Best-practice guides for de-identification

One the most frequent requests I receive is for a recommendation of resources on best-practices for de-identification. Below you’ll find my usual suggestions.

One of the first recommendations (and I’ll admit to being biased) is the book Anonymizing Health Data. It was one of the first pieces I read when coming on board at Privacy Analytics. The first two chapters provide excellent introductory reading into the subject and are especially relevant for those whose world revolves around health data. The book also covers a lot of issues including policy, legal and practical issues around de-identification.

Our De-Id University is also great for resource for those looking into de-identification, regardless of what level of understanding you have on de-identification, data masking or data anonymization. To name a few: there is a great white paper series called De-Id 101 – 401 that covers de-id from beginning to end. For those with more advanced knowledge we have the great Definitive Guide to De-Identification and the De-Identification Maturity Model. Our Q and A series of webinars also cover a lot of the most frequently asked questions.

The next area I want to focus on is the amount of standards that have been recently released and that may be of great interest to those looking to implement de-id solutions. Some of them focus on different types of data but in general, they tend to be consistent with each other. For example, there is the Institute of Medicine (IOM) report, which contains an appendix on de-identification and the U.K. Information Commissioner’s office code of practice on anonymization. Additionally, there is the Pharmaceutical Users Software Exchange (PhUSE) de-identification standard and that of Trancelerate. There are the HIPAA guidelines and The HITRUST Alliance which recently published a framework for de-identification. From Canada, there is the Council of Canadian Academies which talks about sharing health data with description of de-identification practices and then a couple of other standards pertaining to clinical trials.

Finally, there’s the “learn from the experts” route. Privacy Analytics offers training services focussed on building de-identification expertise. It consists of a two-day re-identification risk management methodology course, hands-on workshop, remote coaching and exam. Upon successfully de-identifying two datasets under Privacy Analytics’ direction, you will have acquired the necessary training and skills to perform de-identification using the HIPAA Expert Determination method.

@swehbe

Free Webinar: De-Identification 101

Join Privacy Analytics for a high level introduction of de-identification and data masking.
Watch now

Free Download: De-Id 101

You have Successfully Subscribed!