The Role of Inference in the Anonymization of Medical Records

The quality of life has been significantly improved and one of the main reasons is the medical advances of the past decades. Nevertheless, to further advance the research and services in the field, practitioners, researchers and health organizations should share more information. While this need is indisputable, the sensitivity of the information demands that it is preprocessed, so that the published data are anonymized and individuals cannot be identified. The scope of this work is to highlight the difficulties in providing automated anonymization approaches for medical records without consulting experts in the field. One of the major problems that is going to be highlighted is that Quasi-Identifiers (QI) are not independent. It is well known that combinations of QIs can be used to infer other relevant information. Nevertheless, this work tries to exploit the other way of information flow, we show how sensitive attributes can be exploited to derive information about the QIs, leading to many privacy hazards for the patients whose records are shared. To this extent, we illustrate some relevant examples and discuss probable counter-measures.