8.3 PRIVACY OF HEALTHCARE BIG DATA          207




































               FIG. 8.10
               Working principle of blockchain technology.

               termed as PII. Similarly, any information that helps de-anonymizing unidentified information is also
               considered as PII. In privacy, several studies have identified digital identities as a source of the user iden-
               tifier. Pfitzmann and Hansen [46] defined PII as “An identity is any subset of attribute values of an in-
               dividual person which sufficiently identifies this individual person within any set of persons.”
               McCallister et al. [47] of the National Technical Information Service (NTIS) defines “any information
               about an individual maintained by an agency, including (PII) any information that can be used to distin-
               guish or trace an individual’s identity, such as name, social security number, date and place of birth,
               mother’s maiden name, or biometric records; and (linked PII or PPII) any other information that is linked
               or linkable to an individual, such as medical, educational, financial, and employment information.”
                  Potential personally identifiable information (PPII): Aforementioned studies also stated that a
               personal identity or PII is not limited to a single number or entity and that combining partial charac-
               teristics or entities can also generate a complete PII or identity. This concept of partial identity or po-
               tential personally identifiable information (PPII) was defined by Pfitzmann and Hansen [46] as “A
               partial identity is a subset of attribute values of a complete identity, where a complete identity is
               the union of all attribute values of all identities of this person.”
                  If we carefully follow the above table, the information on the left side is PII and can lead to a par-
               ticular person or organization at any time. For example, if health insurance of any particular person is
               disclosed, this will lead to a leak of all health-related information of that person. Eventually, the rest of
               the information related to that person is also obtainable. On the contrary, the information on the right
               side of Table 8.2 (PPII) does not directly expose any identity. For example, blood pressure, height,