This paper investigates how Boolean reasoning can be used to make the recor
ds in a database anonymous. In a medical setting, this is of particular int
erest due to privacy issues and to prevent the possible misuse of confident
ial information. As electronic medical records and medical data repositorie
s get more common and widespread, the issue of making sensitive data anonym
ous becomes increasingly important. A theoretically well-founded algorithm
is proposed that via cell suppression can be used to make a database anonym
ous before releasing or sharing it to the outside world. The degree of anon
ymity can be tailored according to the specific needs of the recipient, and
according to the amount of trust we place in the recipient. Furthermore, t
he required measure of anonymity can be specified as far down as to the ind
ividual objects in the database. The algorithm can also be used for anonymi
zation relative to a particular piece of information, effectively blocking
deterministic inferences about sensitive database fields. (C) 1994 Elsevier
Science B.V. All rights reserved.