Research Accomplishments of Latanya Sweeney, Ph.D.

Overview Medical Informatics       Scrub       Datafly       Genomic identifiability       Patient-centered management Database Security       k-anonymity Surveillance       Selective-revelation       Risk assessment server       PrivaMix Vision       Face de-identification Biometrics       Contactless capture Policy and Law       Identifiability of de-identified data       HIPAA assessments       Privacy-preserving surveillance Public Education       Identity angel       SSNwatch       CameraWatch Quantitative assessments

Policy and Law: Identifiability of de-identified data [cite, cite, cite, cite, cite, cite, cite, cite, cite, cite, cite, cite] Problem Statement: Given person-specific data de-identified to a standard, provide methods that report the number of people that can be re-identified from the data and/or whether the data satisfies the standard. Description: Dr. Sweeney's first contribution involved linking de-identified patient-specific medical data to a population register (e.g., a voter list) to re-identify patients by name [cite, cite]. She then showed that "87% of the U.S. Population are uniquely identified by {date of birth, gender, ZIP}." Her contributions expanded to include experiments on the identifiability of de-identified survey data [cite], pharmacy data [cite], clinical trial data [cite], criminal data [State of Delaware v. Gannett Publishing], DNA [cite, cite, cite], tax data, public health registries [cite (sealed by court), etc.], web logs, and partial Social Security numbers [cite]. A key related technology is the Risk assessment server, described separately. Her current work introduces “Fair Data Sharing Practices,” a set of practices weaved with accompanying technologies that help assure compliance, as a way for society to move forward with data sharing while assuring privacy protections [cite]. (a) (b) Scientific Influence and Impact: Dr. Sweeney's earliest work was discussed and cited as reasons for approaches taken in the HIPAA Privacy Rule [Gellman, Federal Register, et al.]. Four court decisions cite and discuss her re-identifications, and in one case, her method was sealed [Southern Illinoisian v. Dept. of Public Health]. Researchers have replicated her experiments in other countries [Emam, et al.]. Legal scholars discuss ramifications [Kerr, et al.] and offer new legal theories to address her findings [Rothstein, Ohm, Weitzner, et al.]. Other Achievements: 12 Discussed in the federal commentary of the HIPAA Privacy Rule, in 4 court decisions, and in 19 law review journal articles. Included in testimony or briefings to EU, DHS, DOD, NCVHS, HCFA, and U.S. Senate. Privacy Advocate Award from the American Psychiatric Association (rarely given). Identifiability papers [cite, cite] have statistically significant citation counts (at 99th percentile) among medical informatics papers. Identifiability paper [cite] is among 5% (58/1156) of those from Associate Professors in the School of Computer Science at Carnegie Mellon University that enabled successful work by others. Among 28 news articles specifically profiling aspects of this work. Venues include Scientific American, CBS News, ABC News, Newsweek, USA Today, and NPR. Notes 12 See quantitative assessments for more details. Previous | Next Related links: Latanya Sweeney's CV Latanya Sweeney's Home Page Data Privacy Lab