1996-06-01 - Re: Statistical analysis of anonymous databases

Header Data

From: Asgaard <asgaard@sos.sll.se>
To: cypherpunks@toad.com
Message Hash: 24511fba82fa74b3efc7c9320d343ffd35b29cbddc39464242ff4ad7300e4ede
Message ID: <Pine.HPP.3.91.960601202706.4656A-100000@cor.sos.sll.se>
Reply To: <v02120d02add5829399c2@[192.0.2.1]>
UTC Datetime: 1996-06-01 23:11:28 UTC
Raw Date: Sun, 2 Jun 1996 07:11:28 +0800

Raw message

From: Asgaard <asgaard@sos.sll.se>
Date: Sun, 2 Jun 1996 07:11:28 +0800
To: cypherpunks@toad.com
Subject: Re: Statistical analysis of anonymous databases
In-Reply-To: <v02120d02add5829399c2@[192.0.2.1]>
Message-ID: <Pine.HPP.3.91.960601202706.4656A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 31 May 1996, Lucky Green wrote:

> HSS needs to verify that the researcher didn't just make up the data. The
> Department therefore has to be able to audit the results of the study by
> contacting a small subset of the participants directly. How can the
> Department contact the participants if they are known only under their
> nyms?

The evaluation of medical, and other, research is based on trust.
Some scientific journals are more trusted than others. Some research
institutions/heads of institutions are more trusted than others.
Original medical data are very rarely checked by outsiders, and if they
are the participating physical entities (patients) are never involved.
Verifying studies by other groups are usually needed before anything
is taken for a truth. So, in medical research in general, de-identified
data are perfectly useful.

In long-term epidemiological research identities are a big plus, though,
but for another reason than checking for scientific cheating. F ex,
the addition of a life-time SSN to peoples' credit cards would make it
possible in 50 years, when the 20-year old's of today start dying, to
compare causes of death with the items in the grocery store data banks
of today, finally deciding the cholesterol controversy (and other
things to make us live longer).

The Swedish National Medical Registry, where all diagnoses and surgical
procedures relating to hospital stays are entered, was de-identified
(except for year of birth) in 1993, by order from the Bureau of Data
Inspection. The epidemiologists haven't been able to sleep since, and
now there is a legislative initiative to enter full identities (our
infamous Person Numbers) again. I think it will pass.

In the discussions of this legislative initiative it has become
public knowledge that the database isn't even encrypted, and those
responsible for it see no need for changing this, since it's not
publically available. Epidemiologists are usually as naive as they
come.


Asgaard









Thread