Overview
Medical Informatics
Scrub
Datafly
Genomic identifiability
Patient-centered management
Surveillance
Selective-revelation
Risk assessment server
PrivaMix
Biometrics
Contactless capture
Policy and Law
Identifiability of de-identified data
HIPAA assessments
Privacy-preserving surveillance
Policy and Law: HIPAA assessments
Problem Statement: Given patient-specific health data covered by the HIPAA Privacy Rule, construct a method for determining whether a version of the data is sufficiently de-identified under HIPAA (scientifically and legally) so that it can be shared freely and still remain useful.
Description: Dr. Sweeney's contribution was an operational standard for determining HIPAA compliance that satisfies scientific and legal muster by asserting that a dataset is HIPAA compliant if no more people are identifiable in the subject data release than would be identifiable if the data release satisfied the HIPAA safe harbor provisions. [cite, cite] This leverages my previously developed technology for determining the identifiability of data Risk Assessment Server, described separately. As background, the HIPAA Privacy Rule provides two mechanisms for sharing patient data freely: (1) the safe harbor provision that lists which fields cannot be released; and, (2) the scientific standard that states that there must be minimal risk of re-identification. The safe harbor provision often yields useless data, and there is no definition of "minimal risk" provided for the scientific standard. Dr. Sweeney technical and legal insight was to conserve the number of re-identifications allowed in the safe harbor while allowing more specificity in fields.
 |
Scientific Influence and Impact: Attorneys made public statements endorsing Dr. Sweeney's approach as a means of reducing litigation risk [Tupman, et al.]. Others report using it in practice [American Health Lawyers, et al.]. Two companies licensed her related technology and use the approach to commercially provide HIPAA Compliance Assessments [Privacert, et al.].
Other Achievements: 12
- Elected Fellow, American College of Medical Informatics, based in part on this work.
- Appointment to the Federal HIT Policy Committee, Privacy and Security Seat in the
Obama Administration, based in part on this work.
- Included in testimony or briefings to EU, DHS, DOD, NCVHS, HCFA, and U.S. Senate.
- Dr. Sweeney's paper
[cite]
has a statistically significant citation count (at 99th percentile) among medical
informatics papers.
- Among 28 news articles specifically profiling aspects of this work. Venues include Scientific American, CBS News, ABC News, Newsweek, USA Today, and NPR.
Notes
| 12 | See quantitative assessments for more details. |
Related links: