Three computational systems for disclosing medical data in the year 1999.

Today most organizations release and receive medical data with all explicit identifiers, such as name, address, and phone number, removed in the incorrect belief that patient confidentiality is maintained because the resulting data look anonymous. We examine three computer programs that do maintain patient confidentiality when disclosing electronic medical records: the Scrub System which locates personally-identifying information in letters between doctors and notes written by clinicians; the Datafly System which generalizes data within the record based on a profile of the recipient at the time of access; and, the mu-Argus System which is becoming a European standard for disclosing public use data. The techniques presented in these systems help protect confidentiality in the face of a changing globally-networked society with immediate access to volumes of personal data.