MétaCan
Menu
Back to cohort
Record W2135462674 · doi:10.4212/cjhp.v62i4.812

Evaluating the Risk of Re-identification of Patients from Hospital Prescription Records

2009· article· en· W2135462674 on OpenAlex

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.
fundA Canadian funder is recorded on the work.
venuePublished in a venue whose home country is Canada.
aboutThe title or abstract carries a Canadian signal from the geographic lexicon.

Bibliographic record

VenueThe Canadian Journal of Hospital Pharmacy · 2009
Typearticle
Languageen
FieldPharmacology, Toxicology and Pharmaceutics
TopicPharmacovigilance and Adverse Drug Reactions
Canadian institutionsChildren's Hospital of Eastern OntarioUniversity of OttawaAgricultural Research Institute of Ontario
FundersMemorial University of NewfoundlandUniversity of AlbertaQueen's UniversityMcMaster UniversityOntario Centres of ExcellenceMcGill UniversityDalhousie UniversityHamilton Health SciencesUniversity of British ColumbiaVanderbilt University
KeywordsMedical prescriptionAuditIdentification (biology)MedicineMedical recordMedical emergencyPharmacyQuality (philosophy)Family medicineBusinessAccountingSurgeryNursing

Abstract

fetched live from OpenAlex

Background: Pharmacies often provide prescription records to private research firms, on the assumption that these records are de-identified (i.e., identifying information has been removed). However, concerns have been expressed about the potential that patients can be re-identified from such records. Recently, a large private research firm requested prescription records from the Children’s Hospital of Eastern Ontario (CHEO), as part of a larger effort to develop a database of hospital prescription records across Canada.Objective: To evaluate the ability to re-identify patients from CHEO’S prescription records and to determine ways to appropriately de-identify the data if the risk was too high.Methods: The risk of re-identification was assessed for 18 months’ worth of prescription data. De-identification algorithms were developed to reduce the risk to an acceptable level while maintaining the quality of the data.Results: The probability of patients being re-identified from the original variables and data set requested by the private research firm was deemed quite high. A new de-identified record layout was developed, which had an acceptable level of re-identification risk. The new approach involved replacing the admission and discharge dates with the quarter and year of admission and the length of stay in days, reporting the patient’s age in weeks, and including only the first character of the patient’s postal code. Additional requirements were included in the data-sharing agreement with the private research firm (e.g., audit requirements and a protocol for notification of a breach of privacy).Conclusions: Without a formal analysis of the risk of re-identification, assurances of data anonymity may not be accurate. A formal risk analysis at one hospital produced a clinically relevant data set that also protects patient privacy and allows the hospital pharmacy to explicitly manage the risks of breach of patient privacy.RÉSUMÉ Contexte : Les pharmacies fournissent souvent des dossiers d’ordonnance aux firmes de recherche indépendantes, en supposant qu’ils sont dépersonnalisés (c.-à-d., que l’information pouvant identifier les patients a été retirée). Cependant, des inquiétudes ont été soulevées quant à la possibilité que l’on puisse reconstituer l’identité des patients à partir de ces dossiers. Récemment, une importante firme de recherche indépendante a demandé au Centre hospitalier pour enfants de l’est de l’Ontario (CHEO) d’obtenir les dossiers d’ordonnance, dans le cadre d’un projet plus vaste visant à développer une base de données pancanadienne des dossiers d’ordonnance hospitaliers.Objectif : Évaluer la possibilité de reconstituer l’identité des patients à partir des dossiers d’ordonnance du CHEO afin de déterminer les moyens appropriés de dépersonnaliser les données si le risque de reconstitution est trop élevé.Méthodes : Le risque de reconstitution de l’identité a été évalué à partir de données sur les ordonnances couvrant une période de 18 mois. Des algorithmes de dépersonnalisation ont été conçus pour réduire le risque à un niveau acceptable, tout en maintenant la qualité des données.Résultats : La probabilité de reconstitution de l’identité des patients à partir des variables et des données originales demandées par la firme de recherche indépendante a été jugée assez élevée. Une nouvelle méthode de dépersonnalisation des dossiers comportant un niveau de risque de reconstitution de l’identité acceptable a été développée. La nouvelle méthode impliquait le remplacement des dates d’admission et de sortie par le trimestre et l’année d’admission et la durée du séjour en jours, l’expression de l’âge du patient en semaines, et l’insertion uniquement du premier caractère du code postal du patient. D’autres exigences ont été incluses dans l’entente de transmission de données avec la firme de recherche indépendante (p. ex., des exigences de vérification et un protocole de déclaration de violation de la vie privée).Conclusion : En l’absence d’analyse structurée du risque de reconstitution de l’identité, il est difficile d’assurer la dépersonnalisation des données. Une analyse structurée du risque effectuée dans un hôpital a généré un ensemble de données pertinent sur le plan clinique qui protège également la confidentialité des renseignements personnels des patients et permet à la pharmacie de l’hôpital de gérer explicitement les risques de violation de la vie privée.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.002
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Observational · Consensus signal: Observational
GenreCandidate signal: Empirical · Consensus signal: Empirical
Teacher disagreement score0.153
Threshold uncertainty score0.547

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0020.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.000
Open science0.0010.000
Research integrity0.0000.001
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.092
GPT teacher head0.424
Teacher spread0.333 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it