Accepted for/Published in: JMIR Medical Informatics
Date Submitted: Dec 15, 2018
Open Peer Review Period: Dec 18, 2018 - Feb 12, 2019
Date Accepted: Sep 26, 2019
(closed for review but you can still tweet)
A case study on the privacy risks of Chinese electronic health records data
ABSTRACT
Patient privacy is a ubiquitous problem around the world. Due to the increasing need of data sharing and analysis, healthcare data privacy is getting more and more attention. In China, there is no clear regulation for the health systems to de-identify data. It is not clear whether a mechanism like Health Insurance Portability and Accountability Act (HIPAA) safe harbor will achieve sufficient protection when applied. In this paper, we conducted a pilot study using electronic healthcare data from Chinese hospitals to understand the problem and quantify the risks. We use g-distinct analysis to evaluate the re-identification risks in regard to the HIPAA safe harbor approach when applied to Chinese EHR data. Since the experimental data is over 0.83 million and cover 33 Provincial-level Administrative Divisions in China, we also study the relationship between distinct individuals and the underlying populations. The experimental results of g-distinct analysis about Chinese EHR data is similar with the previous US study, which laid the foundation of privacy risk study about Chinese EHR data in the future.
Citation
Per the author's request the PDF is not available.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.