Health Data Privacy
No Need to Fall to Pieces if You Encounter the “Mosaic Effect”
More and more pieces of information, including medical information about you, are being collected from multiple sources by multiple organizations. Using sophisticated techniques, some of this data is integrated into ways that make it easier and potentially more likely to identify you.
This phenomenon is benignly called the Mosaic Effect, where like tiny shards of rock and glass, bits and bytes of data are pieced together in ways that create a fuller picture—of you.
For most of us, there is an expectation of privacy when we share personal information with organizations. But that belief has been shattered numerous times in high-profile cases, such as one involving a customer of AOL, the Internet company. In this instance, the New York Times used data on search queries to re-identify a woman living in Georgia. From her queries, including “dog that urinates on everything,” “numb finger,” and “60 single men,” a Times reporter was able to find her. From the number and type of queries she made on medical conditions, a reader could conclude she had all these maladies, but she explained that she was doing research on behalf of friends.
In another case, supposedly anonymized data on 173 million New York taxi cab trips were decrypted, making it possible to identify drivers, and even infer where they live. It took someone just two hours to harvest the cab-specific data after it was released by city officials in response to a public information request.
Whether data contains information about you, or it’s your job to protect the identities of people in the data, you need to know two things: the risk is real, and there are ways to lower it to an acceptable level. When risks are lowered in medical data, it can be shared for secondary uses, particularly research into disease causation and cures as well as improving how the healthcare system is managed.
- One Year In: How the Opening of Health Canada’s Portal Affects YouMay 4, 2020
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- How does risk-based anonymization work?December 18, 2019
- Why should I use Expert Determination over Safe Harbor?December 18, 2019
- What do I need to know about GDPR, HIPAA and CCPA to meet our regulatory and privacy obligations?December 18, 2019
- Putting our passion into action against COVID-19April 15, 2020
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019