Anonymize or synthesize? Privacy-preserving methods for heart failure score analytics

Abstract Aims Data availability remains a critical challenge in modern, data-driven medical research. Due to the sensitive nature of patient health records, they are rightfully subject to stringent privacy protection measures. One way to overcome these restrictions is to preserve patient privacy by using anonymization and synthetization strategies. In this work, we investigate the effectiveness of these methods for protecting patient privacy using real-world cardiology health records. Methods and results We implemented anonymization and synthetization techniques for a structure data set, which was collected during the HiGHmed Use Case Cardiology study. We employed the data anonymization tool ARX and the data synthetization framework ASyH individually and in combination. We evaluated the utility and shortcomings of the different approaches by statistical analyses and privacy risk assessments. Data utility was assessed by computing two heart failure risk scores on the protected data sets. We observed only minimal deviations to scores from the original data set. Additionally, we performed a re-identification risk analysis and found only minor residual risks for common types of privacy threats. Conclusion We could demonstrate that anonymization and synthetization methods protect privacy while retaining data utility for heart failure risk assessment. Both approaches and a combination thereof introduce only minimal deviations from the original data set over all features. While data synthesis techniques produce any number of new records, data anonymization techniques offer more formal privacy guarantees. Consequently, data synthesis on anonymized data further enhances privacy protection with little impacting data utility. We share all generated data sets with the scientific community through a use and access agreement.