Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Disclosure Risk for Microdata with Continuous Attributes

Published byMay Wilkins Modified over 6 years ago

Similar presentations

Presentation on theme: "Global Disclosure Risk for Microdata with Continuous Attributes"— Presentation transcript:

1 Global Disclosure Risk for Microdata with Continuous Attributes
Traian Marius Truta Northern Kentucky University

2 Traian Truta - Northern Kentucky University
HIPAA Privacy Rule The Health Insurance Portability and Accountability Act (1996) The Privacy Rule protects the privacy of the individually identifiable health information by establishing conditions for its use and disclosure Privacy Rule effective date: 14 April 2003 Define 18 identifiers that must be removed in order to de-identify the data 11/18/2018 Traian Truta - Northern Kentucky University

3 The Identifiers in the Privacy Rule
Names Telephone # Fax # address Social Security # Medical record, prescription # Health Plan beneficiary # Account # Certificates/license # VIN and serial #, license plate # Device identifiers, serial #, Web URLs IP address Biometric identifiers (finger prints) Full face photo images Unique identifying # 11/18/2018 Traian Truta - Northern Kentucky University

4 The Identifiers in the Privacy Rule
Names Telephone # Fax # address Social Security # Medical record, prescription # Health Plan beneficiary # Account # Certificates/license # VIN and serial #, license plate # Device identifiers, serial #, Web URLs IP address Biometric identifiers (finger prints) Full face photo images Unique identifying # Geographic info (including city, state, and zip) Elements of dates 11/18/2018 Traian Truta - Northern Kentucky University

5 De-identification Process
Remove all 18 defined identifiers and no knowledge that remaining information can identify the individual (Safe Harbor) Statistically “de-identified” information where a statistician certifies that there is a “very small” risk that the information could be used to identify the individual 11/18/2018 Traian Truta - Northern Kentucky University

6 Disclosure Control Problem
Individuals Submit Collect Data Masking Process Data Owner Release Receive Masked Data Researcher Intruder 11/18/2018 Traian Truta - Northern Kentucky University

7 Disclosure Control Problem
Individuals Submit Collect Data Confidentiality of Individuals Measures of Disclosure Risk Masking Process Data Owner Preserve Data Utility Measures of Information Loss Release Receive Masked Data Researcher Intruder 11/18/2018 Traian Truta - Northern Kentucky University

8 Disclosure Control Problem
Individuals Submit Collect Data Confidentiality of Individuals Measures of Disclosure Risk Masking Process Data Owner Preserve Data Utility Measures of Information Loss Release Receive Masked Data Researcher Intruder Use Masked Data for Statistical Analysis Use Masked Data and External Data to disclose confidential information External Data 11/18/2018 Traian Truta - Northern Kentucky University

9 Disclosure Control Problem
Individuals This Presentation Submit Collect Data Confidentiality of Individuals Measures of Disclosure Risk Masking Process Data Owner Preserve Data Utility Measures of Information Loss Release Receive Masked Data Researcher Intruder Use Masked Data for Statistical Analysis Use Masked Data and External Data to disclose confidential information External Data 11/18/2018 Traian Truta - Northern Kentucky University

10 General Framework for Microdata
I – Identifier Attributes (Name, SSN, etc. ) K – Key Attributes (Zip Code, Age, Race, etc.) S – Confidential Attributes (Income, Diagnosis, etc.) 11/18/2018 Traian Truta - Northern Kentucky University

11 Disclosure Control Techniques
Different disclosure control techniques are applied to the following initial microdata: RecID Name SSN Age State Diagnosis Income Billing 1 John Wayne 44 MI AIDS 45,500 1,200 2 Mary Gore Asthma 37,900 2,500 3 John Banks 55 67,000 3,000 4 Jesse Casey 21,000 1,000 5 Jack Stone 90,000 900 6 Mike Kopi 45 Diabetes 48,000 750 7 Angela Simms 25 IN 49,000 8 Nike Wood 35 66,000 2,200 9 Mikhail Aaron 69,000 4,200 10 Sam Pall Tuberculosis 34,000 3,100 11/18/2018 Traian Truta - Northern Kentucky University

12 Traian Truta - Northern Kentucky University
Remove Identifiers Identifiers such as Names, SSN etc. are removed RecID Age State Diagnosis Income Billing 1 44 MI AIDS 45,500 1,200 2 Asthma 37,900 2,500 3 55 67,000 3,000 4 21,000 1,000 5 90,000 900 6 45 Diabetes 48,000 750 7 25 IN 49,000 8 35 66,000 2,200 9 69,000 4,200 10 Tuberculosis 34,000 3,100 11/18/2018 Traian Truta - Northern Kentucky University

13 Traian Truta - Northern Kentucky University
Sampling Sampling is the disclosure control method in which only a subset of records is released If n is the number of elements in initial microdata and t the released number of elements we call sf = t / n the sampling factor Simple random sampling is more frequently used. In this technique, each individual is chosen entirely by chance and each member of the population has an equal chance of being included in the sample RecID Age State Diagnosis Income Billing 5 55 MI Asthma 90,000 900 4 44 21,000 1,000 8 35 AIDS 66,000 2,200 9 69,000 4,200 7 25 IN Diabetes 49,000 1,200 11/18/2018 Traian Truta - Northern Kentucky University

14 Traian Truta - Northern Kentucky University
Microaggregation Order records from the initial microdata by an attribute, create groups of consecutive values, replace those values by the group average Microaggregation for attribute Income and minimum size 3 The total sum for all Income values remains the same. RecID Age State Diagnosis Income Billing 2 44 MI Asthma 30,967 2,500 4 1,000 10 45 Tuberculosis 3,100 1 AIDS 47,500 1,200 6 Diabetes 750 7 25 IN 3 55 73,000 3,000 5 900 8 35 2,200 9 4,200 11/18/2018 Traian Truta - Northern Kentucky University

15 Global Disclosure Risk Measures
Assumptions The intruder does not know any confidential information The intruder knows all the key and identifier values for population Objectives DR Measures for specific DC methods (Remove Identifiers, Sampling, Microaggregation, etc.) DR Measures for any combinations of DC methods Proposed measures DRmin  DRW  DRmax 11/18/2018 Traian Truta - Northern Kentucky University

16 Notations for IM and IMM
n – the number of entities in the population. F – the number of clusters with the same values for key attributes. Ak – the set of elements from the k-th cluster for all k, 1  k  F. Fi = | {Ak | |Ak| = i, for all k = 1, .., F } | for all i, 1  i  n. Fi represents the number of clusters with the same length. ni =| {x  Ak | |Ak| = i, for all k = 1, .., F } | for all i, 1  i  n. ni represents the number of records in clusters of length i. 11/18/2018 Traian Truta - Northern Kentucky University

17 Disclosure Risk Measures for Remove Identifiers Method
RecID Age State Diagnosis Income Billing 1 44 MI AIDS 45,500 1,200 2 Asthma 37,900 2,500 3 55 67,000 3,000 4 21,000 1,000 5 90,000 900 6 45 Diabetes 48,000 750 7 25 IN 49,000 8 35 66,000 2,200 9 69,000 4,200 10 Tuberculosis 34,000 3,100 {1, 2, 4} {3, 5, 9} {6, 10} {7} {8} n =10 n1 = 2 n2 = 2 n3 = 6 F = 5 F1 = 2 F2 = 1 F3 = 2 11/18/2018 Traian Truta - Northern Kentucky University

18 Disclosure Risk Measures for Remove Identifiers Method
- percentage of unique records - considers probabilistic linkage - weights defined by data owner w = (w1, w2, …, wN) disclosure risk weight vector. Properties a) wi  R+ for all i = 1, .. , n; b) wi  wj for all i  j, i,j = 1, .. , n; 11/18/2018 Traian Truta - Northern Kentucky University

19 Disclosure Risk Measures for Remove Identifiers Method
RecID Age State Diagnosis Income Billing 1 44 MI AIDS 45,500 1,200 2 Asthma 37,900 2,500 3 55 67,000 3,000 4 21,000 1,000 5 90,000 900 6 45 Diabetes 48,000 750 7 25 IN 49,000 8 35 66,000 2,200 9 69,000 4,200 10 Tuberculosis 34,000 3,100 n =10 n1 = 2 n2 = 2 n3 = 6 F = 5 F1 = 2 F2 = 1 F3 = 2 w1 = (5, 5, 0, 0, ..., 0) w2 = (4, 3, 3, 0, ..., 0) DRmin DRw1 DRw2 DRmax 0.2 0.3 0.425 0.5 11/18/2018 Traian Truta - Northern Kentucky University

20 Disclosure Risk Measures for RI Method with Continuous Attribute
What if the intruder has only approximations of income? RecID Income State Diagnosis Billing 1 23,001 MI AIDS 1,200 2 23.005 Asthma 2,500 3 67,000 3,000 4 22,998 1,000 5 66,975 900 6 49,001 Diabetes 750 7 49,000 IN 8 67,010 2,200 9 67,006 4,200 10 23,003 Tuberculosis 3,100 n =10 n1 = 10 n2 = 0 n3 = 0 F = 10 F1 = 10 F2 = 0 F3 = 0 w1 = (5, 5, 0, 0, ..., 0) w2 = (4, 3, 3, 0, ..., 0) DRmin DRw1 DRw2 DRmax 1 11/18/2018 Traian Truta - Northern Kentucky University

21 Disclosure Risk Measures for RI Method with Continuous Attribute
We consider vicinity sets! RecID Income State Diagnosis Billing 1 23,001 MI AIDS 1,200 2 23.005 Asthma 2,500 3 67,000 3,000 4 22,998 1,000 5 66,975 900 6 49,001 Diabetes 750 7 49,000 IN 8 67,010 2,200 9 67,006 4,200 10 23,003 Tuberculosis 3,100 n =10 n1 = 2 n2 = n3 = 0 n4 = 8 F = 4 F1 = 2 F2 = F3 = 0 F4 = 2 w1 = (5, 5, 0, 0, ..., 0) w2 = (4, 3, 3, 0, ..., 0) DRmin DRw1 DRw2 DRmax 0.2 0.4 11/18/2018 Traian Truta - Northern Kentucky University

22 Notations for Masked Microdata
f – the number of clusters with the same values for key attributes in M. We cluster all records from M based on their key values. Bk – the set of elements from the k-th cluster for all k, 1  k  f. fi = | {Bk | |Bk| = i, for all k = 1, .., f } | for all i, 1  i  n. fi represents the number of clusters with the same length. ti =| {x  Bk | |Bk| = i, for all k = 1, .., f } | for all i, 1  i  n. ti represents the number of records in clusters of length i. C – the classification matrix. For all i, j = 1, .., n; cij ==| {x  Bk and x  Ap | |Bk| = i, for all k = 1, .., f and |Ap| = j, for all p = 1, .., F }|. Each element of C, cij, represents the number of records that appears in clusters of size i in the masked microdata and appeared in clusters of size j in the initial masked microdata. 11/18/2018 Traian Truta - Northern Kentucky University

23 Algorithm for Creating Classification Matrix
Initialize each element from C with 0. For each element s from masked microdata MM do Count the number of occurrences of key values of s in masked microdata MM.Let i be this number. Count the number of occurrences of key values of s in initial microdata IM.Let j be this number. Increment cij by 1. End for. 11/18/2018 Traian Truta - Northern Kentucky University

24 Disclosure Risk Measures for Microaggregation Method
What if data is continuous ? 11/18/2018 Traian Truta - Northern Kentucky University

25 Disclosure Risk Measures for Microaggregation Method
Initial Microdata RecID Name SSN Income Sex Diagnosis 1 John Wayne 23,104 Male AIDS 2 Pete Gore 23,100 Asthma 3 John Banks 22,991 4 Jessica Casey 64,999 Female 5 Mary Stone 65,001 6 Patricia Kopi 65,005 Diabetes 7 Stan Simms 22,989 8 Kim Wood 65,007 11/18/2018 Traian Truta - Northern Kentucky University

26 Disclosure Risk Measures for Microaggregation Method
Univariate microaggregation for attribute Age and size = 2,4,8; RecID Income Sex Diagnosis 1 23,102 Male AIDS 2 Asthma 3 22,990 4 65,000 Female 5 6 65,006 Diabetes 7 8 RecID Income Sex Diagnosis 1 22,996 Male AIDS 2 Asthma 3 4 65,003 Female 5 6 Diabetes 7 8 RecID Income Sex Diagnosis 1 43,999.5 Male AIDS 2 Asthma 3 4 Female 5 6 Diabetes 7 8 Masked Microdata 1 Masked Microdata 2 Masked Microdata 3 11/18/2018 Traian Truta - Northern Kentucky University

27 Disclosure Risk Measures for Microaggregation Method
11/18/2018 Traian Truta - Northern Kentucky University

28 Disclosure Risk Measures for Microaggregation Method
Example – Disclosure risk values NO VICINITY! W1 W2 W3 W4 MM0 1 MM1 0.50 0.25 MM2 MM3 11/18/2018 Traian Truta - Northern Kentucky University

29 Disclosure Risk Measures for Microaggregation Method
Example – Disclosure risk values WITH VICINITY! W1 W2 W3 W4 MM0 0.25 MM1 MM2 MM3 11/18/2018 Traian Truta - Northern Kentucky University

30 General Disclosure Risk Measures
icfk – inversion-change factor for attribute k p – number of key attributes v – binary vector associated to key attribute 11/18/2018 Traian Truta - Northern Kentucky University

31 Traian Truta - Northern Kentucky University
Experimental Data Simulated medical record billing data Age, Sex, Zip and Amount_Billed Three initial microdata: n = 1,000 (called IM1000) n = 5,000 (IM5000) n = 25,000 (IM25000) Key attributes: KA1 = {Age, Sex, Zip} KA2 = {Age, Sex} 11/18/2018 Traian Truta - Northern Kentucky University

32 Results for Sampling and Microaggregation
Sampling, followed by microaggregation for Age when IM5000 and KA1 are used. 11/18/2018 Traian Truta - Northern Kentucky University

33 Results for Sampling and Microaggregation
Sampling and microaggregation for Age when IM5000 and KA1 are used. 11/18/2018 Traian Truta - Northern Kentucky University

34 Traian Truta - Northern Kentucky University
Conclusions The data owner may customize its disclosure risk measure to reflect better the characteristics of the microdata. Privacy requirements may help data owner to define the disclosure risk weight matrix. Importance of masking key attributes with small vicinity sets 11/18/2018 Traian Truta - Northern Kentucky University

35 Traian Truta - Northern Kentucky University
Future Work Our experiments were focused on healthcare microdata; experiments for other types of data, such as financial data are needed. To study disclosure control for microdata under the assumption that the initial microdata is frequently updated (Dynamic Disclosure Control) 11/18/2018 Traian Truta - Northern Kentucky University

36 Traian Truta - Northern Kentucky University
Some Papers Details about DR Measures “Disclosure Risk Measures for Sampling Disclosure Control Method,” to appear in the Proceedings of ACM Symposium on Applied Computing (SAC2004), special track on Computer Applications in Health Care (COMPAHEC2004), Nicosia, Cyprus “Disclosure Risk Measures for Microdata,” Proceedings of the International Conference on Scientific and Statistical Database Management (SSDBM2003), Cambridge, Ma, pp. 15 – 22, 2003 Information Loss Measures “Privacy and Confidentiality Management for the Microaggregation Disclosure Control Method,” Proceedings of the Workshop on Privacy and Electronic Society (WPES2003), In Conjunction with 10th ACM CCS, Washington DC, pp. 21 – 30, 2003 Automatic Masked Microdata Generator “Automatic Generation of Masked Microdata,” to appear in the Acta Universitatis Apulensis, Alba Iulia, Romania 11/18/2018 Traian Truta - Northern Kentucky University

37 Traian Truta - Northern Kentucky University
Acknowledgements Dr. Farshad Fotouhi Dr. Daniel Barth-Jones 11/18/2018 Traian Truta - Northern Kentucky University

38 Traian Truta - Northern Kentucky University
Questions? 11/18/2018 Traian Truta - Northern Kentucky University

Download ppt "Global Disclosure Risk for Microdata with Continuous Attributes"

Similar presentations

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.

Tracking Meeting Khaled El Emam, CHEO RI & uOttawa.
HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *http://www.hhs.gov/ocr/combinedregtext.pdf.

HIPAA Privacy Rule “Standards for Privacy of Individually Identifiable Health Information” 45 CFR 160 and 164* *
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.

HIPAA Training for Pharmaceutical Industry Representatives University of Utah Hospitals & Clinics.
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
HIPAA Requirements for Patient Oriented Research

HIPAA Requirements for Patient Oriented Research
Informed Consent.

Informed Consent.
Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.

Health Insurance Portability & Accountability Act “HIPAA” To every patient, every time, we will provide the care that we would want for our own loved ones.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Protecting Client Data HIPAA, HITECH and PIPA Part 1A

Protecting Client Data HIPAA, HITECH and PIPA Part 1A
HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.

HIPAA Training Presentation for New Employees How did we get here? HIPAA Police 1.
Health information security & compliance

Health information security & compliance
CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join.

CCHAP Practice Manager’s Meeting HIPAA Guidelines and Updates for Primary Care Practices Thursday October 24 th 2013 Noon – 1:00PM Instructions to join.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.

SPECIAL DIABETES PROGRAM FOR INDIANS Competitive Grant Program Special Diabetes Program for Indians Competitive Grant Program SPECIAL DIABETES PROGRAM.
HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.

HIPAA, Researchers and the IRB Alan Homans, IRB Chair and Nancy Stalnaker, IRB Administrator.
Public Aggregate Reporting – DHCS Business Reports Overview

Public Aggregate Reporting – DHCS Business Reports Overview
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Similar presentations

Ads by Google