Managing re-identification risks while providing access to the All of Us research program (feb, 10.1093/jamia/ocad021, 2023)

作     者：Xia, Weiyi Basford, Melissa Carroll, Robert Clayton, Ellen Wright Harris, Paul Kantacioglu, Murat Liu, Yongtai Nyemba, Steve Vorobeychik, Yevgeniy Wan, Zhiyu Malin, Bradley A. 

作者机构：Department of Biomedical Informatics Vanderbilt University Medical Center Nashville Tennessee USA Vanderbilt Institute for Clinical and Translational Research Vanderbilt University Medical Center Nashville Tennessee USA Law School Vanderbilt University Nashville Tennessee USA Department of Pediatrics Vanderbilt University Medical Center Nashville Tennessee USA Department of Health Policy Vanderbilt University Medical Center Nashville Tennessee USA Department of Biomedical Engineering Vanderbilt University Nashville Tennessee USA Department of Computer Science University of Texas at Dallas Dallas Texas USA Department of Computer Science Vanderbilt University Nashville Tennessee USA Department of Computer Science and Engineering Washington University in St. Louis St. Louis Missouri USA Department of Biostatistics Vanderbilt University Medical Center Nashville Tennessee USA 

出 版 物：《JOURNAL OF THE AMERICAN MEDICAL INFORMATICS ASSOCIATION》 (美国医学信息学会志)

年 卷 期：2023年第30卷第5期

页      面：1007-1007页

核心收录：

学科分类：1205[管理学-图书情报与档案管理] 1204[管理学-公共管理] 1001[医学-基础医学(可授医学、理学学位)] 0812[工学-计算机科学与技术（可授工学、理学学位）] 10[医学] 

基　　金：National Institutes of Health, NIH, (RM1HG009034, U2COD023196) National Institutes of Health, NIH 

主　　题：data privacy data sharing electronic health records All of Us Research Program 

摘      要：Objective The All of Us Research Program makes individual-level data available to researchers while protecting the participants’ privacy. This article describes the protections embedded in the multistep access process, with a particular focus on how the data was transformed to meet generally accepted re-identification risk *** At the time of the study, the resource consisted of 329 084 participants. Systematic amendments were applied to the data to mitigate re-identification risk (eg, generalization of geographic regions, suppression of public events, and randomization of dates). We computed the re-identification risk for each participant using a state-of-the-art adversarial model specifically assuming that it is known that someone is a participant in the program. We confirmed the expected risk is no greater than 0.09, a threshold that is consistent with guidelines from various US state and federal agencies. We further investigated how risk varied as a function of participant *** The results indicated that 95th percentile of the re-identification risk of all the participants is below current thresholds. At the same time, we observed that risk levels were higher for certain race, ethnic, and *** While the re-identification risk was sufficiently low, this does not imply that the system is devoid of risk. Rather, All of Us uses a multipronged data protection strategy that includes strong authentication practices, active monitoring of data misuse, and penalization mechanisms for users who violate terms of service.