Utility-preserving anonymization for health data publishing

Hyukki Lee, Soohyung Kim, Jong Wook Kim, Yon Dohn Chung

Research output: Contribution to journalArticle

11 Citations (Scopus)

Abstract

Background: Publishing raw electronic health records (EHRs) may be considered as a breach of the privacy of individuals because they usually contain sensitive information. A common practice for the privacy-preserving data publishing is to anonymize the data before publishing, and thus satisfy privacy models such as k-anonymity. Among various anonymization techniques, generalization is the most commonly used in medical/health data processing. Generalization inevitably causes information loss, and thus, various methods have been proposed to reduce information loss. However, existing generalization-based data anonymization methods cannot avoid excessive information loss and preserve data utility. Methods: We propose a utility-preserving anonymization for privacy preserving data publishing (PPDP). To preserve data utility, the proposed method comprises three parts: (1) utility-preserving model, (2) counterfeit record insertion, (3) catalog of the counterfeit records. We also propose an anonymization algorithm using the proposed method. Our anonymization algorithm applies full-domain generalization algorithm. We evaluate our method in comparison with existence method on two aspects, information loss measured through various quality metrics and error rate of analysis result. Results: With all different types of quality metrics, our proposed method show the lower information loss than the existing method. In the real-world EHRs analysis, analysis results show small portion of error between the anonymized data through the proposed method and original data. Conclusions: We propose a new utility-preserving anonymization method and an anonymization algorithm using the proposed method. Through experiments on various datasets, we show that the utility of EHRs anonymized by the proposed method is significantly better than those anonymized by previous approaches.

Original languageEnglish
Article number104
JournalBMC Medical Informatics and Decision Making
Volume17
Issue number1
DOIs
Publication statusPublished - 2017 Jul 11

Fingerprint

Health
Privacy
Electronic Health Records
Data Anonymization

Keywords

  • Data anonymization
  • K-anonymity
  • Medical privacy
  • Utility-preserving data publishing

ASJC Scopus subject areas

  • Health Policy
  • Health Informatics

Cite this

Utility-preserving anonymization for health data publishing. / Lee, Hyukki; Kim, Soohyung; Kim, Jong Wook; Chung, Yon Dohn.

In: BMC Medical Informatics and Decision Making, Vol. 17, No. 1, 104, 11.07.2017.

Research output: Contribution to journalArticle

@article{28904027236743bdb2e61d3161c5c52a,
title = "Utility-preserving anonymization for health data publishing",
abstract = "Background: Publishing raw electronic health records (EHRs) may be considered as a breach of the privacy of individuals because they usually contain sensitive information. A common practice for the privacy-preserving data publishing is to anonymize the data before publishing, and thus satisfy privacy models such as k-anonymity. Among various anonymization techniques, generalization is the most commonly used in medical/health data processing. Generalization inevitably causes information loss, and thus, various methods have been proposed to reduce information loss. However, existing generalization-based data anonymization methods cannot avoid excessive information loss and preserve data utility. Methods: We propose a utility-preserving anonymization for privacy preserving data publishing (PPDP). To preserve data utility, the proposed method comprises three parts: (1) utility-preserving model, (2) counterfeit record insertion, (3) catalog of the counterfeit records. We also propose an anonymization algorithm using the proposed method. Our anonymization algorithm applies full-domain generalization algorithm. We evaluate our method in comparison with existence method on two aspects, information loss measured through various quality metrics and error rate of analysis result. Results: With all different types of quality metrics, our proposed method show the lower information loss than the existing method. In the real-world EHRs analysis, analysis results show small portion of error between the anonymized data through the proposed method and original data. Conclusions: We propose a new utility-preserving anonymization method and an anonymization algorithm using the proposed method. Through experiments on various datasets, we show that the utility of EHRs anonymized by the proposed method is significantly better than those anonymized by previous approaches.",
keywords = "Data anonymization, K-anonymity, Medical privacy, Utility-preserving data publishing",
author = "Hyukki Lee and Soohyung Kim and Kim, {Jong Wook} and Chung, {Yon Dohn}",
year = "2017",
month = "7",
day = "11",
doi = "10.1186/s12911-017-0499-0",
language = "English",
volume = "17",
journal = "BMC Medical Informatics and Decision Making",
issn = "1472-6947",
publisher = "BioMed Central",
number = "1",

}

TY - JOUR

T1 - Utility-preserving anonymization for health data publishing

AU - Lee, Hyukki

AU - Kim, Soohyung

AU - Kim, Jong Wook

AU - Chung, Yon Dohn

PY - 2017/7/11

Y1 - 2017/7/11

N2 - Background: Publishing raw electronic health records (EHRs) may be considered as a breach of the privacy of individuals because they usually contain sensitive information. A common practice for the privacy-preserving data publishing is to anonymize the data before publishing, and thus satisfy privacy models such as k-anonymity. Among various anonymization techniques, generalization is the most commonly used in medical/health data processing. Generalization inevitably causes information loss, and thus, various methods have been proposed to reduce information loss. However, existing generalization-based data anonymization methods cannot avoid excessive information loss and preserve data utility. Methods: We propose a utility-preserving anonymization for privacy preserving data publishing (PPDP). To preserve data utility, the proposed method comprises three parts: (1) utility-preserving model, (2) counterfeit record insertion, (3) catalog of the counterfeit records. We also propose an anonymization algorithm using the proposed method. Our anonymization algorithm applies full-domain generalization algorithm. We evaluate our method in comparison with existence method on two aspects, information loss measured through various quality metrics and error rate of analysis result. Results: With all different types of quality metrics, our proposed method show the lower information loss than the existing method. In the real-world EHRs analysis, analysis results show small portion of error between the anonymized data through the proposed method and original data. Conclusions: We propose a new utility-preserving anonymization method and an anonymization algorithm using the proposed method. Through experiments on various datasets, we show that the utility of EHRs anonymized by the proposed method is significantly better than those anonymized by previous approaches.

AB - Background: Publishing raw electronic health records (EHRs) may be considered as a breach of the privacy of individuals because they usually contain sensitive information. A common practice for the privacy-preserving data publishing is to anonymize the data before publishing, and thus satisfy privacy models such as k-anonymity. Among various anonymization techniques, generalization is the most commonly used in medical/health data processing. Generalization inevitably causes information loss, and thus, various methods have been proposed to reduce information loss. However, existing generalization-based data anonymization methods cannot avoid excessive information loss and preserve data utility. Methods: We propose a utility-preserving anonymization for privacy preserving data publishing (PPDP). To preserve data utility, the proposed method comprises three parts: (1) utility-preserving model, (2) counterfeit record insertion, (3) catalog of the counterfeit records. We also propose an anonymization algorithm using the proposed method. Our anonymization algorithm applies full-domain generalization algorithm. We evaluate our method in comparison with existence method on two aspects, information loss measured through various quality metrics and error rate of analysis result. Results: With all different types of quality metrics, our proposed method show the lower information loss than the existing method. In the real-world EHRs analysis, analysis results show small portion of error between the anonymized data through the proposed method and original data. Conclusions: We propose a new utility-preserving anonymization method and an anonymization algorithm using the proposed method. Through experiments on various datasets, we show that the utility of EHRs anonymized by the proposed method is significantly better than those anonymized by previous approaches.

KW - Data anonymization

KW - K-anonymity

KW - Medical privacy

KW - Utility-preserving data publishing

UR - http://www.scopus.com/inward/record.url?scp=85026288610&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85026288610&partnerID=8YFLogxK

U2 - 10.1186/s12911-017-0499-0

DO - 10.1186/s12911-017-0499-0

M3 - Article

C2 - 28693480

AN - SCOPUS:85026288610

VL - 17

JO - BMC Medical Informatics and Decision Making

JF - BMC Medical Informatics and Decision Making

SN - 1472-6947

IS - 1

M1 - 104

ER -