed in the world. I don’t have any answers for you, I’m just trying to help really smart people move the needle on this cancer thing and yeah, I like that I get paid competitively.
Sale of ad data has upsides too, greater products and targeted advertising. The greatness is kind of asymmetrical, similar to the scenario you describe.
Marketing drugs better isn’t exactly saving lives. Researching drugs should be done through IRB and include patient consent. Of course, there’s great benefit to bypassing ethical controls, but they are still worthwhile.
I don't think provisions like HIPAA alone cannot prevent abuse of medical data, Say a free medical-consultation app along with health tracker from a health insurance provider can provide data to the health insurer which can further be used in a flawed algorithm to increase premium or worse cancel the policy when it's most needed.
Conflict of interest regulations should be applied for data, If my data can be used to cause harm to me then you shouldn't have it that's all.
"Since these data are deemed de-identified by expert determination [0] and that’s hazy, if I could reidentify myself after de-id, and I didn’t authorize it, then I could be eligible for breach damages for HIPAA violations up to $50k per person"
The Expert Determination data would likely be released to you with an agreement that you would not attempt to re-identify the data. So if you then attempted to re-identify the data, even yourself, you would be breaking the terms of the license and I would think liable to civil action from the entity that gave you the data (and their upstreams). I don't think you would win here.
De-identified data can still be quite useful for some types of research. If you strip away every field of personally identifiable information except, let's say, sex and birth year, there's no way to do meaningful re-identification.
This is wrong. Rare diagnoses are the simplest case of reidentification, but there are many many other opportunities. There's a whole field of research about that.
Dates and times are generally deidentified by choosing a random initial date and changing subsequent timestamps to the random initial plus the duration between visits. The sequence and delays could potentially be used to identify patients, but this would be a lot harder than having absolute timestamps.
I recently had a crazy notion for losslessly scrambling the sequence as well. Mostly for protecting voter privacy (order in which ballots are cast). One of the major blockers to fully digital voting.
I haven't found any hits using terms like "cryptographic timestamps." Surely I can't be the first.
Voter privacy for digital voting doesn't solve much. It doesn't seem to be possible to both cryptographically prove to a voter that their vote was counted correctly (integrity) while simultaneously preventing them from being at risk of coercion to share who they voted for (privacy).
I am sorry, but your answer is nearly the exact textbook example how wrong most people are with their intuition. In 2000 Latanya Sweeney showed that 87% of Americans can be identified by Sex, Birthday and Zip-Code. As other commenters point out, the connection to external databases is extremely powerful and dangerous to privacy.
There are other concept in research to still use this data in research like differential privacy or using KI to synthesize data according to training data provided. But so far all concepts that tried to alter and then publish a datasets directly for research failed miserably.
In fairness, the parent did just say Birth Year and Sex while Latanya Sweeney used the identifiers you list which give quite a bit more information. I agree with your basic point though that data that appears to be anonymized can frequently be de-anonymized--at least to some degree of statistical certainty to a degree that most would find surprising.
Birthday is super different than year of birth. And zip code is really precise.
GP said sex and year of birth that are usually perfectly fine for deidentification assuming some basic k-anonymity and l-diversity protections.
It’s frustrating when people bring up examples of reidentification out of data that were not properly reidentified in the first place.
Hopefully no one competent would think that having unique records based on sex, dob, and zip code are makes data deidentified. This is usually the case of someone not actually deidentified.
The bigger risk, I think, is when you have some threshold of at least 10 records sharing sex, year of birth and still iding individuals.
Sure, sex and year of birth alone are fine. Why do you assume they won't be able to use the medical data to further de-anonymize it? "Male, 1993, records are from a hospital in Central Texas so he lives there, who has posted on social media about conditions x, y and z" would probably turn up... me.
That is exactly my concern. But that’s not what but my comment was about the false statement from Sweeney’s paper talking about zip, dob and no one considers that deidentified.
Sex, birthday, and zip code is totally different than sex and birth year… sex, birthday, and zip code creates 1,523,000,000 different ‘buckets’ of people for everyone born in the last 50 years. That is more buckets than people in the US, so it makes sense that you could deanonymize.
Sex and birth year only creates 100 total buckets for people born in the last 50 years. There is no way you could deanonymize that.
Correct on the differences. True, it cannot be deanonymized if that is the only data you have. However, if you have any other data, even if it is not PII by itself and doesn't even look interesting, there is no way to guarantee it won't be personally identifiable when combined.
As has been said, I don't think there is a way to anonymize data, that is useful and not reversible when combined with other data. Even if you only have 2 buckets.
All information is potentially personally identifiable.
For example, perhaps you take data on favorite movies and strip away every bit of PII except sex and birth year (as you stated).
Now let’s say I take the stripped data and target some facebook ads to people of a specific sex and birth year and have the ad be for people who love a certain obscure movie, doubling down on a second obscure movie and so on. Eventually I could have a reasonable chance of determining which other movies a unique individual may like based on the stripped data.
Obviously irrelevant for movies, but more relevant for prescription drug uses, sexual preferences etc.
The point is that with enough outside data available, even data stripped of PII can be de-anonimized.
People don't yet have intuition about this. I still don't even know how to articulate it. Here's a stab:
"With enough data collected, you can uniquely identify people by ruling out everyone else."
Mid 2000s, Seisent was helping law enforcement solve cold cases using big data. In layperson's terms, they'd narrow the list of suspects by ruling out everyone who has a solid alibi.
At the time, that was achieved by building profiles of everyone, living and dead, simply by compiling 1600 publicly available datasets. Like court records and mortgages and whatnot.
Today you'd include location tracking, social media, all financial tracking, etc.
It's remarkable that any crime goes unsolved. Like the back log of rape test kits, it's only because no one cares enough to bother to look.
I thought of John Kennedy the first time, took the game about 55 questions to get to it, it didn't until it knew that he was a US president, was assassinated (as far as I know only Lincoln and Kennedy meet those two criteria together) AND that he lived in the 20th century, so it couldn't even rule out Lincoln. Next game I thought of Cameron Diaz, the game simply gave up after the 25th question or so.
It's a pretty neat idea overall, reminds me of those link-following competitions using Wikipedia where you have to start from a topic and get to another completely unrelated topic solely by recursively chasing links. They both exploit the interconnected nature of our culture, a question (or an article) about a recent TV show providing a clue (or a link) about a pretty unrelated historical character.
The game desperately needs some notion of statistical proximity though, it kept asking whether the character was an actor even after knowing he is a president, it doesn't do _any_ kind of deduction on what it already knows, just mad slash-and-dash till it gets the identifying info.
Practically, this will likely yield the same results.
Remember I'm still struggling with phrasing:
I have no idea how akinator is implemented. 20 questions is traditionally a drill down decision tree. From their blurb, I infer that akinator divines its own decision tree, vs user supplied questions. Clever.
Instead of finding a needle in a haystack, the big data strategy is to progressively remove all the hay until the needle is revealed.
Like the big data equiv of Sherlock Holmes' deduction (logic). "When you have eliminated the impossible, whatever left, however improbable, must be the truth."
Again, am not an academic, philosopher. I don't know what to call this strategy.
It's not logic, reasoning. It's brute force. Test every single possibility to find the matches.
re-identification is basically the same as browser fingerprinting. with enough vaguely stochastic variables, you can uniquely identify pretty much anyone
It's surprising that many medical providers don't understand this side of HIPAA. I recently spoke to a department head of oncology who seemed to think patient consent was required for sharing data and was not comfortable sharing their patients' data. What they don't realize is that HIPAA doesn't require consent if the data is de-identified and so their organization can or is sharing their patients' data anyway.
The problem is risk. HIPAA allows for a lot of things that feel like exceptions to the core principles of HIPAA. Many things are vaguely defined as "reasonable" - which changes over time.
MD5 was a reasonable password hash - until it wasn't. SHA1 was - until it wasn't. Etc.
An article like this can arguably prove that there is no reasonable means of de-identification since multiple data sources can be combined. Combine that with the fact that HIPAA puts pretty high limits on the minimum cohort size that can be associated with a unique identifier and low ROI from actually sharing this data.
Many places end up in a position where it's simply not worth the risk to share.
One troubling re-identification attack for medical data is the trail re-identification method [0]. A lot of privacy analysis will consider the data to be in the shape of a table T with some columns A,B,C and use the notation T<A,B,C> to describe a de-identified dataset. The trail method will take multiple de-identified datasets, each from a different hospital, T_1<A,B,C> T_2<B,C,D>, T_3<C,D,E> and use their shared columns to narrow down on a set of individuals.
So, even though each hospital may have a legitimately de-identified dataset in isolation, it is not de-identified when combined with the (also de-identified) data from another hospital. The risk of this attack increases as patients visit more hospitals. We humans are fairly long-lived and tend to move around so it may be substantial. (That being said some hospital systems are quite large like Kaiser Permanente and serve huge areas so visiting multiple hospitals doesn't necessarily create multiple tables.)
For this attack to work, wouldn't one of the tables need to contain PII of some sort? If A,B,C,D,E are all de-identified, the aggregate is still de-identified? But, if E is SSN (or some other PII data), then the entire set can be re-identified?
That's one option: you combine protected, de-identified information with unprotected (e.g. non-health) information to re-identify the protected information. But also, something like Facebook allows you to target a person who lives in $TOWN, works at $COMPANY, born in $YEAR, even if you don't know that person's name or SSN.
The funniest part is that this data is actually mostly (and often completely) useless for the stated purposes of statistical analysis. Routine clinical data collection is of abysmal quality, but many buyers don't see the full extent of the catastrophe.
It'll be much more useful for legal and not-so-legal purposes. And last but not least: insurance. As an aside, privacy enforcement for medical data is much easier through fingerprinting tethered to a NDA.
I completely disagree. A lot of the data is standardized already, such as lab values and other so-called "structured" data, and can be used almost immediately without much cleaning. This is most of the routine data collection. The largest remaining part is patient notes, which are free form text but still contain plenty of useful information searchable by keyword or extractable by human curators.
You are correct that if doctors could be more strategic about how they collect info it would make the job of the data scientist much easier. This is especially true in radiology and pathology.
What does more strategic mean? Doctors aren’t data collectors. Their job is to provide patient care. If you want data collected, design a system that doesn't add to documentation burden.
Yeah yeah, I've heard the same story many times. So where are the fantastic new discoveries made on mass lab statistics, then? Because epidemiologist have had access to this same data since a long time already, and they are not any less capable than industry "data scientists". The saying goes: "90% of diagnoses are made on patient history". Most of labs require context for interpretation, so the vast majority of what is collected is statistical noise.
> As long as they de-identify the records — removing information like patient names, locations, and phone numbers — they can give or sell the data to partners for research.
I don’t feel this is enough to deidentify.
If timestamps or a patient # is associated with records, should be possible to combine with credit card records to discover who someone is.
I work in healthcare (though not with any efforts like those described in the article). Anonymizing data is much more complicated than simply removing the obvious PII: depending on what the data is, even things like procedure codes with dates might be enough to identify a patient. HIPAA and other related regs account for this, and have pretty strict procedures that must be followed before data can be considered officially deidentified.
controlling eye balls is the business model of the 21st century. ads, games, videos, vr, the entire web itself. globalization has brought down the costs of production orders of magnitude lower to produce than what they cost before it. the entire global system is designed on the premise that it is possible to sell to Americans cheap products that requires them to work more and more for new shiny things.
if we act to shield prescriber data from corps if that would cut down on shady pharma 'bribes' e.g. the opiate crisis and the some other direct to Dr pharma marketing.
Insys and Purdue knew which doctors prescribed insane amounts of pills. And then rewarded them with $. Insys even put it on paper as ROI and at least a few went to jail.
I'm not sure technically how well (or if legally) it would work though so maybe the answer is not at all.
mckesson would still know what pharmacies pills go to and anyone can figure out where a MD works to correlate at least target zip codes/markets. But maybe since we already have this monopolistic distribution setup could prohibit mckesson from disclosing granular shipment data.
Could someone here comment on whether it's possible to "remix" and generate faked, synthetic data from real data sets like this, and how that could work?
I'm getting my feet wet in the field, but I'm thinking something like the "this face doesn't exist" project but for medical records. I'd love to read a writeup on that!
The author's right about everything but the date this mess started. I worked in Health IT in the early 2010s, and this sort of thing was in full swing by 2013ish. Profitability was clearly the motivation, although the patient (and the true believers employed by the healthcare organizations) were assured that their data would be private, secure, and beneficial to the quality and cost of treatment. I guess the jury's still out on quality.
124 comments
[ 3.7 ms ] story [ 195 ms ] threadIt's all so tiring.
I'm not implying insurance companies are doing this out of altruism. If it resulted in a net decrease in profit, the apps wouldn't exist. But it does seem like a beneficial form of price discrimination. It seems like it's only "disgusting shit" if it makes your insurance premiums go up because you're a less safe driver.
Also the factors the app monitors are not necessarily correlated with risk of a crash in the way we'd expect. For example, if you drive the speed limit or slower on most highways in the US, you will be driving slower than the speed of most traffic, and it's more likely that someone will rear-end you.
The poster I responded to is proposing we deny medical science this data, and that we remain remain sicker and more ignorant about health, because otherwise the discoveries medical science makes might get used by insurers who somehow gain access to our purchasing data later (another thing no one here is proposing they be given).
Auto insurance could maybe do it though.
It's hard to blame smoking insurance costs on 'sin' - it kills people and increases costs for the insurance company, possibly more than any other choice people can make. If you drive in drag races and ask for car insurance, don't be surprised if it costs more.
Maybe some zipcodes drink more than others, but they don't need to figure that out because they can just look at illness rates for the zipcode directly. Same for age and tobacco.
https://www.healthcare.gov/how-plans-set-your-premiums/
After watching the movie "I Care A Lot" (https://www.imdb.com/title/tt9893250/) and reading up the horror stories about forced Guardianship scams in the US (https://www.newyorker.com/magazine/2017/10/09/how-the-elderl...) -- i'd be worried that corporatized Guardianship companies scan medical data en-masse to find victims (with sufficient work and profit motive, it can be de-anon'd)
But the real question should be: why doesn't de-identification work and how to make it work. It is a technical problem, and I thought it was more or less solved. But the author here things it is just placebo. If so, what is the problem exactly? Is there a fundamental problem with the very idea of de-identification? Is there a "bug" in the process? What level is required to conduct these attacks? Can in individual do it? A cybercrime gang? A nation state? Is it only theoretical?
Depending on that, the answer could be very different.
https://en.m.wikipedia.org/wiki/Data_re-identification
I suspect that the more data they have for a particular patient (many visits over multiple years) makes the re-identification process easier. The article mention financial data, if dates and amounts of charges aren't masked or altered that could be cross-referenced with another data source to deduce the person's identity.
So it’s the definition of de-id that doesn’t actually “work” in that it’s possible to reidentify small amounts from de-id data, and that adds up over time.
For example, HIPAA considers data de-id if you remove 19 fields or expert determine that it’s de-id. [0]
What’s expert determination, who’s an export? That’s up to me to decide and my lawyers to accept.
The bug is that if half a percent of people each de-id datasets can be reidentified, likely acceptable in HIPAA, then each data released adds up for reidentified people. And more datasets allow for triangulation and linking to reidentify.
The article calls this out as a risk, not a certainty as it’s unclear if anyone is doing this. But the process would be something like: 1) buy HIPAA de-identified data since it doesn’t require patient consent 2) reidentify patients using other data publicly for sale (marketing data, voter registration, etc) 3) new data is not longer HIPAA restricted and fully identified health records can be sold for whatever you like (eg, super targeted drug marketing)
[0] https://www.hhs.gov/hipaa/for-professionals/privacy/special-...
How much health data is required to distinguish a specific individual even without any "identifying" information? Surely there must be many people with unique combinations of conditions and treatments. If that is so then a data set that includes those people could only ever be pseudonymous, not truly anonymous.
What other data sets might then be combined with the health data to match a pseudonymous record with an identifiable person? Payment records? Travel records? Time off work? Insurance claims?
I don't know much about how the US healthcare system works, but maybe before asking how to make de-identification of health data work we should be asking whether it could ever work effectively at all.
The industry of de-identification has a long history in fact.
It is typical for many types of criminals to employ hard-to-identify outfit and appearance. The work of investigators is to overcome this hardship and identify the criminal. The co-evolution of methods on both sides will never end.
The only way to anonymize the data in a foolproof way is to remove so many features that it becomes useless for statistical research.
Modeling-wise, regression, classification, and clustering alike all rely on being able to construct a model that minimizes entropy. But anonymity relies upon maximizing entropy. This fundamental conflict can't really be resolved. You pick some point in the middle of the spectrum that ends up serving neither purpose well.
Noise and obfuscation can be added to the data such that the unique person it identifies doesn't exist. For example changing the dates by some limited random amount. Replacing values with roughly-similar choices (replace engineer with scientist, replace Mexico with el Salvador, etc.) The technical problem is doing that in a way that doesn't harm its research value, never allows the final set of possible similar identities to be below some lower limit, and can't be reversed of course.
When my wife almost died from an ectopic pregnancy, Enfamil was confident enough of the would-be due date based on data pieces together by a broker to FedEx us a box of formula on the due date.
Third parties get a real time feed of insurance claims, hospital admissions, prescriptions and other data. They put the puzzle together and make an assertion of valuable diagnoses. (Pregnancy, diabetes, etc)
They don’t need to be 100% accurate. The collateral damage of reminding someone who lost a child and nearly lost their life doesn’t have a cost to them.
In many cases, abusing such data will also be profitable even if the result estimate is highly noisy.
Just as an example, let's assume that an insurance company knows your given name when you apply and they have statistical data which shows that if your name belongs to one set of names, you are smoking with a probability of 51%. If you have another name, you are smoking with a probability of 49%, because the correlation is noisy. It is still more lucrative for the company to exclude applicants from the "more likely to smoke" names group, because smoking causes cost. You might never have tried a single cigarette in your life but with the information the company has, it is more profitable to not insure you.
Of course the above is an exaggerated example which would not work out quantitatively (the profit they make by insuring you might be higher than the expected value of risk from smoking) but the principle still holds; it is used for credit scoring and similar things.
If you want to avoid insuring a protected class, you might be able to identify them based on those databases, and use advertising to avoid the folks you don’t want. (This is common for student apartments)
As a technical problem, it is more or less understood to be unsolvable.
The core issue is the more information you strip away, the more sanitized the data is, the less useful it is. Once the statistics of your "representative" set are no longer that (even worse, weirdly biased) you are very limited in what you can do. This works ok if you already 100% know the data you need and don't, but otherwise it falls apart pretty quickly.
On the other hand, relatively small numbers of innocuous data points about individuals will identify them uniquely.
These two points are in fundamental contention.
Imagine you have high quality 3D scans of people. You can strip the names off of the files, but anyone can volume render the data to see what they look like (inside and out).
There are some papers on adjusting the data, while hopefully preserving anything medically important, but that's obviously a challenging problem.
I worked with a hospital awhile back with patient radiological data (for free and for science). Patients had to explicly sign-off that they were sharing their data with us and what we planned to use it for. A lot of the metadata from DICOM wasn't even wiped, I had their names, street addresses, all sorts of stuff which was supposed to be wiped (de-identified).
Even then, I worked with data from a patient with a brain tumor and their neurosurgeon looking to remove it. That data was correctly anonymoized but it was their head, so I could basically reconstruct their face--so is a coarse geomerric sampling of a face de-identified? I guess it depends on how coarse it was.
Just look at what's done with social media, advertising, and browser data to get an idea of where things can go.
This was for a project paternship with a university and hospital to improve patient outcomes with some new exploratory tech approaches. A short document that followed some standard study participation format was generated using easily understandable language in about 1-2 pages IIRC (large fonts so it was easily readable by patients with poor eye-sight). Everything done, including the document, went through an external IRB process for human subject data and was approved. Everyone involved had to go through human subject training and what not.
Physician would mention the study to patients that would likely be good subjects for the work about the work, its goals, if they'd be interested in participating. Forms were then provided to patients involved to sign (explicitly) about their agreement to participate in the effort and how their data would be used, protected, etc. The process also required physician sign-off to confirm they read the document to the patient verbally, determined they were competent, cognizant, not under any sort of duress/intoxication, etc. The patient also needed to verbally acknowledge they agreed. Oh, and there was a clause they could retroactively pull out of the work, including their data at any point of they felt uncomfortable or changed their minds.
The patients and their data weren't the product, tech developed that would assist patients was the product of the data. For patients who agreed, some would also be permitted to see some of the products of the work related to their data. Im forgetting a lot of the data collection process because it was very rigorous and several years ago now, but everything above bar, no dark patterny ah-ha-gotcha! line buried in a 300 page liability sign off they had to agree to for some necessary life saving treatment or anything of that nature.
I even got to meet some of the people we helped which was a bit rewarding to see people's lives improve a bit with technology. The specific patient mentioned and their neurosurgeon even let me sit in on their brain surgery tumor removal (patient's suggestion), which was a very unique experience. So yea, they knew what was going on.
With that said, not all data usage was as transparent and ethical as what I worked with, and I saw a lot of mistakes there that make me cringe thinking what a less ethical business with no transparency might do, given the opportunity.
I’m not sure how to defend against this as it seems based on HIPAA and what it allows. Since de-identified data can be legally sold, I think it will.
The theoretical defense I’ve thought up is a class action lawsuit for synthetic breaches. Since these data are deemed de-identified by expert determination [0] and that’s hazy, if I could reidentify myself after de-id, and I didn’t authorize it, then I could be eligible for breach damages for HIPAA violations up to $50k per person [1].
Since these sets have millions of people, likely everyone in the country. And since expert determination can possibly classify an acceptable re-id risk as less than 1%, this could be a million or two people. So a big enough pool to attract big legal investments.
That would increase the cost and risk of doing this to outweigh the benefits. But currently it’s “free money” for any healthcare system that’s kind of impossible for me as a patient to opt out.
[0] https://www.hhs.gov/hipaa/for-professionals/privacy/special-... [1] https://www.injuryclaimcoach.com/hipaa-violations.html
I hope for all our sakes you are in the business of buying de-identified medical data :)
You may or may not have a private civil tort against the medical provider, separately from HIPAA.
I specifically linked to an injury lawyer to show the types of current HIPAA violation civil suits that have succeeded. My reasoning is that it’s lucrative enough for lawyers to solicit business.
I consider intentional breaches of medical privacy to be in the same league as physical assault and as such would expect a society to respond to these kinds of crimes with swift and severe punishments including jail time and fines.
Why not just arrest these people and take the profits from their crime instead of adding civil lawyers and bureaucracy to the mix?
Can you point to any country with a law on the books like this?
But of course that's not what TFA was about.
[0] https://inspiredelearning.com/blog/hipaa-101-guide-violation...
Right, there are criminal penalties possible under HIPAA (I don't know if anyone has actually gone to jail under them) but they explicitly don't apply to the situation I was replying to (or I misunderstood it).
Disclaimer: I work for a company that uses this data to match terminally ill patients with niche treatments and clinical trials, and the work literally saves and prolongs lives.
Talked with a company that made similar claims about what they are doing, but it turns out they were really ensuring that their users where choosing the medication from the highest bidder rather than the one that was really in the the patient's best interests.
The mental gymnastics they did to justify they were doing what was in the patient's best interests was fun to observe, but in the end they were just a tool of a large pharmaceutical company, exploiting sick people for profit.
Quick cynicism sanity check: who pays your company, your users or the "niche" treatment provider?
If it's the former, that sounds like it's good work.
If it's the latter I would recommend being a bit more skeptical of the business motives of your employer and their customers.
Insurers. They don’t want to pay for the expensive product.
Of course, not only is it distinctly possible to contribute to society and make a profit—it’s basically the only way. In the real world loads of researchers and engineers and other employees aren’t going to work for free to appease random Internet cynics (who rarely if ever make positive contributions to society of their own, mind you), so capital is required which entails investors and returns on investment. Yeah, that means insurers or someone else paying money.
It's surprisingly hard, which is why there is a cottage industry built up around it for clinical trials.
Regardless, getting informed consent for data acquisition is great if you are doing a clinical trial or really looking forward, but for a lot of things you want a ton of retrospective data that can be difficult or impossible to consent.
It's a hard problem. I hope in the future it will be an easy problem, but we aren't there.
I have literally yet to see a medical-adjacent company not default to assuming they’re on the moral high ground.
When I see companies say “we save lives” my initial reaction is no different from companies that say “we hire the best” or laws that “are for the children”.
Maps Street View of 1428 Bush St, San Francisco is more of what I have in mind. But maybe I’ve just passed that building one too many times.
Marketing drugs better isn’t exactly saving lives. Researching drugs should be done through IRB and include patient consent. Of course, there’s great benefit to bypassing ethical controls, but they are still worthwhile.
https://www.nytimes.com/2019/07/23/health/data-privacy-prote...
Conflict of interest regulations should be applied for data, If my data can be used to cause harm to me then you shouldn't have it that's all.
The Expert Determination data would likely be released to you with an agreement that you would not attempt to re-identify the data. So if you then attempted to re-identify the data, even yourself, you would be breaking the terms of the license and I would think liable to civil action from the entity that gave you the data (and their upstreams). I don't think you would win here.
You can either re-identify the people behind the data or you alter it that strong that it becomes useless for meaningful applications.
I recently had a crazy notion for losslessly scrambling the sequence as well. Mostly for protecting voter privacy (order in which ballots are cast). One of the major blockers to fully digital voting.
I haven't found any hits using terms like "cryptographic timestamps." Surely I can't be the first.
Sadly, others will continue to push their harebrained ideas.
One thing I learned as an activist is that offense beats defense. Meaning it's easier to promote a correct solution than oppose all the bad solutions.
So if a digital equivalent of the Australian Ballot system (private voting, public counting) exists, I better find it.
There are other concept in research to still use this data in research like differential privacy or using KI to synthesize data according to training data provided. But so far all concepts that tried to alter and then publish a datasets directly for research failed miserably.
GP said sex and year of birth that are usually perfectly fine for deidentification assuming some basic k-anonymity and l-diversity protections.
It’s frustrating when people bring up examples of reidentification out of data that were not properly reidentified in the first place.
Hopefully no one competent would think that having unique records based on sex, dob, and zip code are makes data deidentified. This is usually the case of someone not actually deidentified.
The bigger risk, I think, is when you have some threshold of at least 10 records sharing sex, year of birth and still iding individuals.
Sex and birth year only creates 100 total buckets for people born in the last 50 years. There is no way you could deanonymize that.
As has been said, I don't think there is a way to anonymize data, that is useful and not reversible when combined with other data. Even if you only have 2 buckets.
For example, perhaps you take data on favorite movies and strip away every bit of PII except sex and birth year (as you stated).
Now let’s say I take the stripped data and target some facebook ads to people of a specific sex and birth year and have the ad be for people who love a certain obscure movie, doubling down on a second obscure movie and so on. Eventually I could have a reasonable chance of determining which other movies a unique individual may like based on the stripped data.
Obviously irrelevant for movies, but more relevant for prescription drug uses, sexual preferences etc.
The point is that with enough outside data available, even data stripped of PII can be de-anonimized.
People don't yet have intuition about this. I still don't even know how to articulate it. Here's a stab:
"With enough data collected, you can uniquely identify people by ruling out everyone else."
Mid 2000s, Seisent was helping law enforcement solve cold cases using big data. In layperson's terms, they'd narrow the list of suspects by ruling out everyone who has a solid alibi.
At the time, that was achieved by building profiles of everyone, living and dead, simply by compiling 1600 publicly available datasets. Like court records and mortgages and whatnot.
Today you'd include location tracking, social media, all financial tracking, etc.
It's remarkable that any crime goes unsolved. Like the back log of rape test kits, it's only because no one cares enough to bother to look.
[0] https://en.akinator.com/
It's a pretty neat idea overall, reminds me of those link-following competitions using Wikipedia where you have to start from a topic and get to another completely unrelated topic solely by recursively chasing links. They both exploit the interconnected nature of our culture, a question (or an article) about a recent TV show providing a clue (or a link) about a pretty unrelated historical character.
The game desperately needs some notion of statistical proximity though, it kept asking whether the character was an actor even after knowing he is a president, it doesn't do _any_ kind of deduction on what it already knows, just mad slash-and-dash till it gets the identifying info.
Practically, this will likely yield the same results.
Remember I'm still struggling with phrasing:
I have no idea how akinator is implemented. 20 questions is traditionally a drill down decision tree. From their blurb, I infer that akinator divines its own decision tree, vs user supplied questions. Clever.
Instead of finding a needle in a haystack, the big data strategy is to progressively remove all the hay until the needle is revealed.
Like the big data equiv of Sherlock Holmes' deduction (logic). "When you have eliminated the impossible, whatever left, however improbable, must be the truth."
Again, am not an academic, philosopher. I don't know what to call this strategy.
It's not logic, reasoning. It's brute force. Test every single possibility to find the matches.
In other words, it's a database query.
Ok, maybe I'm just confusing myself here.
MD5 was a reasonable password hash - until it wasn't. SHA1 was - until it wasn't. Etc.
An article like this can arguably prove that there is no reasonable means of de-identification since multiple data sources can be combined. Combine that with the fact that HIPAA puts pretty high limits on the minimum cohort size that can be associated with a unique identifier and low ROI from actually sharing this data.
Many places end up in a position where it's simply not worth the risk to share.
So, even though each hospital may have a legitimately de-identified dataset in isolation, it is not de-identified when combined with the (also de-identified) data from another hospital. The risk of this attack increases as patients visit more hospitals. We humans are fairly long-lived and tend to move around so it may be substantial. (That being said some hospital systems are quite large like Kaiser Permanente and serve huge areas so visiting multiple hospitals doesn't necessarily create multiple tables.)
[0] https://dataprivacylab.org/dataprivacy/projects/trails/trail...
It'll be much more useful for legal and not-so-legal purposes. And last but not least: insurance. As an aside, privacy enforcement for medical data is much easier through fingerprinting tethered to a NDA.
You are correct that if doctors could be more strategic about how they collect info it would make the job of the data scientist much easier. This is especially true in radiology and pathology.
I don’t feel this is enough to deidentify.
If timestamps or a patient # is associated with records, should be possible to combine with credit card records to discover who someone is.
I wonder if we can request what is shared.
is the price of everything far lower than what is required to sustain the system ?
if we act to shield prescriber data from corps if that would cut down on shady pharma 'bribes' e.g. the opiate crisis and the some other direct to Dr pharma marketing.
Insys and Purdue knew which doctors prescribed insane amounts of pills. And then rewarded them with $. Insys even put it on paper as ROI and at least a few went to jail.
I'm not sure technically how well (or if legally) it would work though so maybe the answer is not at all.
mckesson would still know what pharmacies pills go to and anyone can figure out where a MD works to correlate at least target zip codes/markets. But maybe since we already have this monopolistic distribution setup could prohibit mckesson from disclosing granular shipment data.
I'm getting my feet wet in the field, but I'm thinking something like the "this face doesn't exist" project but for medical records. I'd love to read a writeup on that!