Is De-identification of Health Data from Wearable Devices Secure Enough?

Öz

In recent years, the spread of wearable devices with the developing technology has led to the easy monitoring and collection of personal health data in order to collect and monitor information about a person's health and daily activities. Therefore, the creation and sharing of this data collected for individuals has become easier. Datasets created by removing personal identification information can be used in public health research, in the development and evaluation of health policies, as well as in comparative effectiveness studies. Accessibility of health data coming from wearable devices by de-identifying or publishing these data used in a research by anonymizing their identities is seen as an important element in protecting privacy at the individual level. However, the risk of redefinition of unidentified health data varies depending on the size and complexity of the data set, the availability of other data sets or information, and the use of redefinition techniques. With this study, it is evaluated to provide an overview of the risk of redefinition of health data that can be easily obtained through wearable devices and to what extent this data can pose a privacy risk at an individual level, even if anonymized. Current and original studies on the subject were systematically reviewed with careful and unbiased consideration, and the findings were synthesized to reach a comprehensive conclusion. In conclusion, de-identifying health data is an important step in protecting privacy, but it is not a definitive solution. Because it is common to collect and share data through wearable devices, establishing adequate policies and procedures to protect privacy can minimize the potential risks associated with redefinition.

Anahtar Kelimeler

• Wearable devices
• health data
• de-identification
• re-identification
• privacy

Giyilebilir Cihazlardan Gelen Sağlık Verilerinin Kimliksizleştirilmesi Yeterince Güvenli mi?

Öz

Kişinin sağlığı ve günlük aktiviteleriyle ilgili bilgileri toplamak ve izlemek amacıyla, son yıllarda, gelişen teknoloji ile birlikte giyilebilir cihazların yaygınlaşması, kişisel sağlık verilerinin kolaylıkla izlenmesine ve toplanmasına öncülük etmiştir. Dolayısıyla, kişilere yönelik toplanan bu verilerin oluşturulması ve paylaşılması kolaylaşmıştır. Kişiye ait tanımlayıcı bilgilerin kaldırılarak oluşturulan veri setleri toplum sağlığı araştırmalarında, sağlık politikalarının geliştirilmesinde ve değerlendirilmesinde, ayrıca karşılaştırmalı etkinlik çalışmalarında kullanılabilir. Giyilebilir cihazlardan gelen sağlık verilerinin kimliksizleştirilerek erişilebilir olması ya da bir araştırmada kullanılan bu verilerin kimliklerinin belirsizleştirilerek yayınlanması bireysel düzeyde mahremiyeti korumada önemli bir unsur olarak görülmektedir. Ancak tanımlanmamış sağlık verilerinin yeniden tanımlama riski, veri setinin boyutu ve karmaşıklığı, diğer veri setlerinin veya bilgilerin mevcudiyeti ve yeniden tanımlama tekniklerinin kullanımına bağlı olarak değişmektedir. Bu çalışma ile giyilebilir cihazlar aracılığıyla kolaylıkla elde edilebilen sağlık verilerinin yeniden tanımlama riskine yönelik genel bir bakış sağlanması ve bu veriler anonimleştirilse dahi hangi ölçüde bireysel düzeyde mahremiyet riski oluşturabileceği konusu değerlendirilmektedir. Konuyla ilgili güncel ve özgün çalışmalar dikkatle ve önyargısız bir yaklaşımla sistematik olarak taranmış, elde edilen bulgular sentezlenerek bütüncül bir sonuca ulaşılmıştır. Sonuç olarak, sağlık verilerinin kimliksizleştirilmesi, mahremiyeti korumada önemli bir adım olsa da kesin bir çözüm değildir. Giyilebilir cihazlar aracılığıyla veri toplamak ve paylaşmak yaygın olmasından dolayı, mahremiyeti korumak için yeterli politika ve prosedürlerin oluşturulması yeniden tanımlamayla ilişkili potansiyel riskleri en aza indirebilir.

Anahtar Kelimeler

• Giyilebilir cihazlar
• sağlık verisi
• kimliksizleştirme
• yeniden tanımlama
• mahremiyet

Kaynakça

1. 1. Cheung CC, Krahn AD, Andrade JG. The emerging role of wearable technologies in detection of arrhythmia. Can J Cardiol. 2018;34(8):1083-1087. doi: 10.1016/j.cjca.2018.05.003.
2. 2. Jia S, Gao H, Xue Z, Meng X. Recent advances in multifunctional wearable sensors and systems: design, fabrication, and applications. Biosensors. 2022;12(11):1057. doi: 10.3390/bios12111057.
3. 3. Market Research Report: Wearable Technology Market. Report Code SE 2816, 2023. https://www.marketsandmarkets.com/Market-Reports/wearable-sensor-market-158101489.html. Erişim tarihi 18 Temmuz 2023.
4. 4. Burki T. Wearable technology and COVID-19. Lancet Respir Med. 2022;10(10):934-935. doi: 10.1016/S2213-2600(22)00351-4.
5. 5. Santos MD, Roman C, Pimentel MAF, et al. A real-time wearable system for monitoring vital signs of COVID-19 patients in a hospital setting. Front Digit Heal. 2021;3. doi: 10.3389/fdgth.2021.630273.
6. 6. Cheong SHR, Ng YJX, Lau Y, Lau ST. Wearable technology for early detection of COVID-19: A systematic scoping review. Prev Med (Baltim). 2022;162:107170. doi: 10.1016/j.ypmed.2022.107170.
7. 7. Packhäuser K, Gündel S, Münster N, et al. Deep learning-based patient re-identification is able to exploit the biometric nature of medical chest X-ray data. Sci Rep. 2022;12(1):14851. doi: 10.1038/s41598-022-19045-3.
8. 8. Ghazarian A, Zheng J, Struppa D, Rakovski C. Assessing the reidentification risks posed by deep learning algorithms applied to ECG Data. IEEE Access. 2022;10:68711-68723. doi:10.1109/ACCESS.2022.3185615.

9. 9. Chikwetu L, Miao Y, Woldetensae MK, et al. Does deidentification of data from wearable devices give us a false sense of security? A systematic review. Lancet Digit Heal. 2023;5(4):e239-e247. doi: 10.1016/S2589-7500(22)00234-5.
10. 10. Wang R, Blackburn G, Desai M, et al. Accuracy of wrist-worn heart rate monitors. JAMA Cardiol. 2017;2(1):104. doi: 10.1001/jamacardio.2016.3340.
11. 11. Gillinov S, Etiwy M, Wang R, et al. Variable accuracy of wearable heart rate monitors during aerobic exercise. Med Sci Sport Exerc. 2017;49(8):1697-1703. doi: 10.1249/MSS.0000000000001284.
12. 12. Boeckhout M, Zielhuis GA, Bredenoord AL. The FAIR guiding principles for data stewardship: fair enough? Eur J Hum Genet. 2018;26(7):931-936. doi: 10.1038/s41431-018-0160-0.
13. 13. Wilkinson MD, Dumontier M, Aalbersberg IjJ, et al. The FAIR Guiding Principles for scientific data management and stewardship. Sci Data. 2016;3(1):160018. doi: 10.1038/sdata.2016.18.
14. 14. Simon GE, Shortreed SM, Coley RY, et al. Assessing and minimizing re-identification risk in research data derived from health care records. eGEMs (Generating Evid Methods to Improv patient outcomes). 2019;7(1):6. doi: 10.5334/egems.270.
15. 15. Raghupathi W, Raghupathi V, Saharia A. Analyzing health data breaches: a visual analytics approach. AppliedMath. 2023;3(1):175-199. doi: 10.3390/appliedmath3010011.
16. 16. Ahmed T, Aziz MMA, Mohammed N. De-identification of electronic health record using neural network. Sci Rep. 2020;10(1):18600. doi: 10.1038/s41598-020-75544-1.
17. 17. Fuller M. Big data and the Facebook scandal: Issues and responses. Theology. 2019;122(1):14-21. doi: 10.1177/0040571X18805908.
18. 18. Schneble CO, Elger BS, Shaw D. The Cambridge Analytica affair and Internet‐mediated research. EMBO Rep. 2018;19(8). doi: 10.15252/embr.201846579.
19. 19. Sweeney L. Simple Demographics Often Identify People Uniquely. Yayınlanma tarihi: 2000. http://dataprivacylab.org/projects/identifiability/paper1.pdf. Erişim tarihi: 23 Temmuz 2023.
20. 20. Garfinkel SL. De-Identification of Personal Information. 2015. doi: 10.6028/NIST.IR.8053
21. 21. Mishra T, Wang M, Metwally AA, et al. Pre-symptomatic detection of COVID-19 from smartwatch data. Nat Biomed Eng. 2020;4(12):1208-1220. doi: 10.1038/s41551-020-00640-6.
22. 22. Ates HC, Yetisen AK, Güder F, Dincer C. Wearable devices for the detection of COVID-19. Nat Electron. 2021;4(1):13-14. doi: 10.1038/s41928-020-00533-1.
23. 23. Ghiță AŞ, Florea AM. Real-time people re-identification and tracking for autonomous platforms using a trajectory prediction-based approach. Sensors. 2022;22(15):5856. doi: 10.3390/s22155856.
24. 24. Seastedt KP, Schwab P, O’Brien Z, et al. Global healthcare fairness: We should be sharing more, not less, data. PLOS Digit Heal. 2022;1(10):e0000102. doi: 10.1371/journal.pdig.0000102.
25. 25. Health Information Privacy. The HIPAA Privacy Rule. United States (U.S.) Department of Health and Human Services. https://www.hhs.gov/hipaa/for-professionals/privacy/index.html. Published 1996. Erişim tarihi 4 Mayıs 2023.
26. 26. Ghazarian A, Zheng J, El-Askary H, et al. Increased Risks of Re-identification For Patients Posed by Deep Learning-Based ECG Identification Algorithms. In: 2021 43rd Annual International Conference of the IEEE Engineering in Medicine & Biology Society (EMBC). IEEE; 2021:1969-1975. doi: 10.1109/EMBC46164.2021.9630880.
27. 27. Kancherla J. Re-identification of health data through machine learning. SSRN Electron J. Published online 2020. doi: 10.2139/ssrn.3794927.
28. 28. Haley DF, Matthews SA, Cooper HLF, et al. Confidentiality considerations for use of social-spatial data on the social determinants of health: Sexual and reproductive health case study. Soc Sci Med. 2016;166:49-56. doi: 10.1016/j.socscimed.2016.08.009.
29. 29. Spengler H, Prasser F. Protecting Biomedical Data Against Attribute Disclosure. In: (Eds.) RR et al., ed. German Medical Data Sciences: Shaping Change – Creative Solutions for Innovative Medicine. IOS Press; 2019:207-214. doi: 10.3233/SHTI190829
30. 30. Hayes B. Uniquely Me! Am Sci. 2014;102(2):106-109.
31. 31. Willemink MJ, Koszek WA, Hardell C, et al. Preparing medical imaging data for machine learning. Radiology. 2020;295(1):4-15. doi: 10.1148/radiol.2020192224.
32. 32. Lee I. Analysis of insider threats in the healthcare industry: a text mining approach. Information. 2022;13(9):404. doi: 10.3390/info13090404.
33. 33. Vincent J. Google scrapped the publication of 100,000 chest X-rays due to last-minute privacy problems. The Verge. https://www.theverge.com/2019/11/15/20966460/google-scrapped-publication-100000-chest-x-rays-nih-project-2017. Published 2019. Erişim tarihi 10 Mayıs 2023.
34. 34. Attia ZI, Friedman PA, Noseworthy PA, et al. Age and sex estimation using artificial intelligence from standard 12-lead ECGs. Circ Arrhythmia Electrophysiol. 2019;12(9). doi: 10.1161/CIRCEP.119.007284.
35. 35. Lubarsky B. Re-identification of “anonymized” data. Georg Law Technol Rev. 2017;202. doi: 10.48550/arXiv.1909.09675.
36. 36. Rocher L, Hendrickx JM, de Montjoye YA. Estimating the success of re-identifications in incomplete datasets using generative models. Nat Commun. 2019;10(1):3069. doi: 10.1038/s41467-019-10933-3.
37. 37. El Emam K, Dankar FK, Neisa A, Jonker E. Evaluating the risk of patient re-identification from adverse drug event reports. BMC Med Inform Decis Mak. 2013;13(1):114. doi: 10.1186/1472-6947-13-114.
38. 38. Richens JG, Lee CM, Johri S. Improving the accuracy of medical diagnosis with causal machine learning. Nat Commun. 2020;11(1):3923. doi: 10.1038/s41467-020-17419-7.
39. 39. Matveev Y. The Problem of Voice Template Aging in Speaker Recognition Systems. In: The 15th International Conference SPECOM 2013; September 1-5, 2013; Plzeň, Czech Republic. doi: 10.1007/978-3-319-01931-4_46.
40. 40. Manjani I, Sumerkan H, Flynn PJ, Bowyer KW. Template aging in 3D and 2D face recognition. In: 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS). IEEE; September 6-9, 2016; New York, ABD. doi:10.1109/BTAS.2016.7791202.
41. 41. Kim HE, Kim HH, Han BK, et al. Changes in cancer detection and false-positive recall in mammography using artificial intelligence: a retrospective, multireader study. Lancet Digit Heal. 2020;2(3):e138-e148. doi: 10.1016/S2589-7500(20)30003-0.
42. 42. Tosoni S, Voruganti I, Lajkosz K, et al. The use of personal health information outside the circle of care: consent preferences of patients from an academic health care institution. BMC Med Ethics. 2021;22(1):29. doi: 10.1186/s12910-021-00598-3.
43. 43. Benjamens S, Dhunnoo P, Meskó B. The state of artificial intelligence-based FDA-approved medical devices and algorithms: an online database. NPJ Digit Med. 2020;3(1):118. doi: 10.1038/s41746-020-00324-0.
44. 44. El Emam K, Jonker E, Arbuckle L, Malin B. A systematic review of re-identification attacks on health data. Scherer RW, ed. PLoS One. 2011;6(12):e28071.
45. 45. Xia W, Liu Y, Wan Z, et al. Enabling realistic health data re-identification risk assessment through adversarial modeling. J Am Med Informatics Assoc. 2021;28(4):744-752.