| dc.contributor.author | Cassa, Christopher A. | |
| dc.contributor.author | Wieland, Shannon Christine | |
| dc.contributor.author | Mandl, Kenneth D. | |
| dc.date.accessioned | 2010-10-06T20:07:40Z | |
| dc.date.available | 2010-10-06T20:07:40Z | |
| dc.date.issued | 2008-08 | |
| dc.date.submitted | 2008-04 | |
| dc.identifier.issn | 1476-072X | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/58920 | |
| dc.description.abstract | Background: Knowledge of the geographical locations of individuals is fundamental to the practice of spatial epidemiology. One approach to preserving the privacy of individual-level addresses in a data set is to de-identify the data using a non-deterministic blurring algorithm that shifts the geocoded values. We investigate a vulnerability in this approach which enables an adversary to re-identify individuals using multiple anonymized versions of the original data set. If several such versions are available, each can be used to incrementally refine estimates of the original geocoded location. Results: We produce multiple anonymized data sets using a single set of addresses and then progressively average the anonymized results related to each address, characterizing the steep decline in distance from the re-identified point to the original location, (and the reduction in privacy). With ten anonymized copies of an original data set, we find a substantial decrease in average distance from 0.7 km to 0.2 km between the estimated, re-identified address and the original address. With fifty anonymized copies of an original data set, we find a decrease in average distance from 0.7 km to 0.1 km. Conclusion: We demonstrate that multiple versions of the same data, each anonymized by non-deterministic Gaussian skew, can be used to ascertain original geographic locations. We explore solutions to this problem that include infrastructure to support the safe disclosure of anonymized medical data to prevent inference or re-identification of original address data, and the use of a Markov-process based algorithm to mitigate this risk. | en_US |
| dc.description.sponsorship | National Institutes of Health. (U.S.). National Library of Medicine (1 R01 LM007677 ) | en_US |
| dc.publisher | BioMed Central Ltd | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1186/1476-072X-7-45 | en_US |
| dc.rights | Creative Commons Attribution | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by/2.0 | en_US |
| dc.source | BioMed Central Ltd | en_US |
| dc.title | Re-identification of home addresses from spatial locations anonymized by Gaussian skew | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | International Journal of Health Geographics. 2008 Aug 12;7(1):45 | en_US |
| dc.contributor.department | Harvard University--MIT Division of Health Sciences and Technology | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Civil and Environmental Engineering | en_US |
| dc.contributor.mitauthor | Cassa, Christopher A. | |
| dc.contributor.mitauthor | Wieland, Shannon Christine | |
| dc.contributor.mitauthor | Mandl, Kenneth D. | |
| dc.relation.journal | International Journal of Health Geographics | en_US |
| dc.eprint.version | Final published version | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dc.date.updated | 2010-09-03T16:14:13Z | |
| dc.language.rfc3066 | en | |
| dc.rights.holder | Cassa et al.; licensee BioMed Central Ltd. | |
| dspace.orderedauthors | Cassa, Christopher A; Wieland, Shannon C; Mandl, Kenneth D | en |
| mit.license | PUBLISHER_CC | en_US |
| mit.metadata.status | Complete | |
