A Review of Anonymization for Healthcare Data

TL;DR

This paper reviews anonymization techniques for healthcare data, highlighting their importance, limitations, and the need for additional privacy measures to prevent re-identification attacks.

Contribution

It provides a comprehensive overview of existing anonymization methods, their applicability to different data types, and discusses potential attacks and protections.

Findings

Anonymization is necessary but not sufficient for privacy.

Reconstruction attacks can compromise anonymized data.

Tools exist to implement various anonymization techniques.

Abstract

Mining health data can lead to faster medical decisions, improvement in the quality of treatment, disease prevention, reduced cost, and it drives innovative solutions within the healthcare sector. However, health data is highly sensitive and subject to regulations such as the General Data Protection Regulation (GDPR), which aims to ensure patient's privacy. Anonymization or removal of patient identifiable information, though the most conventional way, is the first important step to adhere to the regulations and incorporate privacy concerns. In this paper, we review the existing anonymization techniques and their applicability to various types (relational and graph-based) of health data. Besides, we provide an overview of possible attacks on anonymized data. We illustrate via a reconstruction attack that anonymization though necessary, is not sufficient to address patient privacy and discuss methods for protecting against such attacks. Finally, we discuss tools that can be used to achieve anonymization.