Accepted for/Published in: JMIR AI
Date Submitted: Aug 21, 2023
Open Peer Review Period: Aug 21, 2023 - Oct 16, 2023
Date Accepted: Feb 19, 2024
(closed for review but you can still tweet)
Re-identification of Participants in Shared Clinical Datasets: Privacy Risk Analysis
ABSTRACT
Background:
Large, curated datasets are required to leverage speech-based tools in healthcare. These are costly to produce, resulting in increased interest in data sharing. As speech can potentially identify speakers (i.e., voiceprints), sharing recordings raises privacy concerns. This is especially relevant when working with patient data protected under HIPAA.
Objective:
We aimed to determine the re-identification risk for speech recordings, without reference to demographics or metadata, in clinical datasets, considering both the size of the 'search space', i.e., the number of comparisons that must be considered when re-identifying, and the nature of the speech recording, i.e., the type of speech task.
Methods:
Using a state-of-the art speaker identification model, we model an adversarial attack scenario where-in an adversary uses a large dataset of identified speech (hereafter the 'known' set) to re-identify as many unknown speakers in a shared dataset (hereafter the 'unknown' set) as possible. We first considered the effect of search space size by attempting re-identification with various sizes of known and unknown sets using VoxCeleb, a dataset with recordings of natural, connected speech from over 7000 healthy speakers. We then repeated these tests with different types of recordings in each set to examine whether the nature of a speech recording influences re-identification risk. For these tests, we used our clinical dataset composed of recordings of elicited speech tasks from 941 speakers.
Results:
We found that the risk is inversely related to the number of comparisons an adversary must consider, i.e., the ‘search space’, with a positive linear correlation between the number of false acceptances and number of comparisons (r = 0.69, P < .001). In effect, risk is high for a small search space but drops as the search space grows (precision > 0.85 for < 1∗10^6 comparisons, precision < 0.5 for > 3∗10^6 comparisons. We also found that the nature of a speech recording influences re-identification risk, with non-connected speech (e.g., vowel prolongation, precision = 0) being harder to identify than connected speech (e.g., sentence repetition, precision = 0.665).
Conclusions:
Our findings suggest that speaker identification models can be used to re-identify participants in specific circumstances, but in practice, the re-identification risk appears small. The variation in risk due to search space size and type of speech task additionally provides actionable recommendations to further increase participant privacy and considerations for policy around public release of speech recording.
Citation
Request queued. Please wait while the file is being generated. It may take some time.
Copyright
© The authors. All rights reserved. This is a privileged document currently under peer-review/community review (or an accepted/rejected manuscript). Authors have provided JMIR Publications with an exclusive license to publish this preprint on it's website for review and ahead-of-print citation purposes only. While the final peer-reviewed paper may be licensed under a cc-by license on publication, at this stage authors and publisher expressively prohibit redistribution of this draft paper other than for review purposes.