{"id":4096,"date":"2017-01-20T15:35:33","date_gmt":"2017-01-20T15:35:33","guid":{"rendered":"https:\/\/www.wma.net\/wp-content\/uploads\/2017\/01\/WMA-HDB-Seoul_KIM.pdf"},"modified":"2017-01-20T15:35:33","modified_gmt":"2017-01-20T15:35:33","slug":"wma-hdb-seoul_kim-2","status":"inherit","type":"attachment","link":"https:\/\/www.wma.net\/es\/wma-hdb-seoul_kim-2\/","title":{"rendered":"WMA-HDB-Seoul_KIM"},"author":2,"comment_status":"open","ping_status":"closed","template":"","meta":[],"acf":[],"description":{"rendered":"

WMA-HDB-Seoul_KIM<\/a><\/p>\n

1
\nData Confidentiality
\nand Gene Privacy
\nJu Han Kim, M.D., Ph.D.
\nProfessor and Founding Chair, Div. of Biomedical
\nInformatics, Seoul Nat\u2019l Univ. College of Medicine
\njuhan@snu.ac.kr
\nNo one wants to expose\u2026
\n\u2022 credit card numbers
\n\u2022 bank account numbers
\n\u2022 passwords
\n\u2022 sensitive data (patient data)
\n2
\nProtecting\u2026
\n\u2022 What?
\n\u2022 Security
\n\u2022 Privacy
\n\u2022 Confidentiality
\n\u2022 Against what?
\n\u2022 Evil hackers
\n\u2022 Malicious insiders
\n\u2022 Stupidity
\nPrivacy
\n\u2022 Right to be alone; e.g.:
\n\u2022 applies mostly to known individuals
\n\u2022 Correlation among pervasive databases
\n\u2022 sensus
\n\u2022 marketing
\n\u2022 health
\n3
\nConfidentiality
\n\u2022 Use of sharing information by multiple
\nusers at many institutions
\n\u2022 Should be controlled by coherent policy
\n\u2022 Enforced by appropriate technology
\n\u2022 E.g., who may use your results of life
\ninsurance, for what purposes?
\n\ud504\ub77c\uc774\ubc84\uc2dc \/ \uae30\ubc00\uc720\uc9c0 \/ \ubcf4\uc548
\n\u2022 Privacy: managing your own information
\nto suit your needs
\n\u2022 Confidentiality: managing someone else\u2019s
\ninformation to protect their privacy
\n\u2022 Security: physical security
\nright to remain unknown
\n4
\nPrivacy & Intruders
\nFreedom from
\n1. intrusion
\n2. surveillance
\n3. right to self control \u00e0 (Patient control)
\n\u00fc Giving patients control of the use of their data
\n\u00fc To be informed and to control who, when, how, and why
\ntheir health information is accessed\/used
\n\u00fc Broader concept than the right to inspect\/read
\n5
\nPrivacy as the right to life
\n\u2022 Competition
\n\u00fc Competition at equality condition
\n\u2022 Autonomy and Freewill
\n\u00fc Right to choose religion and good and evil
\n\u00fc Right to belief
\n\u2022 Right to forget or not recognize discrimination
\n\u00fc Race, gender, regional sentiment
\n* Privacy Case Nydia Vel\u00c3\u00a1zquez \u00c2 (1982) Three weeks after
\nNydia Vel\u00c3\u00a1zquez won the New York Democratic Party’s
\nnomination to serve in the U.S. House of Representatives,
\nsomebody at St. Claire Hospital in New York faxed
\nVel\u00c3\u00a1zquez’s medical records to the New York Post. The
\nrecords detailed the care that Vel\u00c3\u00a1zquez had received at the
\nhospital after a suicide attempt–an attempt that had happened
\nseveral years before the election.
\nDatabase Nation: The Death of Privacy in the 21st Century, Simson
\nGarfinkel, Jan 2000, 1-56592-653-6
\n6
\nThe intruders
\nl The Big Brother
\nl The Little Sisters
\nl Intrusive Technologies
\nl Stupidity
\nl Internal breaches
\nl Ever increasing stakeholders
\nl Data integration
\nl Re-identification of the de-identified
\nBig brother is watching you!
\n\u2022 Governmental DBs
\n\u2022 National Surveillance
\n\u2022 International Collaborations
\nThe Intruders \u2013 Big Brother
\n7
\nThe Sisters are nearer than the Bros
\n\u2022 Flaming
\n\u2022 Flame war
\n\u2022 Cyberbullying
\n\u2022 Internet Trolling
\n\u2022 Smack Talk
\nThe Intruders \u2013 Little Sisters
\nThe Intruders \u2013Technologies
\n8
\nThe Intruders \u2013 Stupidity
\n\u2022 frigidity
\n\u2022 ignorance
\n\u2022 divide
\n\ucd9c\ucc98: \uc911\uc559\uc77c\ubcf4 2005\ub1446\uc6d423\uc77c\uc790
\nInternal breaches
\nThe dark side
\n9
\n\u2022 Dr.
\n\u2022 Nr.
\n\u2022 Therapists
\n\u2022 Laboratory
\n\u2022 Radiology
\n\u2022 Pharmacy
\n\u2022 Admissions
\n\u2022 Administrations
\n\u2026 more than 70
\n\u2022 Managers
\n\u2022 Patients
\n\u2022 Payers
\n\u2022 Reviewers
\n\u2022 Gov. Institutions
\n\u2022 Insurance Company, Pharma
\n\u2022 Hackers
\n\u2022 and more and more people\u2026
\nThe Intruders – ever increasing stakeholders
\nThe Intruders \u2013 Data Integration
\n10
\nThe Intruders \u2013 Data Integration
\nThe Intruders \u2013 Data Integration
\n11
\nFormer Governor, William F. Weld
\nGroup Insurance Commission RecordDecoded
\nMessachusettes
\nGroup Insurance
\nCommission Released
\nMedical Records
\nof Gov. Officers
\n(de-identified)
\nVoter list for $20
\n\ucd9c\ucc98: Sherman E. It doesn\u2019t take much to make you stand out. Cambridge, Mass.:
\nHarvard University Extension School Bulletin, Fall 2001
\nDe-identification &Re-identification
\nNames of the 35% of the victims
\nwere reidentified
\n(only with public data)
\n12
\nMalin and Sweeney at Carnegie Mellon Univ. integrated
\n(1) Illinois\u2019publicly available de-identified discharge summary data (1990-
\n1997) with (2) Census data and (3) Voter list,
\nsurprisingly re-identifying real names of rare disease patients by using the
\npublicly available data only
\nCystic fibrosis: 33%
\nHuntington disease: 50%
\nFanconi Anemia: 70%
\nRefsum disease: 100%
\nRe-identification < Rare disease >
\nNew England Journal of Medicine (2005)
\nBritish Medical Journal (2001)
\n13
\nEfforts
\nregional and international
\nLegislative efforts in Korea
\n\u2022 Constitution
\n\u00fc \uc81c17\uc870: \u201c\ubaa8\ub4e0 \uad6d\ubbfc\uc740 \uc0ac\uc0dd\ud65c\uc758 \ube44\ubc00\uacfc \uc790\uc720\ub97c \uce68\ud574\ubc1b\uc9c0 \uc544\ub2c8\ud55c\ub2e4.\u201d
\n\u2022 Criminal Laws:
\n\u00fc \uc81c316\uc870, \ube44\ubc00\uce68\ud574 \ud589\uc704 \ucc98\ubc8c;
\n\u00fc \uc81c317\uc870, \uc758\uc0ac, \ud55c\uc758\uc0ac, \uce58\uacfc\uc758\uc0ac, \uc57d\uc81c\uc0ac, \uc870\uc0b0\uc0ac \ub4f1\uc774 \uc5c5\ubb34\ucc98\ub9ac \uc911 \uc9c0\ub4dd\ud55c \ud0c0\uc778
\n\uc758 \ube44\ubc00\uc744 \ub204\uc124\uc2dc \ucc98\ubc8c
\n\u2022 Privacy Act
\n\u2022 Acts on Information and Communication:
\n\u00fc \uc815\ubcf4\ud1b5\uc2e0\ub9dd\uc774\uc6a9\ucd09\uc9c4\ubc0f\uc815\ubcf4\ubcf4\ud638\ub4f1\uc5d0\uad00\ud55c\ubc95\ub960 \uc81c21\uc870(\uc804\uc790\ubb38\uc11c \ub4f1\uc758 \uacf5\uac1c \uc81c\ud55c)
\n\ubc0f \uc81c49\uc870(\ube44\ubc00 \ub4f1\uc758 \ubcf4\ud638)
\n\u00fc \uc804\uc790\uc11c\uba85\ubc95 \uc81c24\uc870(\uac1c\uc778\uc815\ubcf4\uc758 \ubcf4\ud638)
\n\u00fc \uacf5\uacf5\uae30\uad00\uc758\uac1c\uc778\uc815\ubcf4\ubcf4\ud638\uc5d0\uad00\ud55c\ubc95\ub960 \uc81c13\uc870(\ucc98\ub9ac\uc815\ubcf4\uc758 \uc5f4\ub78c\uc81c\ud55c)
\n\u2022 Medicine-related Acts
\n\u00fc \ubcf4\uac74\uc758\ub8cc\uae30\ubcf8\ubc95 \uc81c12\uc870(\ube44\ubc00\ubcf4\uc7a5)
\n\u00fc \uc758\ub8cc\ubc95 \uc81c19\uc870(\ube44\ubc00\ub204\uc124\uc758 \uae08\uc9c0)
\n\u00fc \uc804\uc5fc\ubcd1\uc608\ubc29\ubc95 \uc81c54\uc870\uc758 6
\n\u00fc \ud6c4\ucc9c\uc131\uba74\uc5ed\uacb0\ud54d\uc99d\uc608\ubc29\ubc95 \uc81c7\uc870
\n\u00fc \uc7a5\uae30\uc774\uc2dd\ub4f1\uc5d0\uad00\ud55c\ubc95\ub960 \uc81c27\uc870 26\/62
\n14
\nHIPAA
\n\u2022 Since 1996, U.S. congress
\n\u2022 data interchange standards
\n\u2022 data security
\n\u2022 patient privacy
\n\u2022 HIPAA Security and Electronic Signature
\nStandards, 1998
\n\u2022 HIPAA Standards for Privacy of Individually
\nIdentifiable Health Information, 2000
\n\u2022 HIPAA regulation starts in 2003
\nHealth Insurance Portability and Accountability Act
\nResearch
\n15
\nMulti-center studies
\n– The challenges
\nl Registries and Large databases
\n\u00fc Cancer
\n\u00fc Childhood immunizations
\n\u00fc Cardiovascularsurgery
\n\u00fc Mammography screening
\nl Quality improvement and assurance
\nl Technologic advancement, large-scale data sharing
\nl Federal, state laws & institutional policies
\nl Collection, storage, utilization and sharing
\nCategories of Information
\n16
\nMember sites
\nl Research endeavor vs. confidentiality protection
\nl Protect from unauthorized access
\nl Usage only in sanctioned and approved ways
\nl Prompt report and corrective measures against
\nbreaches of the policy
\nl Prompt response to inquires from concerned
\nparticipants
\nCategories of Information
\n17
\nUK Association of Cancer Registries
\nl Regulation 2 of the Statutory Instrument (SI) on confidentiality \u2013 No. 1438, The Health
\nService (Control of Patient Information) Regulations 2002 \u2013 permits cancer registries to
\nreceive patient identifiable data without the need for informed consent.
\nl However, there remains uncertainty about the circumstances when cancer registries are
\nallowed to disclose patient identifiable data held by them to third parts.
\nl PIAG has requested UKACR to develop explicit guidance for cancer registries advising
\nthem that they must comply with requests from patients to delete identifiable data about
\nthemselves from their databases.
\nl The basic idea for protecting patient privacy has been de-identification.
\nl However, the dichotomy of identifiable vs. non-identifiable distinction cannot be
\nmade.
\nl In reality, most of health data are \u2018Potentially Identifiable\u2019.
\n\u00fc Individual records
\n\u00fc Tabular data,basedon small geographic areas, with cell counts of fewer than five
\ncases\/events (or where counts of lessthanfive can be inferredby simple arithmetic)
\n\u00fc Tabular data containing cellsthat have underlying population denominatorsof less than
\napproximately 1000
\n34\/62
\nUK Association of Cancer Registries
\n18
\nPotentially identifiable data
\nl the intended use(s) of the data should be stated clearly
\nl the use(s) of the data should be justified and the data should not be used for any
\nother purposes
\nl the registry should not release data that are more detailed than necessary to fulfill
\nthe stated purpose
\nl the data should not be passed on to other third parties or released into the public
\ndomain
\nl the data should be kept securely for the period of time that can be justified by the
\nstated purpose, and then destroyed
\nl no attempt should be made to identify information pertaining to particular
\nindividuals or to contact individuals
\nl no attempt should be made to link the data to other data sets, unless agreed with
\nthe data providers
\nl any public domain reports or papers resulting from analyses of the provided data
\nshould be shared prior to publication with the cancer registry (or registries)
\nsupplying the information.
\nAmerican College of Epidemiology
\nPolicy Statements
\nl Routine anonymization of archivedmedical data :
\n\u00fc difficulty in tracing back to individuals
\n\u00fc Unable to predict what linkage might be useful in the future
\ninvestigations
\nl Individual informedconsent
\n\u00fc Untenable administrative, financial, and logistical burdens
\n\u00fc Non-participation and selection bias
\n19
\nACE with bigger challenges
\nNew Challenges
\n20
\nLife Logs & Genomes
\nNew Challenges
\nl Personal Genomes
\n\u00fc Fundamentally identifiable in itself
\n\u00fc Non-editability
\n\u00fc Beyond person, sharedby family members
\nl Life logging
\nl Bio-Banksand biomedical research
\nl TaxonomyforSecondary Uses
\n21
\n22
\nMom the worrier
\nYou
\nCrazy Uncle Bill
\nSkeptical
\nbrother
\nEarly adopter
\nsister
\nDad already signed up
\nto get sequenced
\nGrandpa says
\nno way!
\nAunt Erma worried
\nabout losing her
\ninsurance because
\nof her son\u2019s DNA
\nsequence
\nCousin Betty
\nwants to donate
\nher sequence to
\nscience and make
\nit totally public
\nGrandma is gone,
\nbut a sample
\nof her DNA still
\nexists\u2026
\nImpact on Family
\nHSLS, U.Pitt
\npersonal genetics
\neducation project
\n(link)
\nYour kids
\nYour potential kid?
\nEthical
\nand
\nTechnological
\n23
\nThank you!
\nhttp:\/\/www.snubi.org\/<\/p>\n"},"caption":{"rendered":"

WMA-HDB-Seoul_KIM 1 Data Confidentiality and Gene Privacy Ju Han Kim, M.D., Ph.D. Professor and Founding Chair, Div. of Biomedical Informatics, Seoul Nat\u2019l Univ. College of Medicine juhan@snu.ac.kr No one wants to expose\u2026 \u2022 credit card numbers \u2022 bank account numbers \u2022 passwords \u2022 sensitive data (patient data) 2 Protecting\u2026 \u2022 What? \u2022 Security \u2022 Privacy […]<\/p>\n"},"alt_text":"","media_type":"file","mime_type":"application\/pdf","media_details":{},"post":null,"source_url":"https:\/\/www.wma.net\/wp-content\/uploads\/2017\/01\/WMA-HDB-Seoul_KIM.pdf","_links":{"self":[{"href":"https:\/\/www.wma.net\/es\/wp-json\/wp\/v2\/media\/4096"}],"collection":[{"href":"https:\/\/www.wma.net\/es\/wp-json\/wp\/v2\/media"}],"about":[{"href":"https:\/\/www.wma.net\/es\/wp-json\/wp\/v2\/types\/attachment"}],"author":[{"embeddable":true,"href":"https:\/\/www.wma.net\/es\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wma.net\/es\/wp-json\/wp\/v2\/comments?post=4096"}]}}