Patient datasets often contain sensitive information and there is always a chance that the data might fall into the wrong hands and be misused. But now researchers have found that simply changing the dates can reduce the risk of re-identification of patients participating in a research.
“Researchers typically get access to de-identified data, that is, data without any personal identifying information, such as names, addresses, and Social Security numbers. However, this may not be sufficient to protect the privacy of individuals participating in a research study,” said study author Giske Ursin, Director of Cancer Registry of Norway, Institute of Population-based Research.
Ursin and her team also developed two de-identification methods and used k-anonymisation to significantly reduce the risk of re-identification by someone who had access to some of the information about the patients in the dataset.
The researchers used a dataset of 5 million patient records from a large cervical cancer screening programme in Norway to test the effectiveness of their methods.
“We found that changing the dates using the standard procedure of k-anonymisation drastically reduced the chances of re-identifiying most individuals in the dataset,” Ursin said.
“Every time a research group requests permission to access a dataset, data custodians should ask the question, ‘What information do they really need and what are the details that are not required to answer their research question,’ and make every effort to collapse and fuzzy the data to ensure protection of patients’ privacy,” Ursin added.
Many countries across the world take adequate safeguarding measures to protect patient data. However, given the increasing trend of data generation, its sharing and evolution of big-data analytics in healthcare, data custodians need to be extra careful that patient information does not fall into the hands of someone with malicious intent.
Therefore in a country like India, where digitalisation of healthcare is taking place at an accelerated rate, there is a growing need to keep in mind the potential challenges involving patient data protection and evolve effective strategies to prevent its misuse.