Best-practice guides for de-identification
One the most frequent requests I receive is for a recommendation of resources on best-practices for de-identification. Below you’ll find my usual suggestions.
One of the first recommendations (and I’ll admit to being biased) is the book Anonymizing Health Data. It was one of the first pieces I read when coming on board at Privacy Analytics. The first two chapters provide excellent introductory reading into the subject and are especially relevant for those whose world revolves around health data. The book also covers a lot of issues including policy, legal and practical issues around de-identification.
Our De-Id University is also great for resource for those looking into de-identification, regardless of what level of understanding you have on de-identification, data masking or data anonymization. To name a few: there is a great white paper series called De-Id 101 – 401 that covers de-id from beginning to end. For those with more advanced knowledge we have the great Definitive Guide to De-Identification and the De-Identification Maturity Model. Our Q and A series of webinars also cover a lot of the most frequently asked questions.
The next area I want to focus on is the amount of standards that have been recently released and that may be of great interest to those looking to implement de-id solutions. Some of them focus on different types of data but in general, they tend to be consistent with each other. For example, there is the Institute of Medicine (IOM) report, which contains an appendix on de-identification and the U.K. Information Commissioner’s office code of practice on anonymization. Additionally, there is the Pharmaceutical Users Software Exchange (PhUSE) de-identification standard and that of Trancelerate. There are the HIPAA guidelines and The HITRUST Alliance which recently published a framework for de-identification. From Canada, there is the Council of Canadian Academies which talks about sharing health data with description of de-identification practices and then a couple of other standards pertaining to clinical trials.
Finally, there’s the “learn from the experts” route. Privacy Analytics offers training services focussed on building de-identification expertise. It consists of a two-day re-identification risk management methodology course, hands-on workshop, remote coaching and exam. Upon successfully de-identifying two datasets under Privacy Analytics’ direction, you will have acquired the necessary training and skills to perform de-identification using the HIPAA Expert Determination method.
- Turn Data Assets into Business Opportunity Under CCPADecember 19, 2019
- Can you comply your way to greatness?November 21, 2019
- When to Integrate Anonymization of Documents and DataSeptember 26, 2019
- Deep-Diving into Re-identification: Perspectives On An Article In Nature CommunicationsSeptember 26, 2019
- Learning at Scale: Anonymizing Unstructured Data using AI/MLSeptember 26, 2019
- GDPR and The Future of Clinical Trials Data SharingMarch 18, 2019
- Advancing Principled Data Practices in Support of Emerging TechnologiesMarch 15, 2019
- “Zero Risk Does Not Exist”February 7, 2019
- Is Anonymization Possible with Current Technologies?January 9, 2019
- Comparing the benefits of pseudonymisation and anonymisation under the GDPRDecember 20, 2018