Who / When / Where
Instructor: Bradley Malin
Semester: Spring 2008
Time: Tuesdays & Thursdays, 2:35 - 3:50pm
Location: Featheringill Hall, Room 313

Schedule (Subject to Change)
Week Date Topic Readings Assignments
0 1/10 (Th) Introduction & Basic Principles (PDF) N/A -
1 1/15 (Tu) Ideologies, Laws, & Regulations (PDF)
  1. HHS Summary of the HIPAA Privacy Rule (PDF)
  2. Health Privacy Project Summary of State Privacy Laws
    3. Compare Tennessee with another state (student's choice).
-
1 1/17 (Th) De-identification, Re-identification, & Uniqueness (PDF)
  1. Selection from L. Sweeney. Uniqueness of Simple Demographics in the U.S. population. Working Paper LIDAP-WP4. Laboratory for International Data Privacy. Pittsburgh, PA: 2000. [handout in class]
  2. P. Golle. Revisiting the uniqueness of simple demographics in the US population. In Proceedings of the Workshop on Privacy in the Electronic Society. 2006; 77-80. (PDF)
-
2 1/22 (Tu) Part I. Metrics Beyond Uniqueness (PDF)

Part II. Availability of Personal Information (PDF)
  1. L. Sweeney. Information Explosion. Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies, L. Zayatz, P. Doyle, J. Theeuwes and J. Lane (eds), Urban Institute, Washington, DC, 2001. (PDF)

    2. Optional
  2. D. Solove. Access and Aggregation: Public Records, Privacy, & the Constitution. Minnesota Law Review. 2002; 86: 1137-1209. (Download)
 Homework #1 Out (PDF)
2 1/24 (Th) Numbers, Numbers, Numbers, and Fraud (PDF)
  1. Robert Ellis Smith. Chapter 11: Numbers, 1965 - 2000. In Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet. Privacy Journal. 2000. [handout in class]

    2. Optional
  2. Testimony of Marc Rotenberg at the Hearing on "Protecting the privacy of the Social Security Number from Identity Theft" before the Subcommittee on Social Security, Committee on Ways and Means, U.S. House of Representatives. June 21, 2007.
-
3 1/29 (Tu) Performance Measures (PDF)

Deterministic Record Linkage (PDF)
  1. William Winkler. Matching and Record Linkage. In Brenda G. Cox, editor, Business survey methods. Wiley, 1995, pages 355-384. (PDF)

    2. Optional
  2. H.B. Newcombe, J.M. Kennedy, S.J. Axford, and A.P. James. Automatic linkage of vital records. Science. 1959; 130: 954–959.
  3. I.P. Fellegi and A.B. Sunder. A theory of record linkage. Journal of the American Statistical Association. 1969; 40: 1183-1210.
 -
3 1/31 (Th) Probabilistic Record Linkage & String Comparators (PDF)
  1. W. Cohen, P. Ravikumar, and S. Fienberg. A Comparison of String Distance Metrics for Name-Matching Tasks. Proceedings of the IJCAI-03 Workshop on Information Integration on the Web (IIWeb-03). 2003: 73-78. (PDF)

    2. Optional
  2. P. Christen. Febrl - A freely available record linkage system with a graphical user interface. Proceedings of the Australasian Workshop on Health Data and Knowledge Management (HDKM), Wollongong, January 2008. (PDF)
 -
4 2/5 (Tu) Probabilistic Record Linkage & EM Algorithms (PDF) None. Homework #1 Due
4 2/7 (Th) Trails & Graph-Based Models of Privacy (PDF)
  1. B. Malin. Betrayed by my shadow: Learning data identity via trail matching. Journal of Privacy Technology. 2005. (PDF)

    2. Optional
  2. B. Malin and L. Sweeney. How (not) to protect genomic data privacy in a distributed network: using trail re-identification to evaluate and design anonymity protection systems. Journal of Biomedical Informatics. 2004; 37(3): 179-192.
 -
5 2/12 (Tu) Text Scrubbing Part I (PDF)
  1. B. Beckwith, et al. Development and evaluation of an open source software tool for deidentification of pathology reports. BMC Medical Informatics and Decision Making. 2006 Mar 6; 6: 12.
  2. B. Wellner, et al. Rapidly Retargetable Approaches to De-identification in Medical Records. Journal of the American Medical Informatics Association. 2007; 14: 564-573.

    3. Optional
  3. J.J. Berman. Concept-match medical data scrubbing: how pathology text can be used in research. Archives of Pathology and Laboratory Medicine. 2003 Jun;127(6):680-6.
 -
5 2/14 (Th) Clinical Concept Extraction and Scrubbing
Guest Lecturer: Josh Denny, M.D.
  1. K. Liu, K. Mitchell, W. Chapman, and R. Crowley. Automating tissue bank annotation from pathology reports - comparison to a gold standard expert annotation set. Proceedings of the American Medical Informatics Association Annual Symposium. 2005: 460-464

    2. Optional
  2. D. Gupta, M. Saul, J. Gilbertson. Evaluation of a deidentification (De-Id) software engine to share pathology reports and clinical documents for research. American Journal of Clinical Pathololgy. 2004; 121: 176–186. (PDF)
 Homework #2 Out
6 2/19 (Tu) Formal Models of Anonymity (PDF)
  1. Sweeney L. k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems. 2003; 10 (5), 2002: 557-570. (PDF)
  2. Ohno-Machado L, Silveira PS, Vinterbo S. Protecting patient privacy by quantifiable control of disclosures in disseminated databases. International Journal of Medical Informatics. 2004 Aug; 73(7-8): 599-606.
-
6 2/21 (Th) Algorithmic Approaches to Satisfy Formal Anonymity Models (PDF)
  1. L. Sweeney. Achieving k-anonymity privacy protection using generalization and suppression. International Journal of Uncertainty, Fuzziness, and Knowledge-Based Systems. 2002; 571- 588. (PDF)
  2. K. Lefevre, D. DeWitt, R. Ramakrishnan. Mondrian multi-dimensional k-anonymity. Proceedings of the 22nd IEEE International Conference on Data Engineering. 2006; 25. (PDF)
 -
7 2/26 (Tu) DNA & Familial Databases - Part I (PDF)
  1. B. Malin. An evaluation of the current state of genomic data privacy protection technology and a roadmap for the future. 2005; 12: 28-34.

    2. Optional
  2. Z. Lin, a. Owen, and R. Altman. Genomic research and human subject privacy. 2004; 305: 5681. + supplemental material on experiments
Homework #2 Due
7 2/28 (Th) DNA & Familial Databases - Part II (PDF)
  1. Z. Lin, M. Hewett, and R. Altman. Using Binning to Maintain Confidentiality of Medical Data. Proceeding of the American Medical Informatics Association Annual Symposium. 2002: 454-459.
  2. B. Malin. Protecting Genomic Sequence Anonymity with Generalization Lattices. Methods of Information in Medicine. 2005; 44(5): 687-692.
-
- 3/4 (Tu) Spring Break - No Classes No readings -
- 3/6 (Th) Spring Break - No Classes No readings Project Proposal Due on 3/9/08
8 3/11 (Tu) Legal Issues in Biomedical Privacy
Guest Lecturer: Ellen Wright-Clayton, M.D., J.D.
  1. E.W. Clayton. Ethical, legal, and social implications of genomic medicine. New England Journal of Medicine. 2003; 349(6): 562-569.

  2. National Institutes of Health. NIH points to consider for IRBs and Institutions in their review of data submission plans for institutional certifications under NIH's policy for sharing of data obtained in NIH supported or conducted genome wide association studies (GWAS). Nov. 11, 2007.
 -
8 3/13 (Th) Ethical Reasoning for Privacy Technology (PDF)
    None
-
9 3/18 (Tu) Oversight & Governance for Privacy Technology (PDF)
  1. J. Alexander and J. Smith. Engineering privacy in public: confounding face recognition. In Proceedings of the 3rd Privacy Enhancing Technologies Workshop, Springer Lecture Notes in Computer Science, Volume 2760, 2003; 88-106.
  2. E. Newton, L. Sweeney, and B. Malin. Preserving privacy by de-identifying facial images. IEEE Transactions on Knowledge and Data Engineering. 2005; 17(2): 232-243.

    3. Optional
  3. Q. Zhao and J. Stasko. Evaluating image filtering based techniques in media space applications. In Proceedings of the ACM Conference on Computer Supported Cooperative Work. 1998: 11–18.
-
9 3/20 (Th) Image and Video Protection (PDF)
  1. J. Wang, G. Wiederhold, J. Li. Wavelet-based progressive transmission and security filtering for medical image distribution. Advances in Biomedical Image Databases, S. Wong (Ed.), Kluwer International Series in Engineering and Computer Science, Secs 465, 303-324.
-
10 3/25 (Tu) Image & Signal Filtering (PDF)
  1. A. Bischoff-Grethe, et al. A technique for the deidentification of structural brain MR images. Human Brain Mapping. 2007; 28(9): 892 - 903.
 -
10 3/27 (Th) Student Project Status Report Presentations None Project Status Reports Due on 3/30/08
11 4/1 (Tu) Biosurveillance and Geospatial Information (PDF)
  1. C. Cassa, S. Grannis, M. Overhage, and K. Mandl. A context-sensitive approach to anonymizing spatial surveillance data: impact on outbreak detection. Journal of the American Medical Informatics Association. 2006; 13(2): 160-165.

    2. Optional
  2. K. Olson, S. Grannis, K. Mandl. Privacy protection versus cluster detection in spatial epidemiology. American Journal of Public Health. 2006; 96(11): 2002-2008.
Homework #3 Out
11 4/3 (Th) Digital Rights Management (PDF)
Guest Lecturer: Yi Cui, Ph.D.
    None.
-
12 4/8 (Tu) Privacy Preserving Data Mining - Horizontally I (PDF)
  1. J. Vaidya and C. Clifton. Privacy-preserving data mining: why, how, and when. IEEE Security and Privacy. 2004; 2(6): 19-27. (Download PDF from IEEEXplore)
 -
12 4/10 (Th) Data Mining - Horizontally II (PDF)
    None. Time to finish your homework.
Homework #3 Due
13 4/15 (Tu) Privacy Preserving Record Linkage (PDF)
  1. J.J. Berman. Zero-check: a zero-knowledge protocol for reconciling patient identities across institutions. Archives of Pathology and Laboratory Medicine. 2004; 128: 344-347.

    2. Optional
  2. C. Quantin, et al. How to ensure data security of an epidemiological follow-up: quality assessment of an anonymous record linkage procedure. International Journal of Medical Informatics. 1998; 49(1): 117-122.
 -
13 4/17 (Th) Secure String Comparison (PDF)
  1. T. Churches and P. Christen. Some methods for blindfolded record linkage. BMC Medical Informatics and Decision Making. 2004; 4: 9.

    2. Optional
  2. P. Ravikumar, W. Cohen, and S. Fienberg. A secure protocol for computing string distance metrics. In Proceedings of the IEEE Workshop on Privacy and Security Aspects of Data Mining. 2004.
 -
14 4/22 (Tu) Final Project Presentations; Wrap Up Session
  1. None
 Final Project Reports Due on 4/29/08