Skip to main content

Less than five is less than ideal: replacing the “less than 5 cell size” rule with a risk-based data disclosure protocol in a public health setting

Abstract

Setting

The Winnipeg Regional Health Authority (WRHA) is one of the largest and most diverse health regions in Canada. Within the WRHA, the Population and Public Health (PPH) Surveillance Team provides epidemiological support across a variety of public health service areas.

Intervention

We developed and deployed a risk-based data disclosure protocol that balances the need to share public health surveillance data with the need to protect personal health information.

Outcomes

Unlike the conventional data disclosure standard adopted in Manitoba (suppress cell sizes < 5), the new protocol is based upon a risk-based re-identification approach that focuses on the size of the denominator instead of the numerator. This approach has allowed for innovation in data dissemination infrastructure within the unit that would not have been possible previously, including the deployment of public-facing cloud-based interactive maps and dashboards. It has also resulted in strengthened protection of personal health information as the risk of re-identification can now be precisely calculated across all data release situations.

Implications

In challenging the “cell size less than five” rule, this project is an example of how a scientifically based data disclosure protocol can support a public health organization in meaningful sharing of population health data with community partners and the public. This helps ensure that program and policy responses are empirically based, strategically focused, and cross-jurisdictionally coordinated.

Résumé

Contexte

L’Office régional de la santé de Winnipeg (ORSW) est l’une des régions de la santé les plus vastes et diverses du Canada. Au sein de l’ORSW, l’équipe de la surveillance de la Santé de la population et du public (SPP) fournit du soutien épidémiologique dans divers secteurs des services de santé publique.

Intervention

Nous avons élaboré et mis en œuvre un protocole de divulgation des données fondé sur les risques qui tient compte du besoin de partager des données de surveillance de la santé publique et du besoin de protéger les renseignements personnels sur la santé.

Résultats

À la différence de la norme conventionnelle de divulgation des données adoptée au Manitoba (élimination des cellules de valeur < 5), le nouveau protocole est fondé sur une approche de réidentification basée sur le risque qui met l’accent sur la taille du dénominateur plutôt que du numérateur. Cette approche a permis d’innover l’infrastructure de diffusion des données au sein de l’unité, laquelle n’aurait pas été possible auparavant, y compris la mise en place de cartes et de tableaux de bord interactifs publics axés sur l’informatique en nuage. Cette approche a également fourni une protection accrue des renseignements personnels sur la santé puisque le risque de réidentification peut dorénavant être calculé avec précision dans toutes les situations de divulgation des données.

Répercussions

En remettant en question la règle de « cellules de valeur < 5 », ce projet représente comment un protocole de divulgation des données fondé scientifiquement peut appuyer un organisme de santé publique dans le partage significatif de données de santé de la population avec des partenaires communautaires et le public. Les réponses en matière de programmes et de politiques sont ainsi empiriques, stratégiques et coordonnées de façon interjuridictionnelle.

This is a preview of subscription content, access via your institution.

References

  1. El Emam, K. (2010). Risk-based de-identification of health data. Security & Privacy, IEEE, 8(3), 64–67.

    Article  Google Scholar 

  2. El Emam, K., & Dankar, F. K. (2008). Protecting privacy using k-anonymity. Journal of the American Medical Informatics Association, 15(5), 627–637.

    Article  Google Scholar 

  3. Fairchild, A., Bayer, R., & Colgrove, J. (2007). Privacy and public health surveillance: the enduring tension. The Virtual Mentor, 9(12), 838.

    PubMed  Google Scholar 

  4. Government of Manitoba. (2017). The Personal Health Information Act.

  5. Information and Privacy Commissioner. (2016). De-identification guidelines for structured data. Ottawa.

  6. Macek, C., & Boillot, N. (2019). Opinion: The hidden costs of data protection in public health.

  7. Matthews, G., Harel, O., & Aseltine, R. (2016). Privacy protection and aggregate health data: a review of tabular cell suppression methods (not) employed in public health data systems. Health Services & Outcomes Research Methodology, 16(4), 258–270.

    Article  Google Scholar 

  8. Population Health Surveillance Team. The epidemiology of communicable diseases in the Winnipeg Health Region, 2013–2018. 2019; Available from: https://public.tableau.com/profile/survdeploy#!/vizhome/CD-TSR2019_Reportreplica_FINAL/SUMMARYTABLE?publish=yes.

  9. Rittel, H. W. J., & Webber, M. M. (1973). Dilemmas in a general theory of planning. Policy Sciences, 4(2), 155–169.

    Article  Google Scholar 

  10. Special Advisory Committee on the Epidemic of Opioid Overdoses. (2019). National report: apparent opioid-related deaths in Canada (January 2016 to March 2019). Ottawa: Public Health Agency of Canada.

  11. Statistics Canada. (2016). Census profile - area and data suppression. Available from: https://www12.statcan.gc.ca/census-recensement/2011/dp-pd/prof/help-aide/N3.cfm.

  12. Statistics Canada. (2019). Privacy notice. Available from: https://www.statcan.gc.ca/eng/reference/privacy.

  13. Sweeney, L. (2000). Simple demographics often identify people uniquely. Carnegie Mellon University, Data Privacy Working Paper 3: Pittsburgh.

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Krista Wilkinson.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Electronic supplementary material

ESM 1

(DOC 28 kb)

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wilkinson, K., Green, C., Nowicki, D. et al. Less than five is less than ideal: replacing the “less than 5 cell size” rule with a risk-based data disclosure protocol in a public health setting. Can J Public Health 111, 761–765 (2020). https://doi.org/10.17269/s41997-020-00303-8

Download citation

Keywords

  • Privacy
  • Data disclosure
  • Personal health information
  • Public health surveillance
  • K-anonymity
  • Cell suppression
  • Re-identification risk

Mots-clés

  • Confidentialité
  • Divulgation des données
  • Renseignements personnels sur la santé
  • Surveillance de la santé publique
  • K-anonymat
  • Élimination des cellules
  • Risque de réidentification