Research Accomplishments of Latanya Sweeney, Ph.D.



Overview

Medical Informatics
      Scrub
      Datafly
      Genomic identifiability
      Patient-centered management

Database Security
      k-anonymity

Surveillance
      Selective-revelation
      Risk assessment server
      PrivaMix

Vision
      Face de-identification

Biometrics
      Contactless capture

Policy and Law
      Identifiability of de-identified data
      HIPAA assessments
      Privacy-preserving surveillance

Public Education
      Identity angel
      SSNwatch
      CameraWatch

Quantitative assessments

Policy and Law: Identifiability of de-identified data

[cite, cite, cite, cite, cite, cite, cite, cite, cite, cite, cite, cite]

Problem Statement: Given person-specific data de-identified to a standard, provide methods that report the number of people that can be re-identified from the data and/or whether the data satisfies the standard.

Description: Dr. Sweeney's first contribution involved linking de-identified patient-specific medical data to a population register (e.g., a voter list) to re-identify patients by name [cite, cite]. She then showed that "87% of the U.S. Population are uniquely identified by {date of birth, gender, ZIP}." Her contributions expanded to include experiments on the identifiability of de-identified survey data [cite], pharmacy data [cite], clinical trial data [cite], criminal data [State of Delaware v. Gannett Publishing], DNA [cite, cite, cite], tax data, public health registries [cite (sealed by court), etc.], web logs, and partial Social Security numbers [cite]. A key related technology is the Risk assessment server, described separately. Her current work introduces “Fair Data Sharing Practices,” a set of practices weaved with accompanying technologies that help assure compliance, as a way for society to move forward with data sharing while assuring privacy protections [cite].

(a)

(b)

Scientific Influence and Impact: Dr. Sweeney's earliest work was discussed and cited as reasons for approaches taken in the HIPAA Privacy Rule [Gellman, Federal Register, et al.]. Four court decisions cite and discuss her re-identifications, and in one case, her method was sealed [Southern Illinoisian v. Dept. of Public Health]. Researchers have replicated her experiments in other countries [Emam, et al.]. Legal scholars discuss ramifications [Kerr, et al.] and offer new legal theories to address her findings [Rothstein, Ohm, Weitzner, et al.].

Other Achievements: 12

  • Discussed in the federal commentary of the HIPAA Privacy Rule, in 4 court decisions, and in 19 law review journal articles. Included in testimony or briefings to EU, DHS, DOD, NCVHS, HCFA, and U.S. Senate.

  • Privacy Advocate Award from the American Psychiatric Association (rarely given).

  • Identifiability papers [cite, cite] have statistically significant citation counts (at 99th percentile) among medical informatics papers.

  • Identifiability paper [cite] is among 5% (58/1156) of those from Associate Professors in the School of Computer Science at Carnegie Mellon University that enabled successful work by others.

  • Among 28 news articles specifically profiling aspects of this work. Venues include Scientific American, CBS News, ABC News, Newsweek, USA Today, and NPR.



Notes

12 See quantitative assessments for more details.

Previous | Next


Related links:


Fall 2009