Health Data Anonymization Test

Framework Basis

This assessment integrates multiple evidence-based privacy frameworks:

• HIPAA Safe Harbor: Requires removal of 18 specific identifier categories (45 CFR §164.514(b)(2))
• HIPAA Expert Determination: Statistical/scientific principles to assess very low re-identification risk
• k-anonymity: Each quasi-identifier combination must appear for ≥k individuals (Sweeney 2002)
• l-diversity: Each k-anonymous group must have ≥l distinct sensitive attribute values
• t-closeness: Sensitive attribute distributions within groups match overall distribution
• GDPR Article 89: Safeguards for research data including pseudonymization and minimization

Scoring System

Weighted scoring across 6 privacy dimensions:

• Direct Identifiers (35%): Removal of names, SSN, contact info, biometrics
• Quasi-Identifiers (25%): De-identification of dates, geography, rare conditions, age extremes
• k-Anonymity (20%): Group size and quasi-identifier generalization
• l-Diversity (10%): Sensitive attribute diversity and t-closeness
• External Linkage (5%): Public dataset availability and differential privacy
• Documentation (5%): Process documentation and expert review

Note: Higher privacy scores indicate lower re-identification risk. Risk Score = 100 - Privacy Score.

Interpretation Guidelines

• 0-20% Risk (Low): Strong de-identification, likely HIPAA compliant, suitable for research sharing with DUA
• 21-40% Risk (Moderate): Acceptable with additional safeguards; expert determination recommended
• 41-60% Risk (High): Substantial risk, insufficient for compliance; significant additional protection needed
• 61-100% Risk (Critical): Severe privacy violations; dataset should not be shared externally

Each question includes methodology notes explaining the privacy science basis and regulatory requirements.