Page History
...
- Insider attack
- Outsider attack
- Schwartz et al experiment is difficult to extrapolate from but has a lot of impact on the common understanding of the capabilities of AI.
- Real-world numbers: How many people in the US with gliomas to compare with? 100,000 over a 5-year period, 65 median age.
- If we train on reconstructions, how can you quantify reconstructions?
- Literature needed to inform the HIPAA regulation writers.
- Neuroimaging bias in this context. The wrong conclusions can be reached quickly.
- HIPAA has the statistical arm and the 18 elements arm. Peoples faces may not be useful in a specific context that can be shown statistically.
- Do we need to write a paper or do an experiment? Can we do experiments with data that could risk its status?
- We need a statistical expert who is familiar with quantifying reidentification risk.
- Judy would love to run experiments.
- Could we do experiments with TCIA data? License, data use agreements...
- Judy said she was able to get her IRB to approve experiments with head-neck data.
- Create a sub-group of this task group to plan these experiments.
- Can we apply Facebook's re-id algorithm to a "very large" site (with enough patients to achieve statistical validity on its own)? Federated experiment that aggregates findings to avoid risking re-identification of any individual institution's data. Could get approval for something like this.
- Brian Bialecki: coordinating centers that know the location of the sites submitting the data, even if they don't retain the patients identities, could be used to reject/narrow matches, since a match to a different geographic location than the catchment region of the site could be assumed to be a false positive.
January 11, 2022 Meeting
WebEx recording of the 01/11/2022 meeting
Interim Report Best Practices And Recommendations Extract as of 20220107
- Fred asked if the report should be focused on the US given that the details can differ geographically.
- Data created from European persons may not satisfy GDPR.
- We should highlight when this is true, along with caveats and any possible workarounds.
- Fred likes the ideas of universal guidelines to recommend to the EU.
- We will share the report with international colleagues once it the report is fleshed out.
- California regulations exclude healthcare data.
- Is it fair to focus on ethical and moral concerns as well as the legal concerns? We're trying to reduce the actual re-id risk and harm.
- So far we're focused on DICOM images.
- Kathy: Say anything about raw data signals?
- Wyatt: DICOM SR objects and embedded PDFs? Non-image objects, RT plans.
- Need a more precise definition for unrecognized. It is the opposite of "what is known to be safe."
- Specify what constitutes due diligence as you conduct your risk analysis. Can't help the unknown unknowns.
- Make the definition of collection clear. Collection doesn't communicate "version."
- "Release" not as good as "collection."
- "Indirect" and "direct" identifiers, sensitive information–a disease that may make someone discriminate against you or function as an indirect identifier.
- Ideally, you'd want to quantify the percentage of data elements you will be retaining.
- The paper will highlight the uncertainty.
- Steve: Address optional attributes as well.
- Calibration information can identify the machine used.
- Consistency of acquisition protocols.
- Need to consider and determine which options to the profile are selected.
- Part 15 and best practices are different.
- Only got through item 6 in the Summary of Best Practices. Will pick this up at the next meeting. To save time, team members can send David their comments in writing.
Action: Review the Interim Report and email David Clunie your comments.