Iyiola E. Olatunji,Jens Rauch,Matthias Katzensteiner,Megha Khosla

DOI: https://doi.org/10.1089/big.2021.0169

2021-04-14

Abstract:Mining health data can lead to faster medical decisions, improvement in the quality of treatment, disease prevention, reduced cost, and it drives innovative solutions within the healthcare sector. However, health data is highly sensitive and subject to regulations such as the General Data Protection Regulation (GDPR), which aims to ensure patient's privacy. Anonymization or removal of patient identifiable information, though the most conventional way, is the first important step to adhere to the regulations and incorporate privacy concerns. In this paper, we review the existing anonymization techniques and their applicability to various types (relational and graph-based) of health data. Besides, we provide an overview of possible attacks on anonymized data. We illustrate via a reconstruction attack that anonymization though necessary, is not sufficient to address patient privacy and discuss methods for protecting against such attacks. Finally, we discuss tools that can be used to achieve anonymization.

Cryptography and Security,Machine Learning

J. Andrew,R. Jennifer Eunice,J. Karthikeyan

DOI: https://doi.org/10.3389/fpubh.2023.1125011

IF: 5.2

2023-03-04

Frontiers in Public Health

Abstract:Digital health data collection is vital for healthcare and medical research. But it contains sensitive information about patients, which makes it challenging. To collect health data without privacy breaches, it must be secured between the data owner and the collector. Existing data collection research studies have too stringent assumptions such as using a third-party anonymizer or a private channel amid the data owner and the collector. These studies are more susceptible to privacy attacks due to third-party involvement, which makes them less applicable for privacy-preserving healthcare data collection. This article proposes a novel privacy-preserving data collection protocol that anonymizes healthcare data without using a third-party anonymizer or a private channel for data transmission. A clustering-based k -anonymity model was adopted to efficiently prevent identity disclosure attacks, and the communication between the data owner and the collector is restricted to some elected representatives of each equivalent group of data owners. We also identified a privacy attack, known as "leader collusion", in which the elected representatives may collaborate to violate an individual's privacy. We propose solutions for such collisions and sensitive attribute protection. A greedy heuristic method is devised to efficiently handle the data owners who join or depart the anonymization process dynamically. Furthermore, we present the potential privacy attacks on the proposed protocol and theoretical analysis. Extensive experiments are conducted in real-world datasets, and the results suggest that our solution outperforms the state-of-the-art techniques in terms of privacy protection and computational complexity.

public, environmental & occupational health

Lin Yao,Xinyu Wang,Zhenyu Chen,Guowei Wu

DOI: https://doi.org/10.1007/978-3-030-21373-2_12

2019-01-01

Abstract:The patients’ health information is often kept as electronic health records (EHRs). To improve the quality and efficiency of the care, EHRs can be shared among different organizations. However, the inappropriate sharing or usage of these healthcare data could threaten people’s privacy. It becomes increasingly important to preserve the privacy of the published EHRs. An attacker is apt to identify an individual from the published EHRs by partial measurement information as background knowledge, with attacks through the record linkage and attribute linkage. To resist the above types of attacks, we propose a privacy preservation with perturbation in the published healthcare data (PPHR). To protect the privacy of sensitive information, we first determine the critical sequences based on which some specific records are easy to be identified. Then, we adopt perturbation on these sequences by adding or deleting some points while ensuring the published data to satisfy l-diversity. A comprehensive set of real-life healthcare data sets are applied to evaluate the performance of our anonymization approach. Simulations show our scheme possesses better privacy while ensuring higher utility.

Zheming Zuo,Matthew Watson,David Budgen,Robert Hall,Chris Kennelly,Noura Al Moubayed

DOI: https://doi.org/10.2196/preprints.29871

2021-04-23

Abstract:BACKGROUND Data science offers an unparalleled opportunity to identify new insights into many aspects of human life with recent advances in health care. Using data science in digital health raises significant challenges regarding data privacy, transparency, and trustworthiness. Recent regulations enforce the need for a clear legal basis for collecting, processing, and sharing data, for example, the European Union’s General Data Protection Regulation (2016) and the United Kingdom’s Data Protection Act (2018). For health care providers, legal use of the electronic health record (EHR) is permitted only in clinical care cases. Any other use of the data requires thoughtful considerations of the legal context and direct patient consent. Identifiable personal and sensitive information must be sufficiently anonymized. Raw data are commonly anonymized to be used for research purposes, with risk assessment for reidentification and utility. Although health care organizations have internal policies defined for information governance, there is a significant lack of practical tools and intuitive guidance about the use of data for research and modeling. Off-the-shelf data anonymization tools are developed frequently, but privacy-related functionalities are often incomparable with regard to use in different problem domains. In addition, tools to support measuring the risk of the anonymized data with regard to reidentification against the usefulness of the data exist, but there are question marks over their efficacy. OBJECTIVE In this systematic literature mapping study, we aim to alleviate the aforementioned issues by reviewing the landscape of data anonymization for digital health care. METHODS We used Google Scholar, Web of Science, Elsevier Scopus, and PubMed to retrieve academic studies published in English up to June 2020. Noteworthy gray literature was also used to initialize the search. We focused on review questions covering 5 bottom-up aspects: basic anonymization operations, privacy models, reidentification risk and usability metrics, off-the-shelf anonymization tools, and the lawful basis for EHR data anonymization. RESULTS We identified 239 eligible studies, of which 60 were chosen for general background information; 16 were selected for 7 basic anonymization operations; 104 covered 72 conventional and machine learning–based privacy models; four and 19 papers included seven and 15 metrics, respectively, for measuring the reidentification risk and degree of usability; and 36 explored 20 data anonymization software tools. In addition, we also evaluated the practical feasibility of performing anonymization on EHR data with reference to their usability in medical decision-making. Furthermore, we summarized the lawful basis for delivering guidance on practical EHR data anonymization. CONCLUSIONS This systematic literature mapping study indicates that anonymization of EHR data is theoretically achievable; yet, it requires more research efforts in practical implementations to balance privacy preservation and usability to ensure more reliable health care applications.

Katarzyna Pasierb,Tomasz Kajdanowicz,Przemyslaw Kazienko

DOI: https://doi.org/10.48550/arXiv.1304.1877

2013-04-06

Abstract:The goal of the paper is to present different approaches to privacy-preserving data sharing and publishing in the context of e-health care systems. In particular, the literature review on technical issues in privacy assurance and current real-life high complexity implementation of medical system that assumes proper data sharing mechanisms are presented in the paper.

Databases,Cryptography and Security

Zheming Zuo,Matthew Watson,David Budgen,Robert Hall,Chris Kennelly,Noura Al Moubayed

DOI: https://doi.org/10.2196/29871

IF: 3.2

2021-10-15

JMIR Medical Informatics

Abstract:Background Data science offers an unparalleled opportunity to identify new insights into many aspects of human life with recent advances in health care. Using data science in digital health raises significant challenges regarding data privacy, transparency, and trustworthiness. Recent regulations enforce the need for a clear legal basis for collecting, processing, and sharing data, for example, the European Union’s General Data Protection Regulation (2016) and the United Kingdom’s Data Protection Act (2018). For health care providers, legal use of the electronic health record (EHR) is permitted only in clinical care cases. Any other use of the data requires thoughtful considerations of the legal context and direct patient consent. Identifiable personal and sensitive information must be sufficiently anonymized. Raw data are commonly anonymized to be used for research purposes, with risk assessment for reidentification and utility. Although health care organizations have internal policies defined for information governance, there is a significant lack of practical tools and intuitive guidance about the use of data for research and modeling. Off-the-shelf data anonymization tools are developed frequently, but privacy-related functionalities are often incomparable with regard to use in different problem domains. In addition, tools to support measuring the risk of the anonymized data with regard to reidentification against the usefulness of the data exist, but there are question marks over their efficacy. Objective In this systematic literature mapping study, we aim to alleviate the aforementioned issues by reviewing the landscape of data anonymization for digital health care. Methods We used Google Scholar, Web of Science, Elsevier Scopus, and PubMed to retrieve academic studies published in English up to June 2020. Noteworthy gray literature was also used to initialize the search. We focused on review questions covering 5 bottom-up aspects: basic anonymization operations, privacy models, reidentification risk and usability metrics, off-the-shelf anonymization tools, and the lawful basis for EHR data anonymization. Results We identified 239 eligible studies, of which 60 were chosen for general background information; 16 were selected for 7 basic anonymization operations; 104 covered 72 conventional and machine learning–based privacy models; four and 19 papers included seven and 15 metrics, respectively, for measuring the reidentification risk and degree of usability; and 36 explored 20 data anonymization software tools. In addition, we also evaluated the practical feasibility of performing anonymization on EHR data with reference to their usability in medical decision-making. Furthermore, we summarized the lawful basis for delivering guidance on practical EHR data anonymization. Conclusions This systematic literature mapping study indicates that anonymization of EHR data is theoretically achievable; yet, it requires more research efforts in practical implementations to balance privacy preservation and usability to ensure more reliable health care applications.

medical informatics

Hitesh Chhinkaniwala,Sanjay Garg

DOI: https://doi.org/10.48550/arXiv.1403.5250

2014-03-20

Abstract:Huge volume of data from domain specific applications such as medical, financial, telephone, shopping records and individuals are regularly generated. Sharing of these data is proved to be beneficial for data mining application. Since data mining often involves data that contains personally identifiable information and therefore releasing such data may result in privacy breaches. On one hand such data is an important asset to business decision making by analyzing it. On the other hand data privacy concerns may prevent data owners from sharing information for data analysis. In order to share data while preserving privacy, data owner must come up with a solution which achieves the dual goal of privacy preservation as well as accuracy of data mining task mainly clustering and classification. Privacy Preserving Data Publishing (PPDP) is a study of eliminating privacy threats like linkage attack while preserving data utility by anonymizing data set before publishing. Proposed work is an extension to k-anonymization where Privacy Gain (PrGain) has been computed for selective anonymization for set of tuples. Classification and clustering characteristics of original data and anonymized data using proposed algorithm have been evaluated in terms of information loss, execution time, and privacy achieved. Algorithm has been processed against standard data sets and analysis shows that values for sensitive attributes are being preserved with minimal information loss.

Methodology,Cryptography and Security

Robinson Onyemechi Oturugbum

2023-10-30

Abstract:Daily, massive volume of data are produced due to the internet of things' rapid development, which has now permeated the healthcare industry. Recent advances in data mining have spawned a new field of a study dubbed privacy-preserving data mining (PPDM). PPDM technique or approach enables the extraction of actionable insight from enormous volume of data while safeguarding the privacy of individual information and benefiting the entire society Medical research has taken a new course as a result of data mining with healthcare data to detect diseases earlier and improve patient care. Data integration necessitates the sharing of sensitive patient information. However, substantial privacy issues are raised in connection with the storage and transmission of potentially sensitive information. Disclosing sensitive information infringes on patients' privacy. This paper aims to conduct a review of related work on privacy-preserving mechanisms, data protection regulations, and mitigating tactics. The review concluded that no single strategy outperforms all others. Hence, future research should focus on adequate techniques for privacy solutions in the age of massive medical data and the standardization of evaluation standards.

Cryptography and Security

Xingguan Zhou,Jianwei Liu,Qianhong Wu,Zongyang Zhang

DOI: https://doi.org/10.1109/access.2018.2810243

IF: 3.9

2018-01-01

IEEE Access

Abstract:Electronic medical records (EMRs) play an important role in healthcare networks. Since these records always contain considerable sensitive information regarding patients, privacy preservation for the EMR system is critical. Current schemes usually authorize a user to read one’s EMR if and only if his/her role satisfies the defined access policy. However, these existing schemes allow an adversary to link patients’ identities to their doctors. Therefore, classifications of patients’ diseases are leaked without adversaries actually seeing patients’ EMRs. To address this problem, we present two anonymous schemes. They not only achieve data confidentiality but also realize anonymity for individuals. The first scheme achieves moderate security, where adversaries choose attack targets before obtaining information from the EMR system. The second scheme achieves full security, where adversaries adaptively choose attack targets after interaction with the EMR system. We provide rigorous proof showing the security and anonymity of our schemes. In addition, we propose an approach in which EMR owners can search for their EMRs in an anonymous system. For a better user experience, we apply the online/offline approach to speed up data processing. Experimental results show that the time complexity for key generation and EMR encapsulation can be reduced to milliseconds.

Shaden S. Al Aqeeli,Mznah A. Al-Rodhaan,Yuan Tian,Abdullah M. Al-Dhelaan

DOI: https://doi.org/10.4236/etsn.2018.71001

2018-01-01

E-Health Telecommunication Systems and Networks

Abstract:In the healthcare domain, protecting the electronic health record (EHR) is crucial for preserving the privacy of the patient. To help protect the sensitive data, access control mechanisms can be utilized to restrict access to only legitimate users. However, an issue arises when the authorized users abuse their access privileges and violate privacy preferences of the patients. While traditional access control schemes fall short of defending against the misbehavior of authorized users, risk-aware access control models can provide adaptable access to the system resources based on assessing the risk of an access request. When an access request is deemed risky, but within acceptable thresholds, risk mitigation strategies can be exploited to minimize the risk calculated. This paper proposes a risk-aware, privacy-preserving risk mitigation approach that can be utilized in the healthcare domain. The risk mitigation approach controls the patient’s medical data that can be exposed to healthcare professionals, according to their trust level as well as the risk incurred of such data exposure, by developing a novel Risk Measure formula. The developed Risk Measure is proven to manage the risk effectively. Furthermore, Risk Mitigation Data Disclosure algorithms, RIMIDI0 and RIMIDI1, which utilize the developed risk measures, are proposed. Experimental results show the feasibility and effectiveness of the proposed method in preserving the privacy preferences of the patient. Since the proposed approach exposes the patient’s data that are relevant to the undergoing medical procedure while preserving the privacy preferences, positive outcomes can be realized, which will ultimately bring forth quality healthcare services.

Zhiqiang Gao,Yutao Wang,Yanyu Duan,Yun Wang,Zhensheng Peng

DOI: https://doi.org/10.1504/ijica.2018.092587

2018-01-01

International Journal of Innovative Computing and Applications

Abstract:Policedata is an important source of social media data and can be regarded as a technical assistance to increase government accountability and transparency. Notably, it contains large amounts of personal private information that should be preserved deliberately. However, sharing and publishing policedata through private or public cloud infrastructure are still faced with tremendously potential threats and challenges recently. Unfortunately, existing researches regarding privacy preserving data publishing (PPDP) fail to cope with the aforementioned problems. Our work aims to propose a systematic multi-level privacy preserving data publishing (ML-PPDP) architecture. Moreover, a personalised multi-level privacy preserving (pML-PPDP) mechanism that developed from the combination of k-anonymity, l-diversity, t-closeness and differential privacy is designed for policedata publishing. Our solution authorised users with different privileges to different privacy-preserving levels. Experimental results of pML-PPDP mechanism on datasets collected from policedata website are implemented under our proposed ML-PPDP architecture with satisfactory trade-off between privacy and utility.

Benjamin CM Fung, Ke Wang, Rui Chen, Philip S Yu

2010-06-23

Abstract:The collection of digital information by governments, corporations, and individuals has created tremendous opportunities for knowledge- and information-based decision making. Driven by mutual benefits, or by regulations that require certain data to be published, there is a demand for the exchange and publication of data among various parties. Data in its original form, however, typically contains sensitive information about individuals, and publishing such data will violate individual privacy. The current practice in data publishing relies mainly on policies and guidelines as to what types of data can be published and on agreements on the use of published data. This approach alone may lead to excessive data distortion or insufficient protection. Privacy-preserving data publishing (PPDP) provides methods and tools for publishing useful information while preserving data privacy. Recently, PPDP has received …

Wenjun Lin,Jiahao Qian,Wenwen Liu,Lang Wu

2023-12-19

Abstract:The exponential growth of collected, processed, and shared data has given rise to concerns about individuals' privacy. Consequently, various laws and regulations have been established to oversee how organizations handle and safeguard data. One such method is Statistical Disclosure Control, which aims to minimize the risk of exposing confidential information by de-identifying it. This de-identification is achieved through specific privacy-preserving techniques. However, a trade-off exists: de-identified data can often lead to a loss of information, which might impact the accuracy of data analysis and the predictive capability of models. The overarching goal remains to safeguard individual privacy while preserving the data's interpretability, meaning its overall usefulness. Despite advances in Statistical Disclosure Control, the field continues to evolve, with no definitive solution that strikes an optimal balance between privacy and utility. This survey delves into the intricate processes of de-identification. We outline the current privacy-preserving techniques employed in microdata de-identification, delve into privacy measures tailored for various disclosure scenarios, and assess metrics for information loss and predictive performance. Herein, we tackle the primary challenges posed by privacy constraints, overview predominant strategies to mitigate these challenges, categorize privacy-preserving techniques, offer a theoretical assessment of current comparative research, and highlight numerous unresolved issues in the domain.

Cryptography and Security

Shakir Khan,Nabamita Deb,Nashwan Adnan Othman,V. Saravanan,Gnanaprakasam C. N,T. Jaya Lakshmi

DOI: https://doi.org/10.1155/2022/9985933

IF: 3.12

2022-03-24

Computational Intelligence and Neuroscience

Abstract:With the rapid development of mobile medical care, medical institutions also have the hidden danger of privacy leakage while sharing personal medical data. Based on the k-anonymity and l-diversity supervised models, it is proposed to use the classified personalized entropy l-diversity privacy protection model to protect user privacy in a fine-grained manner. By distinguishing solid and weak sensitive attribute values, the constraints on sensitive attributes are improved, and the sensitive information is reduced for the leakage probability of vital information to achieve the safety of medical data sharing. This research offers a customized information entropy l-diversity model and performs experiments to tackle the issues that the information entropy l-diversity model does not discriminate between strong and weak sensitive features. Data analysis and experimental results show that this method can minimize execution time while improving data accuracy and service quality, which is more effective than existing solutions. The limits of solid and weak on sensitive qualities are enhanced, sensitive data are reduced, and the chance of crucial data leakage is lowered, all of which contribute to the security of healthcare data exchange. This research offers a customized information entropy l-diversity model and performs experiments to tackle the issues that the information entropy l-diversity model does not discriminate between strong and weak sensitive features. The scope of this research is that this paper enhances data accuracy while minimizing the algorithm’s execution time.

mathematical & computational biology,neurosciences

Abdulatif Ali Hussain,Ismael Khaleel,Tahsien Al-Quraishi

DOI: https://doi.org/10.58496/mjbd/2024/009

2024-08-10

Abstract:Big Data and Analytics mean an enormous and complex collection of very diverse information, which is processed with various technologies and methods to produce and deliver useful and valuable insights. Analytics is the science of using data, or information to extract useful and actionable insights, facts and knowledge from a collection of data it could be stated that Big Data Analytics is the best thing since every commercial data system ever built, although everybody with a more optimistic vision of technology would like to take note that there is a fine line where Everything Data crosses the boundary to something else, especially with regard to privacy and security of the world as we know it. Privacy and security are two distinct but closely related phenomena. Whereas privacy refers to the control over access to the individual, security refers to the stability or strength of controls designed to protect the individual’s privacy. There are many obvious considerations and obstacles when attempting to securely share data. During big data analytics, many invasive techniques such as data fusion, cross-correlation, and algorithm training are often conducted over shared data, which can lead to severe privacy leaks. This means that every enterprise, organization, and individual maintaining large data repositories are in danger of being breached. Our study teaches us that security, privacy, and ethical concerns in big data analytics do not exist in parallel to the business cycle, but must be wisely and ethically managed in coherence throughout all emerging processes of the big data and information systems.

Xiaoping Liu,Xiao-Bai Li,Luvai Motiwalla,Wenjun Li,Hua Zheng,Patricia D. Franklin

DOI: https://doi.org/10.1145/2956554

2016-01-01

Journal of Data and Information Quality

Abstract:Medical and health data are often collected for studying a specific disease. For such same-disease microdata, a privacy disclosure occurs as long as an individual is known to be in the microdata. Individuals in same-disease microdata are thus subject to higher disclosure risk than those in microdata with different diseases. This important problem has been overlooked in data-privacy research and practice, and no prior study has addressed this problem. In this study, we analyze the disclosure risk for the individuals in same-disease microdata and propose a new metric that is appropriate for measuring disclosure risk in this situation. An efficient algorithm is designed and implemented for anonymizing same-disease data to minimize the disclosure risk while keeping data utility as good as possible. An experimental study was conducted on real patient and population data. Experimental results show that traditional reidentification risk measures underestimate the actual disclosure risk for the individuals in same-disease microdata and demonstrate that the proposed approach is very effective in reducing the actual risk for same-disease data. This study suggests that privacy protection policy and practice for sharing medical and health data should consider not only the individuals’ identifying attributes but also the health and disease information contained in the data. It is recommended that data-sharing entities employ a statistical approach, instead of the HIPAA's Safe Harbor policy, when sharing same-disease microdata.

Yonghong Xie,Qing He,Dezheng Zhang,Xiaojing Hu

DOI: https://doi.org/10.1109/cisp.2015.7408136

2015-01-01

Abstract:In the era of big data, the Privacy Preserving Data Mining (PPDM) technology is increasingly important. The aim is to dig out the hidden, previously unknown and potentially useful knowledge or pattern under the premise of protecting sensitive data. In this paper, we summarize the existing PPDM technology as well as its advantages and disadvantages. We combine distributed randomization with the K-anonymity algorithm to reduce the information loss rate in order to increase the data availability and avoid the leakage of privacy data information. This method is applied to clinical data of diabetic nephropathy(DN). The result has proved that the potential relationship between some certain factors and diabetic nephropathy syndromes has no obvious damage compared with the result which is got on the basis of the unprotected status.

Shaden Al-Aqeeli,Mznah Al-Rodhaan,Yuan Tian

DOI: https://doi.org/10.1109/iciht.2017.7899150

2017-01-01

Abstract:Preserving privacy of the electronic health records of the patients has been a fundamental issue in the healthcare domain. Several techniques have been employed to maintain privacy of the sensitive information such as controlling access to the medical records. While acting as a first line of defense against illegitimate access, traditional access control schemes fall short of defending against misbehavior of the already authenticated and authorized users; a risk that can harbor devastating consequences upon potential data release or leak. Several approaches can be implemented to overcome this risk such as establishing the notion of trustworthiness of the system users, which makes the access control scheme more dynamic and adaptable. In effect, as opposed to rigidly denying an access request, an access control model becomes more tolerable towards risky access requests by employing risk mitigation strategies. This paper introduces a novel risk mitigation strategy, for the healthcare domain, through which the risk associated with an access request is evaluated against the privacy preferences of the patient undergoing the medical procedure. The proposed strategy, which is HIPAA compliant, decides the set of data objects that can be safely exposed to the healthcare service provider such that unnecessarily repeated tests and procedures can be avoided and the privacy preferences of the patient are preserved.

Chanying Huang,Kedong Yan,Songjie Wei,Dong Hoon Lee

DOI: https://doi.org/10.1109/pic.2017.8359554

2017-01-01

Abstract:Personal Health Records (PHR) is patient-centric healthcare system, which allows patients to control who can get access to their health records and which section of the record can be accessed. Hot issues such as access control, patients control degree, and privacy protection, etc. are still the challenging concerns while designing a secure PHR system.In this paper, we propose dsPPS, a secure integrated PHR framework(from health data collection to health data sharing) that meets patients' full control of their PHR and sufficient privacy preservation. Specifically, dsPPS provides two schemes: Biometric-Based secure health data Collection (BBC) scheme and Attribute-Based health record Accessing (ABA) scheme. While BBC scheme enables patients to collect their scattered health data from multiple typical health systems securely and efficiently, the ABA scheme allows users (health systems) access to the PHR server with their sensitive attributes being protected. Comprehensive analysis is conducted to show the security of dsPPS against typical attacks. In addition, experiments in both smart phone and PC (Intel) platforms demonstrate that dsPPS produces reasonable performance in terms of storage, communication and computational overheads.

Christine M O'Keefe,Donald B Rubin,Christine M. O'Keefe,Donald B. Rubin

DOI: https://doi.org/10.1002/sim.6543

2015-06-05

Statistics in Medicine

Abstract:Health and medical data are increasingly being generated, collected, and stored in electronic form in healthcare facilities and administrative agencies. Such data hold a wealth of information vital to effective health policy development and evaluation, as well as to enhanced clinical care through evidence-based practice and safety and quality monitoring. These initiatives are aimed at improving individuals' health and well-being. Nevertheless, analyses of health data archives must be conducted in such a way that individuals' privacy is not compromised. One important aspect of protecting individuals' privacy is protecting the confidentiality of their data. It is the purpose of this paper to provide a review of a number of approaches to reducing disclosure risk when making data available for research, and to present a taxonomy for such approaches. Some of these methods are widely used, whereas others are still in development. It is important to have a range of methods available because there is also a range of data-use scenarios, and it is important to be able to choose between methods suited to differing scenarios. In practice, it is necessary to find a balance between allowing the use of health and medical data for research and protecting confidentiality. This balance is often presented as a trade-off between disclosure risk and data utility, because methods that reduce disclosure risk, in general, also reduce data utility.

public, environmental & occupational health,medicine, research & experimental,medical informatics,mathematical & computational biology,statistics & probability