The information in hospital prescription records can quite easily re-identify patients, according to a recent study led by Dr. Khaled El Emam, the Canada Research Chair in Electronic Health Information at the CHEO Research Institute.
Information on drug prescriptions are a highly sought after commodity. Pharmaceutical companies like to access this data to fine tune their marketing and sales efforts. Many retail pharmacies in Canada sell their prescription records to commercial data aggregators who perform analyses for pharmaceutical companies; the potential privacy risk with such a practice is if the patients can be re-identified from this data. There is now more demand for this data from hospital pharmacies as well.
Dr. El Emam's study, titled "Evaluating the Risk of Re-identification of Patients from Hospital Prescription Records", demonstrates the importance of ensuring the proper de-identification of patient records. The study demonstrates a methodology for deciding which data to keep and which to de-identify, since hospital prescription data contains details such as where patients live and when they were admitted to the hospital.
"A meaningful risk analysis requires an understanding of the nature of plausible re-identification scenarios" explained Dr. El Emam "and is typically performed with a hospital's privacy officer to ensure that the risk to patient re-identification remains as low as possible."
The risk analysis performed in this study provided a way to anonymize the hospital prescription data to maintain the privacy of the patients, by generalizing and removing some variables such as postal codes, admission and discharge dates, or gender, before they are shared with outside companies.
Dr. El Emam's first article was published in the July-August issue of the Canadian Journal of Hospital Pharmacy
and explains how he went about analyzing the data and finding the right combination of variables to ensure the privacy of hospital patients.
In a different study published earlier this year titled "Evaluating predictors of geographic area population size cutoffs to manage re-identification risk" Dr. El Emam performed the same risk analysis on the information released by retail pharmacies in Canada. The conclusion was that the risk of re-identifying patients from these prescription records was very small, and the privacy risks were consequently also small. This highlights the point that privacy risks in prescription records does depend on the source: retail vs. hospital.