See the published version of this article at International Journal of Health Geographics.
This is a preprint, a preliminary version of a manuscript that has not completed peer review at a journal. Research Square does not conduct peer review prior to posting preprints. The posting of a preprint on this server should not be interpreted as an endorsement of its validity or suitability for dissemination as established information or for guiding clinical practice.
Learn more about In Review
Research
Measuring The Impact of Spatial Perturbations on The Relationship Between Data Privacy and Validity of Descriptive Statistics
Kelly Broen
University of Michigan School of Public Health
Corresponding Author
ORCiD: https://orcid.org/0000-0002-2220-4026
License:
This work is licensed under a CC BY 4.0 License. Read Full License
View the published version at International Journal of Health Geographics.
Background: Like many scientific fields, epidemiology is addressing issues of research reproducibility. Spatial epidemiology, which often uses the inherently identifiable variable of participant address, must balance reproducibility with participant privacy. In this study, we assess the impact of several different data perturbation methods on key spatial statistics and patient privacy.
Methods: We analyzed the impact of perturbation on spatial patterns in the full set of address- level mortality data from Lawrence, MA during the period from 1911-1913. The original death locations were perturbed using seven different published approaches to stochastic and deterministic spatial data anonymization. Key spatial descriptive statistics were calculated for each perturbation, including changes in spatial pattern center, Global Moran’s I, Local Moran’s I, distance to the k-th nearest neighbors, and the L-function (a normalized form of Ripley’s K). A spatially adapted form of k-anonymity was used to measure the privacy protection conferred by each method, and the its compliance with HIPAA privacy standards.
Results: Random perturbation at 50 meters, donut masking between 5 and 50 meters, and Voronoi masking maintain the validity of descriptive spatial statistics better than other perturbations. Grid center masking with both 100x100 and 250x250 meter cells led to large changes in descriptive spatial statistics. None of the perturbation methods adhered to the HIPAA standard that all points have a k-anonymity > 10. All other perturbation methods employed had at least 265 points, or over 6%, not adhering to the HIPAA standard.
Conclusions: Using the set of published perturbation methods applied in this analysis, HIPAA- compliant de-identification was not compatible with maintaining key spatial patterns as measured by our chosen summary statistics. Further research should investigate alternate methods to balancing tradeoffs between spatial data privacy and preservation of key patterns in public health data that are of scientific and medical importance.
Keywords
epidemiology, Data Privacy, HIPAA
Figure 1
Figure 2
Figure 3
Due to technical limitations, full-text HTML conversion of this manuscript could not be completed. However, the manuscript can be downloaded and accessed as a PDF.
Badges
Prescreen
This manuscript passed our Prescreen assessment
Complete author information
Appropriate declaration statements
Potential risks to human health
Prescreen
Peer Review Timeline
CURRENT STATUS: Published
Version 1
Posted 18 Sep, 2020
Published
On 07 Jan, 2021
No community comments so far
Editorial decision: Major revision
On 28 Oct, 2020
Review #4 received
Received 18 Oct, 2020
Review #2 received
Received 16 Oct, 2020
Review #1 received
Received 14 Oct, 2020
Review #3 received
Received 08 Oct, 2020
Reviewer #5 agreed
On 21 Sep, 2020
Reviewer #4 agreed
On 20 Sep, 2020
Reviewer #3 agreed
On 19 Sep, 2020
Reviewer #2 agreed
On 16 Sep, 2020
Reviewers invited
Invitations sent on 16 Sep, 2020
Reviewer #1 agreed
On 16 Sep, 2020
Editor assigned
On 15 Sep, 2020
Submission checks complete
On 14 Sep, 2020
Editor invited
On 14 Sep, 2020
First submitted
On 13 Sep, 2020
Metrics
Comments: 0
PDF Downloads: ...
HTML Views: ...
Subject Areas
Geographic Information Systems
Learn more about our company.
This preprint is under consideration at International Journal of Health Geographics. A preprint is a preliminary version of a manuscript that has not completed peer review at a journal. Research Square does not conduct peer review prior to posting preprints. The posting of a preprint on this server should not be interpreted as an endorsement of its validity or suitability for dissemination as established information or for guiding clinical practice.
Learn more about In Review
Research
Measuring The Impact of Spatial Perturbations on The Relationship Between Data Privacy and Validity of Descriptive Statistics
Kelly Broen
University of Michigan School of Public Health
Corresponding Author
ORCiD: https://orcid.org/0000-0002-2220-4026
Badges
Prescreen
This manuscript passed our Prescreen assessment
Complete author information
Appropriate declaration statements
Potential risks to human health
Prescreen
Peer Review Timeline
CURRENT STATUS: Published
Version 1
Posted 18 Sep, 2020
Published
On 07 Jan, 2021
No community comments so far
Editorial decision: Major revision
On 28 Oct, 2020
Review #4 received
Received 18 Oct, 2020
Review #2 received
Received 16 Oct, 2020
Review #1 received
Received 14 Oct, 2020
Review #3 received
Received 08 Oct, 2020
Reviewer #5 agreed
On 21 Sep, 2020
Reviewer #4 agreed
On 20 Sep, 2020
Reviewer #3 agreed
On 19 Sep, 2020
Reviewer #2 agreed
On 16 Sep, 2020
Reviewers invited
Invitations sent on 16 Sep, 2020
Reviewer #1 agreed
On 16 Sep, 2020
Editor assigned
On 15 Sep, 2020
Submission checks complete
On 14 Sep, 2020
Editor invited
On 14 Sep, 2020
First submitted
On 13 Sep, 2020
Metrics
Comments: 0
PDF Downloads: ...
HTML Views: ...
Subject Areas
Geographic Information Systems
License:
This work is licensed under a CC BY 4.0 License. Read Full License
View the published version at International Journal of Health Geographics.
Background: Like many scientific fields, epidemiology is addressing issues of research reproducibility. Spatial epidemiology, which often uses the inherently identifiable variable of participant address, must balance reproducibility with participant privacy. In this study, we assess the impact of several different data perturbation methods on key spatial statistics and patient privacy.
Methods: We analyzed the impact of perturbation on spatial patterns in the full set of address- level mortality data from Lawrence, MA during the period from 1911-1913. The original death locations were perturbed using seven different published approaches to stochastic and deterministic spatial data anonymization. Key spatial descriptive statistics were calculated for each perturbation, including changes in spatial pattern center, Global Moran’s I, Local Moran’s I, distance to the k-th nearest neighbors, and the L-function (a normalized form of Ripley’s K). A spatially adapted form of k-anonymity was used to measure the privacy protection conferred by each method, and the its compliance with HIPAA privacy standards.
Results: Random perturbation at 50 meters, donut masking between 5 and 50 meters, and Voronoi masking maintain the validity of descriptive spatial statistics better than other perturbations. Grid center masking with both 100x100 and 250x250 meter cells led to large changes in descriptive spatial statistics. None of the perturbation methods adhered to the HIPAA standard that all points have a k-anonymity > 10. All other perturbation methods employed had at least 265 points, or over 6%, not adhering to the HIPAA standard.
Conclusions: Using the set of published perturbation methods applied in this analysis, HIPAA- compliant de-identification was not compatible with maintaining key spatial patterns as measured by our chosen summary statistics. Further research should investigate alternate methods to balancing tradeoffs between spatial data privacy and preservation of key patterns in public health data that are of scientific and medical importance.
Figure 1
Figure 2
Figure 3
Due to technical limitations, full-text HTML conversion of this manuscript could not be completed. However, the manuscript can be downloaded and accessed as a PDF.