Re-Identification Risk in HIPAA De-Identified Datasets: The MVA Attack.

We present a re-identification attack that uses indirect (non-HIPAA) identifiers to target a vulnerable subset of records de-identified to the HIPAA Safe Harbor standard, those involving motor vehicle accidents (MVAs). Documentation of an MVA in a patient note creates a significant risk to patient privacy through the MVA re-identification attack, with a relative risk of 537 compared to the general population. Patients in a significant MVA resulting in either permanent injury, hospitalization or death (for any victim) should have the accident location information omitted due to the significant risk of re-identification of HIPAA de-identified data. Clinicians should also consider omitting location information for any MVA, as it significantly increases the risk of re-identification.