Avoiding embarrassment and other harms by preventing the exposure of health data


Just imagine how you’d feel if your private – and sometimes very intimate – details of your health were accidentally released on the Internet and your employer, insurer, neighbor and former partners were able to see the medication you’ve taken for mental health reasons or for sexually transmitted diseases.

One way to reduce this risk is to anonymize electronic health record data. A free review in Genome Medicine by Khaled El Emam from the University of Ottawa, Ontario looks at current de-identification methods and suggests best practices.

This is a timely issue because electronic health records are being used more and more in clinically important research and they are likely to be key for some major breakthroughs in the diagnosis and treatment of disease. Universities and research centers have strict ethical rules relating to the use of this data and almost always insist on participants giving their consent. But obtaining consent can reduce participation rates and bias these data. Anonymization appears to be the most practical way forward.

El Emam uses the de-identification practices for two genomic research projects: i2b2 (Informatics for integration of biology and the bedside) and eMerge (Electronic Medical Records and Genomics (eMERGE) Network to highlight current methods. The findings are
likely to be of great interest for researchers embarking on similar studies in
the future.

View the latest posts on the On Medicine homepage


ellen hunt

Mr. El Emam is using as the basis of his argument that he is a hypocrite and that he thinks everyone else should be too.

I think we have gone way overboard with “protecting” patient information. I don’t agree that people have the “right” to expect this, particularly in a socialized medical system, but really in any system.

The least defensible position is preventing public health personnel and anybody doing research from getting access to records and patient samples on demand. That idea, and the idea that people somehow “own” their cancers, diseases, what have you, after medical personnel have removed them is simply insanity.

The consequence of this ridiculous stand on public policy is that others are, de facto, killed because public health and researchers are not allowed access.

This position is not rational; it values embarrassment first. It is, in fact, absurd. It is a puerile policy constructed by windbags that has become a sacred cow without sensible debate.

khaled el emam

Thank you for your comment on the paper and on the general issue of privacy and public health.

I think there are a few things that need to be considered: (a) there is increasing evidence that patients themselves are taking privacy protective behaviors because they are concerned about how their health information is being used (the numbers vary by jurisdiction, but for example in the US it is 15%-17% of surveyed adults admit to lying to their doctor, not seeking care, not revealing certain pieces of information, and seeing multiple providers) and a large percent of providers admit to not including information in the medical record at the request of their patients or putting different information, and (b) there is increasing evidence that providers themselves are reluctant to share information with public health because they do not want to jeopardize the physician-patient relationship and because they are concerned about how data is handled once it is disclosed to public health (we have just published a paper on this in BMC Public Health) – and this holds when disclosures are mandated and when there are severe outbreaks. These are the current trends, and if they continue then less useful information will be disclosed to public health. One way to address this is to de-identify the data. There is evidence that this will make patients more comfortable with disclosing their information, as well as providers.

Therefore, this work, at the end of the day, is intended to help make more data available rather than restrict it. Without de-identification methods the trends are not supportive of more data disclosures.

Comments are closed.