FAIR and Square: Privacy Compliance Framework for Healthcare Databases

High-throughput technologies generate vast amounts of data and may include sensitive data. This raises significant privacy concerns particularly for individuals whose genomic DNA (data) are collected, along with their personal data (metadata). Existing privacy-preserving techniques fail to adequately safeguard against the risks of singling out individuals, linkability, and inference attacks, such as those articulated in Recital 26 and WP216 of General Data Protection Regulation (GDPR). To reduce the possibility of such attacks, we have developed a privacy framework for patient health related datasets. By using a novel P ₂₉ Score, we quantify GDPR-compliance. In addition, a web interface was designed and implemented with inputs from various stakeholders, such as researchers, data stewards, and the general public. Initial evaluations using various machine-learning algorithms on pre- and post- generalized datasets demonstrate the framework’s effectiveness in mitigating privacy risks while preserving data usability.