Privacy Analytics Risk Assessment Tool
The Privacy Analytics Risk Assessment Tool (PARAT) takes the guesswork out of understanding the threat of re-identification. PARAT allows users to precisely measure the risk of re-identification. It optimally de-identifies information to protect individual privacy while retaining the data's value. Key de-identification features allow you to:
- Optimally de-identify cross-sectional, longitudinal and geospatial data;
- Assess risk and analyze data handling capabilities;
- Effectively de-identify small local data sets or massive databases on multi-core servers;
- Generate certificates documenting that a data set has a very small risk of re-identification;
- Simulate re-identification attacks in order to test alternative assumptions and do sensitivity analysis;
- Evaluate data quality after de-identification;
- Save and run de-identification specifications to be used on other databases in batch mode or at regular intervals on new data;
- Conduct risk assessments of internal data users or external data recipients on the cloud with the online Risk Assessment Tool.
- Accelerate the process of de-identifying data sets and releasing data;
- Ensure high data utility and data that is acceptable by analysts and increase the number of data releases/year;
- Methods, metrics and algorithms are transparent – peer reviewed;
- Defensible approach and audit trail help you meet regulatory obligations under HIPAA;
- Risk Mitigation – objectively manage your disclosure risks;
- Save days of work in the Privacy Office by automatically generating Data Sharing Agreements;
- Improved cost effectiveness, compared to doing analysis manually - positive cost of ownership.
PARAT is a Windows-based application and is compatible with a number of databases (e.g., Microsoft Access, Microsoft SQL Server, and Oracle). Using a simple four-step process, PARAT allows you to easily and safely use and disclose your valuable data.
Four Simple Steps
Step 1: Select The Indirect Identifiers To Be Released From The Data Set
Select and rank the variables that can be used for re-identification. This ranking (the variables' utility/importance to the person using the de-identified data set) will be used during the de-identification process to determine the optimal anonymization that balances re-identification risk and data utility.
Step 2: Set Your Re-Identification Risk Threshold
To balance the need for privacy with the need for data granularity, PARAT allows you to adjust the acceptable re-identification risk threshold of information based on the profile of the requesting person/organization. Risk-based de-identification ensures that individual privacy is protected while maintaining the released data's utility.
Step 3: Perform the Risk Analysis
PARAT calculates the data set's risk for three types of re-identification attacks: prosecutor, journalist and marketer. In this example, PARAT shows the risk is high (above 0.2) for all three types of re-identification attacks.
The three types of attack reflect three ways in which an adversary can re-identify one or more individuals in your database.
Step 4: De-Identify To Protect Data
PARAT uses several de-identification techniques, including suppression (removing high risk values in the database) and generalization (reducing the resolution of a given field). PARAT will automatically de-identify the data to reduce the re-identification risk to acceptable levels defined by the user and remain compliant with the relevant legislation.
The PARAT tool produces a Word report summarizing the results of the risk assessment and de-identification. See example report.
PARAT can also automatically produce a data sharing agreement for the de-identified data set.
If you need to de-identify data for business, research, public health, or testing purposes, then please contact us. We know health data and we know health regulations.
Professional Services Support
Need help with proper masking and de-identification of your data? Privacy Analytics also provides professional services to support our customers with their critical masking and de-identification needs.