Re-identification Risk Assessment and Anonymization (SAMPLE REPORT)
Transcription
Re-identification Risk Assessment and Anonymization (SAMPLE REPORT)
Re-identification Risk Assessment and Anonymization (SAMPLE REPORT) Date Signature: Khaled El Emam ;date 1 2 Table of Contents Anonymization Methodology Review (SAMPLE REPORT) .......................................................................... 1 Table of Contents .......................................................................................................................................... 3 Risk Assessment Statement ......................................................................................................................... 4 Limitations and Qualifications: ...................................................................................................................... 5 Executive Summary ...................................................................................................................................... 6 Business Background ................................................................................................................................... 7 Information Sources .................................................................................................................................. 8 Definitions ............................................................................................................................................... 10 Assumptions ........................................................................................................................................... 12 A1: xxx ................................................................................................................................................ 12 A2: xxx ................................................................................................................................................ 12 A3: xxx ................................................................................................................................................ 12 Plausible Attacks ......................................................................................................................................... 13 Attack T1 ................................................................................................................................................. 13 Attack T2 ................................................................................................................................................. 13 Attack T3 ................................................................................................................................................. 13 Determination of Risk Thresholds ............................................................................................................... 14 Risk Measurement ...................................................................................................................................... 15 Transformations .......................................................................................................................................... 16 Suggested Next Steps ................................................................................................................................ 17 AppendixA: xxx ........................................................................................................................................... 18 Appendix X: Definitions ............................................................................................................................... 19 Categories of Variables .......................................................................................................................... 19 References .................................................................................................................................................. 20 3 Risk Assessment Statement This risk assessment statement is provided to xxx (the “Client”). We, Privacy Analytics Incorporated, have determined that the process referred to in this analysis report, when followed, can/cannot ensure that databases could not be used, alone or in combination with other reasonably available information, by an intended recipient to identify an individual who is a subject of the information. We confirm that the risk assessment was conducted by qualified professionals with appropriate knowledge of and experience with generally accepted statistical and scientific principals and methods for rendering information not individually identifiable. 4 Limitations and Qualifications: The statement set out above is subject to the following limitations: a) The risk assessment is based on the information provided to us by the Client. We have assumed that such information is complete and accurate. b) The Client follows the methodology as described in the documentation provided to us. c) The risk assessment is based on a series of assumptions documented in this report which the Client has confirmed are reasonable to make given their business. 5 Executive Summary In this report we examined the anonymization methodology of Client in terms of its ability to produce data sets with a “very small” risk of re-identification according to the HIPAA Privacy Rule. The summary of findings is summarized below. 6 Business Background Client is in the business of xxx. 7 Information Sources We received the information and data from Client summarized in 8 Appendix A: xxx, as well as Appendix B: xxx. Our analysis is based only on the information provided. 9 Definitions Definitions of key terms, such as xxx, are provided in “ 10 Appendix X: Definitions”. 11 Assumptions The following assumptions were made during this analysis. A1: xxx A2: xxx A3: xxx Summary of Assumptions A1: xxx A2:xxx A3: xxx 12 Plausible Attacks The ability of the methodology to identify and protect against plausible attacks is described below. Attack T1 xxx Attack T2 xxx Attack T3 xxx 13 Determination of Risk Thresholds The ability for the methodology to set defensible risk thresholds is as follows. 14 Risk Measurement The methodology has implemented these metrics to empirically demonstrate that the risk is “very small” according to the HIPAA Privacy Rule De-identification Standard. 15 Transformations The methodology implements a number of transformations to reduce the probability of re-identification. Our assessment of these transformations is as follows: 16 Suggested Next Steps Based on our analysis it is recommended that Client implement the following: xxx 17 Appendix A: xxx The following is a summary of the document and data files that were received for the analysis reported in this document: 18 Appendix X: Definitions Categories of Variables It is useful to differentiate among the different types of variables in a disclosed data set. Directly Identifying variables. One or more direct identifiers … 19 References 1 xxx 20