28 points to protect subject data

Researchers need to seek informed consent about sharing data from patients before studies begin. That's the advice of Iain Hrynaszkiewicz and co-authors in BMJ, the British Medical Journal. Hrynaszkiewicz is managing editor at BioMed Central, a publisher of peer-reviewed, open access journals.

The authors identify 28 items of personal and clinical information that they say can make patients identifiable in anonymized datasets. They recommend that such direct identifiers as names be removed from datasets unless patients have explicitly consented. For indirect identifiers, including age and sex, none alone presents a problem but several, especially those concerning attributes, might. Their recommendation: In cases of three or more indirect identifiers, get a ruling from an independent expert or ethics committee to assess the risk of breaking a confidentiality agreement.

Demand for de-identified patient data is growing as researchers increasingly ask for raw data to support their findings, and as they begin to tap large stores of medical records through collaborations with hospitals and universities (see related story). But de-identification is so far being done in a variety of ways and to no particular standard.

- here's the article