Those in the habit of looking for privacy invasions can find them everywhere. This phenomenon is on display in the recent news coverage of Sorrell v. IMS Health Inc, a case currently under review by the Supreme Court. The fear is that, in the information age, data subjects could be re-identified using the vast amount of auxiliary information available about each of us in commercial databases and on the internet.
Such fears have already motivated the Federal Trade Commission to abandon the distinction between personally identifiable and anonymized data in their Privacy By Design framework. If the Department of Health and Human Services (HHS) were to follow suit, the result would be nothing short of a disaster for the public, since de-identified health data are the workhorse driving numerous health care systems improvements and medical research activities.
Luckily, we do not actually face a grim choice between privacy and public health. This short article describes the small but growing literature on de-anonymization—the ability to re-identify a subject in anonymized research data. When viewed rigorously, the evidence that our medical secrets are at risk of discovery and abuse is scant.