An experimental evaluation of de-identification tools for electronic health records

TL;DR

This paper experimentally evaluates various automated de-identification tools for electronic health records, comparing their effectiveness in reducing privacy risks and information loss to identify the most suitable techniques.

Contribution

It provides an empirical comparison of existing de-identification tools on EHR data, highlighting the superior performance of the generalization method over suppression.

Findings

Generalization reduces disclosure risk more effectively.

Generalization causes less information loss.

Validated as the more appropriate de-identification technique for EHRs.

Abstract

The robust development of Electronic Health Records (EHRs) causes a significant growth in sharing EHRs for clinical research. However, such a sharing makes it difficult to protect patient's privacy. A number of automated de-identification tools have been developed to reduce the re-identification risk of published data, while preserving its statistical meaning. In this paper, we focus on the experimental evaluation of existing automated de-identification tools, as applied to our EHR database, to assess which tool performs better with each quasi-identifiers defined in our paper. Performance of each tool is analyzed wrt. two aspects: individual disclosure risk and information loss. Through this experiment, the generalization method has better performance on reducing risk and lower degree of information loss than suppression, which validates it as more appropriate de-identification technique for EHR databases.