PS3-13: Re-Identification Risk Associated with Sharing Linked Genomic and Phenotypic Data from the Kaiser Permanente Research Program on Genes, Environment and Health (RPGEH)

Abstract

Background/Aims It is now understood that conventional de-identification methods such as the HIPAA Safe Harbor standard do not guarantee anonymity of patient records, which may be vulnerable to a variety of attacks aimed at re-identifying confidential information. We present an analytic framework for evaluating these risks quantitatively in order to be able to explicitly balance privacy and scientific utility. As a concrete example, we examine implications for patient privacy of plans to deposit over 70,000 full-genome genotypes and associated clinical data in the dbGaP federally-managed data repository, as a component of a NIH-funded study conducted by the Research Program on Genes, Environment, and Health (RPGEH) at the Kaiser Permanente Northern California Division of Research (KPNC DOR). Risks are examined from multiple perspectives and risk reduction strategies discussed.