Using Boolean reasoning to anonymize databases

This paper investigates how Boolean reasoning can be used to make the records in a database anonymous. In a medical setting, this is of particular interest due to privacy issues and to prevent the possible misuse of confidential information. As electronic medical records and medical data repositories get more common and widespread, the issue of making sensitive data anonymous becomes increasingly important. A theoretically well-founded algorithm is proposed that via cell suppression can be used to make a database anonymous before releasing or sharing it to the outside world. The degree of anonymity can be tailored according to the specific needs of the recipient, and according to the amount of trust we place in the recipient. Furthermore, the required measure of anonymity can be specified as far down as to the individual objects in the database. The algorithm can also be used for anonymization relative to a particular piece of information, effectively blocking deterministic inferences about sensitive database fields. (C) 1994 Elsevier Science B.V. All rights reserved.