JMIR Publications

ABSTRACT

Background:

The Observational Medical Outcomes Partnership Common Data Model (OMOP-CDM) defined by the non-profit organization, Observational Health Data Sciences and Informatics (OHDSI), is gaining attention for its use in the analysis of patient-level clinical data from various medical institutions. To analyze these data in a public environment, such as a cloud system, an appropriate de-identification strategy is required.

Objective:

This study proposes a de-identification strategy, which is composed of several rules used along with the k-anonymity, l-diversity, and t-closeness privacy models. Then, the proposed strategy is evaluated in the actual CDM database.

Methods:

The CDM database used in this study was constructed by the Anam Hospital of Korea University. For analysis and evaluation, the ARX anonymizing framework was used with the k-anonymity, l-diversity, and t-closeness models.

Results:

The CDM database, constructed according to the rules established by OHDSI, exhibited a low risk of re-identification. The DRUG_EXPOSURE table exhibited the highest re-identifiable record rate in the dataset (11.3%) with a re-identification success rate of 0.03%. However, because all tables include at least one ‘highest risk’ value of 100%, suitable anonymizing techniques are needed. Because the CDM database preserves the ‘source values’ (raw data), and the combination of source values increases the risk of re-identification, this study proposes an enhanced de-identification strategy for the source values. When applying this strategy, the highest risk in the k-anonymity, l-diversity, and t-closeness privacy models is significantly reduced, and the overall possibility of re-identification is also reduced.

Conclusions:

Thus, through de-identification via our proposed method, the privacy of the CDM database can be improved. Based on the enhanced privacy of the CDM database, clinical research involving multiple centers is expected to be encouraged.