Re-identification Risk Assessment and Anonymization (SAMPLE REPORT)

Re-identification Risk Assessment
and Anonymization
(SAMPLE REPORT)
Date
Signature:
Khaled El Emam ;date
1
2
Table of Contents
Anonymization Methodology Review (SAMPLE REPORT) .......................................................................... 1
Table of Contents .......................................................................................................................................... 3
Risk Assessment Statement ......................................................................................................................... 4
Limitations and Qualifications: ...................................................................................................................... 5
Executive Summary ...................................................................................................................................... 6
Business Background ................................................................................................................................... 7
Information Sources .................................................................................................................................. 8
Definitions ............................................................................................................................................... 10
Assumptions ........................................................................................................................................... 12
A1: xxx ................................................................................................................................................ 12
A2: xxx ................................................................................................................................................ 12
A3: xxx ................................................................................................................................................ 12
Plausible Attacks ......................................................................................................................................... 13
Attack T1 ................................................................................................................................................. 13
Attack T2 ................................................................................................................................................. 13
Attack T3 ................................................................................................................................................. 13
Determination of Risk Thresholds ............................................................................................................... 14
Risk Measurement ...................................................................................................................................... 15
Transformations .......................................................................................................................................... 16
Suggested Next Steps ................................................................................................................................ 17
AppendixA: xxx ........................................................................................................................................... 18
Appendix X: Definitions ............................................................................................................................... 19
Categories of Variables .......................................................................................................................... 19
References .................................................................................................................................................. 20
3
Risk Assessment Statement
This risk assessment statement is provided to xxx (the “Client”).
We, Privacy Analytics Incorporated, have determined that the process referred to in this analysis report,
when followed, can/cannot ensure that databases could not be used, alone or in combination with other
reasonably available information, by an intended recipient to identify an individual who is a subject of the
information.
We confirm that the risk assessment was conducted by qualified professionals with appropriate
knowledge of and experience with generally accepted statistical and scientific principals and methods for
rendering information not individually identifiable.
4
Limitations and Qualifications:
The statement set out above is subject to the following limitations:
a)
The risk assessment is based on the information provided to us by the Client. We have assumed
that such information is complete and accurate.
b)
The Client follows the methodology as described in the documentation provided to us.
c)
The risk assessment is based on a series of assumptions documented in this report which the
Client has confirmed are reasonable to make given their business.
5
Executive Summary
In this report we examined the anonymization methodology of Client in terms of its ability to produce data
sets with a “very small” risk of re-identification according to the HIPAA Privacy Rule. The summary of
findings is summarized below.
6
Business Background
Client is in the business of xxx.
7
Information Sources
We received the information and data from Client summarized in
8
Appendix A: xxx, as well as Appendix B: xxx. Our analysis is based only on the information provided.
9
Definitions
Definitions of key terms, such as xxx, are provided in “
10
Appendix X: Definitions”.
11
Assumptions
The following assumptions were made during this analysis.
A1: xxx
A2: xxx
A3: xxx
Summary of Assumptions

A1: xxx

A2:xxx

A3: xxx
12
Plausible Attacks
The ability of the methodology to identify and protect against plausible attacks is described below.
Attack T1
xxx
Attack T2
xxx
Attack T3
xxx
13
Determination of Risk Thresholds
The ability for the methodology to set defensible risk thresholds is as follows.
14
Risk Measurement
The methodology has implemented these metrics to empirically demonstrate that the risk is “very small”
according to the HIPAA Privacy Rule De-identification Standard.
15
Transformations
The methodology implements a number of transformations to reduce the probability of re-identification.
Our assessment of these transformations is as follows:
16
Suggested Next Steps
Based on our analysis it is recommended that Client implement the following:
xxx
17
Appendix A: xxx
The following is a summary of the document and data files that were received for the analysis reported in
this document:
18
Appendix X: Definitions
Categories of Variables
It is useful to differentiate among the different types of variables in a disclosed data set.
Directly Identifying variables. One or more direct identifiers …
19
References
1
xxx
20