Health Data Re-Identification: Assessing Adversaries and Potential Harms

Stud Health Technol Inform. 2024 Aug 22:316:1199-1203. doi: 10.3233/SHTI240626.

Abstract

Sharing biomedical data for research can help to improve disease understanding and support the development of preventive, diagnostic, and therapeutic methods. However, it is vital to balance the amount of data shared and the sharing mechanism chosen with the privacy protection provided. This requires a detailed understanding of potential adversaries who might attempt to re-identify data and the consequences of their actions. The aim of this paper is to present a comprehensive list of potential types of adversaries, motivations, and harms to targeted individuals. A group of 13 researchers performed a three-step process in a one-day workshop, involving the identification of adversaries, the categorization by motivation, and the deduction of potential harms. The group collected 28 suggestions and categorized them into six types, each associated with several of six distinct harms. The findings align with previous efforts in structuring threat actors and outcomes and we believe that they provide a robust foundation for evaluating re-identification risks and developing protection measures in health data sharing scenarios.

Keywords: Anonymization; De-Anonymization; De-Identification; Health Data; Re-Identification; Risk Assessment.

MeSH terms

  • Computer Security*
  • Confidentiality*
  • Humans
  • Information Dissemination*