JMIR Publications

ABSTRACT

Background:

Over the past three decennial censuses, the population of the United States has grown older, with the proportion of individuals at least 90 years old in the 2010 census being more than two and a half times what it was in the 1980 census. This suggests that the threshold for constraining age introduced in the “Safe Harbor” method of the Health Insurance Portability and Accountability Act in 1996 may be increased without exceeding the original levels of risk. This is desirable to maintain or even increase the utility of affected datasets without compromising privacy.

Objective:

In light of the upcoming release of 2020 census data, we present a straightforward recipe for updating age constraining thresholds in the context of new census data, and derive recommendations for new thresholds from the 2010 census.

Methods:

Using census data dating back to 1980, we use group size considerations to analyze the risk associated with various maximum age thresholds over time. We infer the level risk of the age 90 cutoff at the time of HIPAA’s inception in 1996, and use this as a baseline from which to recommend updated cutoffs.

Results:

The maximum age threshold may be increased by at least two years without exceeding the levels of risk conferred in HIPAA’s original recommendations. Moreover, in the presence of additional information that a restricts the population in question to a known subgroup with increased longevity (for example, restricting to females), the threshold may be increased further.

Conclusions:

Increasing the maximum age threshold would enable the data user to gain more utility from the data without introducing risk beyond what was originally envisioned with the enactment of HIPAA. Going forward, a recurring update of such thresholds is advised, in line with the considerations detailed in the paper.