Privacy Shortcomings in Health Data: Accentuating the Risks through Re-identifications Related to Reproductive Health

Abstract

With the recent reversal of Roe v. Wade and the resulting fear that health data could be used against an individual, the issue of privacy protections for health information has taken on a new sense of urgency. Yet, at the same time, a recent study has questioned whether the privacy problem still applies to patient health data. This thesis seeks to concretize the privacy risks for health data by evaluating the success of technical attempts as proscribed by state and federal policies at preserving privacy. Using publicly available hospital discharge data and newspaper birth notices from Washington State in 2011, this thesis performs re-identification experiments on women who gave birth. The thesis finds that neither existing state nor federal (HIPAA) practices sufficiently guarantee patient privacy in the hospital discharge data without compromising the analytical value of such data. Ultimately, this thesis aims to quantify the health privacy law gap and illustrate the limitations of existing technical measures for safeguarding against re-identification attacks.