Privacy Preserving Data Mining: An approach to safely share and use sensible medical data

Transcription

1 Privacy Preserving Data Mining: An approach to safely share and use sensible medical data Gerhard Kranner, Viscovery Biomax Symposium, June 24 th, 2016, Munich

2 Privacy protection vs knowledge gain What is Privacy Preserving Data Mining? Terms and standards Risks, limits, and issues Data mining without need of data disclosure Data abstraction with perceptual maps Connectome example

3 Privacy Preserving Data Mining Ø PPDM is the responsible use of data mining to extract useful knowledge from data without compromising data privacy. Which implies to Access, explore and model sensible data Share results, deploy analytical models But, in doing so, to Observe legal and ethical standards In particular, preserve data confidentiality

4 Basic terms Pseudonymization Replace identifying fields within each data record by pseudonyms (artificial codes) De-identification Remove, mask or generalize identifying information to prevent a person s identity from being connected with information Anonymization Irreversibly remove association between an identifying dataset and the data subject

5 Common de-identification methods Removal of identifiers Direct identifiers: name, address, social security number Quasi-identifiers: birthday, ZIP, sex Any links to identifying information Data and/or output perturbation Add non-deterministic noise to attribute values Mask, modify, aggregate values systematically Generalization (data binning, bucketing) Original data values which fall in a given small interval, a bin, are replaced by a value representative of that interval Generalize all dates to year: 17 th March 1983 à 1983 Reduce zip codes to three digits: D à 821

6 Example: Two-dimensional binning

7 The HIPAA Safe Harbor Method HIPAA Privacy Rule, USA, 2003: Provides mechanisms for using and disclosing health data responsibly without the need for patient consent EITHER apply Expert Determination Method OR remove or generalize 18 specific types of data: (A) Names (B) All geographic subdivisions, including street address, city, county, precinct, ZIP code, if the geographic unit contains less than 20,000 people (C) All elements of dates (except year) for dates that are directly related to an individual, including birth date, admission date, discharge date, death date, and all ages over 89 (D) Telephone numbers (E) Fax numbers (F) addresses (G) Social security numbers (H) Medical record numbers (I) Health plan beneficiary numbers (J) Account numbers (K) Certificate/license numbers (L) Vehicle identifiers and serial numbers, including license plate numbers (M) Device identifiers and serial numbers (N) Web Universal Resource Locators (URLs) (O) Internet Protocol (IP) addresses (P) Biometric identifiers, including finger and voiceprints (Q) Full-face photographs and any comparable images (R) Any other unique identifying number, characteristic, or code

8 Usual de-identification process Source: NISTIR 8053, De-Identification ofpersonal Information, 2015

9 Limits and issues Re-identification risk Cross-reference anonymous data with other data sources to re-identify the origin (linkage attack) May result in harms to individuals or groups De-identification is of limited use Not robust against advanced re-identification methods Impossible in certain cases E.g., genetic data cannot be safely anonymized due to huge amount of pattern information in bio-specimens which allows to re-identify the donors à Cannot be sure whether information is re-identifiable!

10 Implicit disclosure risk Attribute disclosure Adversary derives sensible information about a patient from released data in conjunction with disclosed information E.g. all patients in a list have a specific diagnosis Inferential disclosure When information can be inferred with high confidence from statistical properties of released data E.g. infer the income of a data subject from the (publicly available) purchase price of a home

11 Linkage attacks Link records in datasets based on similarity between subsets of attributes Combination of attributes allows to discern records in each dataset (fingerprint information) Use machine learning for pattern matching à Can link identity of data subjects in a (released or public) dataset with confidential information contained in another dataset

12 Linkage examples for re-identification Movie ratings Dataset 1: 500,000 training records containing customer ratings of movies (1 to 5 stars) published by Netflix Dataset 2: Ratings of (personally) registered users at IMDb With only eight movie ratings and dates, 96% of released Netflix subscribers can be uniquely identified Medical tests Only four consecutive laboratory test results of CHEM-7 (creatinine) uniquely distinguished 89.9% oft test subjects in a sample of 61,280 patients Credit card transactions Four distinct points in space and time were sufficient to specify uniquely 90% of the individuals in a sample of 1.1 million people

13 Conclusion De-identification should be applied Removal of direct identifiers is essential Must conform with legal regulations However, even complete anonymization Only reduces matching accuracy Doesn t prevent from re-identification Ø Tradiditonal de-identification is not sufficient to ensure privacy, yet being detrimental to data mining!

14 Consequences Need comprehensive strategies (Release Models) for the use of confidential data and results Observe data privacy Limit risk of re-identification Minimize information loss Need technologies that support these strategies Level of disclosed information under control of application Ideal application: Provides complete conceptual information without disclosing original data

15 Release Models Data Use Agreement (DUA) model Make de-identified data available under a legally binding data use agreement Conceptual model Provide access only to aggregate data while prohibiting access to records containing data on an individual Enclave model Keep data in kind of segregated enclave that restricts export of original data, instead accept queries from qualified users, run the queries on the data, and respond with results

16 Role and purpose based access control Source: Indumathi, InTech, 2012,

17 PPDM by decoupling models from data Represent original data in perceptual map Generates abstraction that directly shows data distribution Data statistics contained in microcluster ensemble Perform data mining on the map Explore, visualize, and cluster data distribution Enhance model with predictive capabilities Segregate map from original data Disclose map as conceptual repository for further explor n Deploy predictive model for use/integration in applications Enable access to original data via map Achievable through Micro-Cluster Queries (MCQ) User authorization for MCQ under control of application

18 Example: CIROCO data representation Vanfleteren et al., AJRCCM, 2013

19 CIROCO study: Model publication

20 CIROCO study: Diagnostic factors

21 CIROCO study: Aggregate statistics

22 Self-Organizing Maps (SOM) SOMs represent data distributions in perceptual maps Able to create maps from big / complex data Original data can be forgotten Maintains essential distribution information Contains local data statistics in microclusters (cluster binning) Released map is a conceptual repository to Visually explore data distributions Make complex distributions tangible Explore patterns and data dependences Draw benefit from sensible data without disclosing data

23 PPDM with Viscovery Workflow-oriented system for predictive modeling Explorative data mining, visual clustering Profiling, statistical analyses Classification, non-linear regression Based on innovative, patented combination of Self-Organizing Maps (SOM) Multivariate statistics Map can be segregated from original data Disclosure of map does not compromise privacy Can be integrated in operational systems (BioXM) Level of data disclosure under control of application

24 Viscovery data flow (project mode) Application data Model data Viscovery SOMine Preprocessing Analytical Datamarts Deidentified data Modeling Predictive Models Application Results

25 Viscovery data flow (operational mode) Viscovery One(2)One Engine User interaction Model name Model loading PPDM application with user access control Parameter name Parameter value Model recall Predictive Model Deidentified data Data record Result Model application

26 Example: Mining the connectome Connectome matrices of individual brains Source: De-identified, pseudonymized data (highly confidential) Connectivity Matrix + Diagnosis (Autism) + Personal data Draw conclusions about personality, mental disorders, Derive networks measures Build network graph from each matrix Calculate network measures (on global or local level) E.g. Clustering Coefficient, Characteristic Path Length, Transitivity, Assortativity, Betweenness Visualize, explore, cluster network data in Viscovery

27 Diffusion Tensor Imaging data from the Human Connectome Project Source:

28 Diffusion Tensor Imaging (DTI) Diffusion Gradients Reconstructed Fiber Tracts Connectivity Matrix Directed flow of water molecules detected by MR indicating fiber tracts Reconstructed fiber tracts indicate a potential anatomical connection between two brain areas Thickness of detected fibers between brain areas (color coded)

29 Topological graph of functional network Source: Bullmore, Sporns 2009, Nature Reviews Neuroscience, Vol. 10

30 Calculation of network measures Values are computed by Brain Connectivity Toolbox, Rubinov & Sporns, 2009 Source:

31 Can network measures hold as biomarkers for brain diseases?

32 Stratification of autism patients leveraging comprehensive clinical knowledge without compromising patient data privacy

33 Learn more and visit us at... Viscovery Software GmbH Kupelwiesergasse 27 A-1130 Wien Tel