NIH | National Cancer Institute | NCI Wiki  

Versions Compared

Old Version 39

changes.mady.by.user Klinger, Carolyn (NIH/NCI) [C]

Saved on

compared with

New Version 40

changes.mady.by.user Unknown User (103059662206942693596)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • A paper in BMJ and Trials [Hrynaszkiewicz et al] in which the editor said it's okay to keep three patient characteristics, but more than that requires expert statistical analysis of re-identification risk.
  • For this report, David C. is leaning towards saying that if any characteristics are retained, a statistical analysis should be performed, based on evaluation in IOM Report Sharing Clinical Trial Data: Maximizing Benefits, Minimizing Risk that suggest no empirical basis for rule of two or three quasi-identifiers (Appendix B  [El Emam & Malin]).
  • Fred asks what the risk threshold we are comfortable with. David says we need the analysis first, then compare that against the risk threshold.
  • David recommends this for the report: Choose a risk threshold, do the analysis, and modify/share your data based upon that analysis.
  • Is this a reasonable recommendation given that none of us are doing the statistical analysis routinely?
  • David Gutman: Studies that leave out age and sex are not interesting.
  • Some TCIA collections are useful even without age and sex.
  • HIPAA Safe Harbor is only useful in the US. We are trying to do more than these 18 elements when it comes to de-id.
  • In radiology we have traditionally just relied on lists.
  • Information can be derived or approximated from images. If pixel data render the data unique, change it to make it less recognizable or delete it. The analysis can lead you to a decision on how to handle this.
  • We would be better off recommending this and then over the next several years, hopefully there will be more research into practical ways of doing this. 
  • Invite selected people from the statistical disclosure community to comment on this and say which tools they use. 
  • In Europe, GDPR has gotten to the point where you can't share any data. Do we want to go that route?
  • Rather than get so extreme, maybe just leave age out of this data, or change it to meet the risk threshold.
  • Is there a scalable way to do this?
  • Radiology has been immature about this and has not considered existing research into approaches.
  • David C. recommends that we read the CAR papers.: Canadian Association of Radiologists White Paper on De-Identification of Medical Imaging:
  • David G: I realize this is a nuance.. but if we recommend X, and many of the people on this group don't currently do X because it's extremely difficult/nebulous. do we shoot ourselves in the foot? bone density?
  • Fred: Hospitals in different countries. Multiple ethics review boards in the same country. Need a threshold that is agreed upon if you are going to de-id anything.
  • The risk is finite, so we need to pick a threshold.
  • Threshold: Probability of re-id based on threat model. Pick the most conservative one and compute the probability. 
  • Justin: I'd be very interested to try applying one or two of these automated tools David mentioned against a couple of TCIA datasets to see what happens and help inform the recommendation in the report.
  • David C: Yes, let's try this.
  • People need to balance utility and risk and insure themselves in the meantime.
  • Brian: Utility has zero value to legal people. Risk is always increasing because technology gets better and better.
  • Countermeasures which hopefully will keep everything balanced. With released data, unless you are going to pull it back and not release it, the risk always goes up.
  • Should we get a guest speaker for the next meeting? Group says yes.

...